Mobile App Privacy Analysis at Scale

Mobile platforms have enabled third-party app ecosystems that provide users with an endless supply of rich content. At the same time, mobile devices present very serious privacy risks: their ability to capture real-time data about our behaviors and preferences has created a marketplace for user data that most consumers are simply unaware of. In this talk, I will present research that my research group has conducted to automatically examine the privacy behaviors of mobile apps. Using analysis tools that we developed, we have tested over 80,000 of the most popular Android apps to examine what data they access and with whom they share it. I will present data on how mobile apps are tracking and profiling users, how these practices are often against users' expectations and public disclosures, and how app developers may be violating various privacy regulations.

The main takeaway from this talk is that there are many stakeholders who can be doing more to improve privacy on mobile platforms: (1) mobile app developers need to better understand the privacy behaviors of the third-party SDKs that they use, as well as to better communicate their privacy practices to their users; (2) the providers of third-party services (e.g., SDKs) and platforms need to do a better job of enforcing their own terms of service; (3) and regulators need tools that allow them to proactively audit compliance.