How Usable Are iOS App Privacy Labels?

Zhang, Shikun; Yan, Feng; Yao, Yaxing; Cranor, Lorrie Faith; Sadeh, Norman

doi:10.56553/popets-2022-0106

Cited by 16 publications

(13 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…"Nutrition labels" for privacy have been discussed [45], particularly, in the IoT space [15,63] and are used on app stores. Apple's privacy labels were found to be useful, though, prone to misconceptions [80] and sometimes inaccurate and misleading [48]. Some apps were shown to violate their label by transmitting data without declaring so [47].…”

Section: Privacy Noticesmentioning

confidence: 99%

Website Data Transparency in the Browser

Zimmeck,

Goldelman,

Kaplan

et al. 2024

PoPETs

View full text Add to dashboard Cite

Data collection by websites and their integrated third parties is often not transparent. We design privacy interfaces for the browser to help people understand who is collecting which data from them. In a proof of concept browser extension, Privacy Pioneer, we implement a privacy popup, a privacy history interface, and a watchlist to notify people when their data is collected. For detecting location data collection, we develop a machine learning model based on TinyBERT, which reaches an average F1 score of 0.94. We supplement our model with deterministic methods to detect trackers, collection of personal data, and other monetization techniques. In a usability study with 100 participants 82% found Privacy Pioneer easy to understand and 90% found it useful indicating the value of privacy interfaces directly integrated in the browser.

show abstract

Section: Privacy Noticesmentioning

confidence: 99%

Website Data Transparency in the Browser

Zimmeck,

Goldelman,

Kaplan

et al. 2024

PoPETs

View full text Add to dashboard Cite

show abstract

“…While both categories refer to the transfer of data from the user's device, the difference lies in the transfer to a third-party. Furthermore, previous research pointed out that this categorisation in different data types confused consumers and developers alike (Gardner et al, 2022;Zhang et al, 2022). It is therefore questionable if the design of both labels would meet the general standard of being intelligible (GDPR, Art.…”

Section: Compliance Of Privacy Labels With the Gdprmentioning

confidence: 99%

“…Additionally, the labels have been analysed from a qualitative perspective to gain insight into how users perceive the new information provision. Recent studies showed that Apple's categorisation of data, such as the difference between "Data used to track you" and "Data linked to you" and certain data subcategories confused users (Zhang et al, 2022) and developers (Gardner et al, 2022). As a consequence, the findings suggest that the general objective of privacy labels, namely, to inform users effectively about data processing practices, is undermined by the several design decisions by the app stores.…”

Section: Compliance Of Privacy Labels With the Gdprmentioning

confidence: 99%

The death of privacy policies: How app stores shape GDPR compliance of apps

Krämer

2024

Internet Policy Review

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) obliges data controllers to inform users about data processing practices. Long criticised for inefficiency, privacy policies face a substantive shift with the recent introduction of privacy labels by the Apple App Store and the Google Play Store. This paper illustrates how privacy disclosures of apps are governed by both the GDPR and the contractual obligations of app stores and is complemented by empirical insights into the privacy disclosures of 845,375 apps from the Apple App Store and 1,657,353 apps from the Google Play Store. While the GDPR allows for the use of privacy labels as a complementary tool next to privacy policies, the design of the privacy labels does not satisfy the standards set in Art. 5(1)(a) GDPR and Art. 12-14 GDPR. The app stores may consequently distort the compliance of apps with data protection laws. The empirical data highlight further problems with the privacy labels. The design of the labels favours disclosures of developers that offer a variety of apps that can process data across different services and contradictory disclosures do not get flagged nor verified by app stores. The paper contributes to the overall discussion of how app stores in their role as intermediaries govern privacy standards and the impact of private sector-led initiatives. Issue 2 Internet Policy Review 13(2) | 2024

show abstract

“…Researchers have studied the usability of APLs from both users' [50] and developers' [31] perspectives. Zhang et al [50] studied 24 iPhone users to understand their experiences, understanding, and perceptions of privacy labels on the app store. They uncovered that users find the labels confusing with unfamiliar terms.…”

Section: Google Data Safety Sectionmentioning

confidence: 99%

“…Researchers have shown the benefit of privacy labels for users, making privacy practices more accessible [50]. However, prior work has also shown that inaccurate labels can exist due to the developer's knowledge gaps or resource limitations [31].…”

Section: Introductionmentioning

confidence: 99%