{"title":"移动应用中第三方用户跟踪的综合研究","authors":"F. Paci, Jacopo Pizzoli, Nicola Zannone","doi":"10.1145/3600160.3605079","DOIUrl":null,"url":null,"abstract":"Third-party tracking is becoming a prevalent practice in mobile app ecosystems. While providing benefits for app developers, this practice also introduces several privacy issues for end-users. The European General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD) mandate that mobile apps must obtain user consent before sharing users’ personal data with third-party trackers. This work presents an empirical study investigating the compliance of 400 popular mobile apps (200 Android apps and their corresponding version for iOS) with the ePD and GDPR requirements on valid consent. Moreover, we determined whether these mobile apps actually enforce the consent given by users on being tracked and which are the more common third-party tracker domains contacted by the apps. The analysis shows that none of the studied apps fully comply with ePD and GDPR requirements on valid consent. The most common violations were associated with the principles of freely-given, specific, and revocable consent. Moreover, we found that almost half of the analyzed apps contact third-party tracker domains even when the user has not given their consent to be tracked.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A Comprehensive Study on Third-Party User Tracking in Mobile Applications\",\"authors\":\"F. Paci, Jacopo Pizzoli, Nicola Zannone\",\"doi\":\"10.1145/3600160.3605079\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Third-party tracking is becoming a prevalent practice in mobile app ecosystems. While providing benefits for app developers, this practice also introduces several privacy issues for end-users. The European General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD) mandate that mobile apps must obtain user consent before sharing users’ personal data with third-party trackers. This work presents an empirical study investigating the compliance of 400 popular mobile apps (200 Android apps and their corresponding version for iOS) with the ePD and GDPR requirements on valid consent. Moreover, we determined whether these mobile apps actually enforce the consent given by users on being tracked and which are the more common third-party tracker domains contacted by the apps. The analysis shows that none of the studied apps fully comply with ePD and GDPR requirements on valid consent. The most common violations were associated with the principles of freely-given, specific, and revocable consent. Moreover, we found that almost half of the analyzed apps contact third-party tracker domains even when the user has not given their consent to be tracked.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3605079\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605079","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Comprehensive Study on Third-Party User Tracking in Mobile Applications
Third-party tracking is becoming a prevalent practice in mobile app ecosystems. While providing benefits for app developers, this practice also introduces several privacy issues for end-users. The European General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD) mandate that mobile apps must obtain user consent before sharing users’ personal data with third-party trackers. This work presents an empirical study investigating the compliance of 400 popular mobile apps (200 Android apps and their corresponding version for iOS) with the ePD and GDPR requirements on valid consent. Moreover, we determined whether these mobile apps actually enforce the consent given by users on being tracked and which are the more common third-party tracker domains contacted by the apps. The analysis shows that none of the studied apps fully comply with ePD and GDPR requirements on valid consent. The most common violations were associated with the principles of freely-given, specific, and revocable consent. Moreover, we found that almost half of the analyzed apps contact third-party tracker domains even when the user has not given their consent to be tracked.