{"title":"A study on privacy and security aspects of personalised apps","authors":"Stylianos Gerasimou, Konstantinos Limniotis","doi":"10.1007/s10207-024-00887-z","DOIUrl":null,"url":null,"abstract":"<p>This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users’ consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses.\n</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"37 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00887-z","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users’ consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
