On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps

Zhang, Zicheng

doi:10.1145/3471621.3471625

Cited by 6 publications

(1 citation statement)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, this task is not trivial. Many Android apps rely on WebViews to show online content (e.g., ads [64]) or provide in-app browsing functionality often part of social networks [78,133]. Thus we need a way to differentiate those from actual browsers.…”

Section: Mobile Browser Datasetmentioning

confidence: 99%

Not Your Average App: A Large-scale Privacy Analysis of Android Browsers

Pradeep

Feal

Gamba

et al. 2023

PoPETs

View full text Add to dashboard Cite

The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, they can have access to (and can expose) a unique combination of sensitive user data, from users’ browsing history to permission-protected personally identifiable information (PII) such as unique identifiers and geolocation. However, on the other end, they also are in a unique position to protect users’ privacy by limiting data sharing with other parties by implementing ad-blocking features. In this paper, we perform a comparative and empirical analysis on how hundreds of Android web browsers protect or expose user data during browsing sessions. To this end, we collect the largest dataset of Android browsers to date, from the Google Play Store and four Chinese app stores. Then, we developed a novel analysis pipeline that combines static and dynamic analysis methods to find a wide range of privacy-enhancing (e.g., ad-blocking) and privacy-harming behaviors (e.g., sending browsing histories to third parties, not validating TLS certificates, and exposing PII---including non-resettable identifiers---to third parties) across browsers. We find that various popular apps on both Google Play and Chinese stores have these privacy-harming behaviors, including apps that claim to be privacy-enhancing in their descriptions. Overall, our study not only provides new insights into important yet overlooked considerations for browsers’ adoption and transparency, but also that automatic app analysis systems (e.g., sandboxes) need context-specific analysis to reveal such privacy behaviors.

show abstract

Section: Mobile Browser Datasetmentioning

confidence: 99%