MM
Uploaded byMays Mrayyan
PPTX, PDF878 views

Privacy on Mobile Apps

The document discusses privacy issues related to mobile apps. It notes that mobile apps collect large amounts of personal data from users through devices' sensors and capabilities. Many users uninstall apps due to privacy concerns over how their data is collected and shared. The document also outlines challenges in the mobile app ecosystem regarding privacy policies, permission models, and ensuring user data is handled according to legal and regulatory standards.

Mobileâ—¦

Embed presentation

Downloaded 12 times
Privacy in Mobile Apps  Mobile Apps are software programs designed to run on mobile devices operating system such as phone, tablet or watch.  Mobile Apps have become more embedded in consumer’s daily life which collect, use and share of users’ personal data.  More than half of app users have uninstalled or decided to not install an app due to concerns about personal information.
Using Computers and Smartphones 0% 50% 100% 150% 2013 2014 2015 2017 United Kingdom Japan USA 0% 20% 40% 60% 80% 100% 2013 2014 2015 2017 United Kingdom Japan USA Figure 1: percentage of people who use smartphones. Figure 2: percentage of people who use computers. Source : https://www.consumerbarometer.com
Weekly Smartphone Online Activities 0% 20% 40% 60% 80% 100% Use search engines Visit social networks Play games Watch online videos Purchase products/services Look for product information India UAE USA Japan United Kingdom Figure 3: Weekly Smartphone Online Activities(Source: https://www.consumerbarometer.com)
Privacy Policy in Mobile Apps  Privacy Policy is a legal document that explains what data you collect, how you use it and with whom you share it.  Both IOS App Store and Android Google Play Platform require apps that collect personal data to have a privacy policy.  Percentage of top apps that have privacy policy is increasing.  Free apps that provided privacy policy are more than paid apps.  Only 71% of top apps (free and paid) in 2016 provided a link to their privacy policy from the app’s listing page on the IOS App Store or Google Play Platform.
Top Apps that have a Privacy Policy 0% 20% 40% 60% 80% 100% 2011 2012 2016 Free and Paid Free Apps Paid Apps 0% 20% 40% 60% 80% 100% 120% Free and Paid Free Apps Paid Apps
Top Apps with a Link to a Privacy Policy on the App Listing Page 2016 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% IOS App Store Android Google Play All Platforms Free and Paid Free Apps Paid Apps
Best Practices for Privacy Policy ď‚— Make your privacy policy clear and specific. ď‚— Make you privacy policy accessible by providing a hyperlink to it prior download from the app store linking or in the sign up page and place your privacy policy in a prominent location. ď‚— Make your privacy policy up-to-date as your data usage practices changes and tell users what has changed. ď‚— Post updated privacy policies prior to implementing the new data use practices to give users time to notice and understand the change. ď‚— Obtain new permission if you make material changes to your data policies and practices that will apply to previously- collected data.
Privacy and Data Protection Risks  Privacy and data protection risks that are relating to using of mobile devices come from the following:  Variety of data and multiple sensors: where mobile devices can access to various and huge amount of data that can be generates by embedded sensors.  Mobile devices are always on: and connected to network which make users perfect target for trackers.  Different types of identifier: such as device hardware ID, stored files, metadata or fingerprint.  Possibility of tracking: such as cross domain, cross device and cross app tracking that introduce new privacy concerns.  Limited physical security.  Limited user interfaces: for example privacy policies are more difficult to read on smartphones that can be enhanced using colors and symbols and using layered approach where the most important points are summarized.  Limitations of app developers: where apps are often developed by a small number of developers, with limited expertise.  Use of third-party software: where the developer can use third-party library to do some functions. These library collect data for their own use from different mobile apps and they are often closed-source and can’t be analyzed.  App market: where the app stores have to filter out the apps to prevent malicious or fake ones.  Cloud storage: where apps often store personal information in the cloud.  Online Social Networks: where apps often give option to the user to share his personal information with others users (as in social media).
Challenges in Mobile App Ecosystem ď‚— Permission models can be classified as follows: ď‚— Static Permissions: that are managed by users upon app installation. ď‚— Dynamic Permission: that are prompted during the app runtime. ď‚— Custom Permissions: that can be set between different apps belonging to the same organizations. ď‚— Third-Party Library Permissions: that are managed by the app libraries used by the developers. ď‚— The main problems associated with permission can be summarized as follows: ď‚— Permission comprehension and attention by user: where users have limited understanding of potential risks of enabling permissions. ď‚— Permission comprehension and attention by app developer: where they may amplify bad security decisions at the platform level or demand more permissions than needed. ď‚— Permission comprehension and attention by IDE and OS developers.
Challenges in Mobile App Ecosystem ď‚— Following are common issues in mobile apps that clearly violate a number of data protection rules: ď‚— Pre-installed or OEM apps in android are automatically granted all the required permission. ď‚— in most time, end user have to give all the necessary permissions in order to be able to use a certain app. ď‚— Permissions are not a one-to-one mapping with the actual methods exposed by the API to manage the permissions (for example access to camera may also granted access to photos automatically). ď‚— Certain apps may require more permissions than actually needed to functioning properly. ď‚— Certain APIs may introduce security flaws by not providing full control over the resources of the mobile device, therefore exposing certain personal information stored in the mobile device to all the apps.
From Legal and Regulatory Aspects  Data protection framework will be applied after app developer collect data from device and its user ,unless personal data is fully anonymized.  In mobile apps, the app provider considered as data controller and have obligations for lawful, fair and transparent processing of personal data and respect for data subject rights.  The app provider maybe different from the app developer, where the app developer would have the technical role and the legal responsibility will remain on the app provider.  Processing of personal data should apply data protection principles to face challenges of security and privacy in the area of mobile app, which are:  Lawfulness, fairness and transparency.  Purpose limitation: where it’s common that app developer collect data for general purposes which’s not sufficient.  Data minimization: where personal data shall be adequate, relevant and limited to what is necessary for the purposes for which they are processed.  Accuracy: where personal data shall be accurate and up to date.  Storage limitation: where personal data shall be kept for no longer than is necessary for the purposes for which the personal data are processed.  Integrity and confidentiality: where the data controller shall implement appropriate technical and organizational measures to achieve that.
References ď‚— https://s3.amazonaws.com/academia.edu.documents/42723605/Report_No_P RIVACY_MOBILE_SISTE_FEB.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53U L3A&Expires=1527412469&Signature=UGJwXurvF%2Ba9FTjXKwKLOqZ4Pvo% 3D&response-content- disposition=inline%3B%20filename%3DPrivacy_in_Mobile_Apps_Measuring_ Privacy.pdf ď‚— https://www.consumerbarometer.com ď‚— https://developer.apple.com/app-store/review/guidelines/#privacy ď‚— https://play.google.com/about/privacy-security-deception/personal-sensitive/ ď‚— https://fpf.org/wp-content/uploads/2016/08/2016-FPF-Mobile-Apps- Study_final.pdf ď‚— http://www.pewinternet.org/files/old- media/Files/Reports/2012/PIP_MobilePrivacyManagement.pdf ď‚— https://www.enisa.europa.eu/publications/privacy-and-data-protection-in- mobile-applications ď‚— https://www.cdt.org/files/pdfs/Best-Practices-Mobile-App-Developers.pdf

More Related Content

PDF
Fundamentals of IoT Security
bySHAAMILIVARSAGV
 
PPTX
FAKE NEWS DETECTION (1).pptx
bySrivarshiniInakollu
 
PPTX
Mobile app privacy
byLeo Lau
 
PPTX
Cyber security presentation
byParab Mishra
 
PDF
Mobile Security
byMarketingArrowECS_CZ
 
PPTX
Smartphone security
byManish Gupta
 
PPTX
Mobile security
byHimmatsingh Rajpurohit
 
PPTX
Iot security and Authentication solution
byPradeep Jeswani
 
Fundamentals of IoT Security
bySHAAMILIVARSAGV
 
FAKE NEWS DETECTION (1).pptx
bySrivarshiniInakollu
 
Mobile app privacy
byLeo Lau
 
Cyber security presentation
byParab Mishra
 
Mobile Security
byMarketingArrowECS_CZ
 
Smartphone security
byManish Gupta
 
Mobile security
byHimmatsingh Rajpurohit
 
Iot security and Authentication solution
byPradeep Jeswani
 

What's hot

PPTX
CYBER SECURITY
byVaishak Chandran
 
PPTX
Malware ppt
byFaiz Khan
 
PPTX
Social Networking Security
byS. M. Shakib Limon
 
PPTX
Mobile security in Cyber Security
byGeo Marian
 
PPTX
Packet sniffers
byRavi Teja Reddy
 
PPTX
Mobile security
bydilipdubey5
 
PPTX
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
PPTX
Network attacks
byManjushree Mashal
 
PDF
Ensuring Mobile Device Security
byQuick Heal Technologies Ltd.
 
PPTX
Security Awareness Training.pptx
byMohammedYaseen638128
 
PPTX
final presentation fake news detection.pptx
byRudraSaraswat6
 
PPTX
Cyber security ppt
byCH Asim Zubair
 
PPTX
Mobile security
bypriyanka pandey
 
PDF
Cyber security
byBhavin Shah
 
PPTX
Mobile security
byCyberoamAcademy
 
PPTX
Cyber Security Awareness Program.pptx
byDinesh582831
 
ODP
Cyber Security for Financial Institutions
byKhawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
E mail Investigation
byDr Raghu Khimani
 
PPTX
Phishing Presentation
byNikolaos Georgitsopoulos
 
PPTX
Social Media Cyber Security Awareness Briefing
byDepartment of Defense
 
CYBER SECURITY
byVaishak Chandran
 
Malware ppt
byFaiz Khan
 
Social Networking Security
byS. M. Shakib Limon
 
Mobile security in Cyber Security
byGeo Marian
 
Packet sniffers
byRavi Teja Reddy
 
Mobile security
bydilipdubey5
 
phishing-awareness-powerpoint.pptx
byvdgtkhdh
 
Network attacks
byManjushree Mashal
 
Ensuring Mobile Device Security
byQuick Heal Technologies Ltd.
 
Security Awareness Training.pptx
byMohammedYaseen638128
 
final presentation fake news detection.pptx
byRudraSaraswat6
 
Cyber security ppt
byCH Asim Zubair
 
Mobile security
bypriyanka pandey
 
Cyber security
byBhavin Shah
 
Mobile security
byCyberoamAcademy
 
Cyber Security Awareness Program.pptx
byDinesh582831
 
Cyber Security for Financial Institutions
byKhawar Nehal khawar.nehal@atrc.net.pk
 
E mail Investigation
byDr Raghu Khimani
 
Phishing Presentation
byNikolaos Georgitsopoulos
 
Social Media Cyber Security Awareness Briefing
byDepartment of Defense
 

Similar to Privacy on Mobile Apps

PPTX
Fostering an Ecosystem for Smartphone Privacy
byJason Hong
 
PDF
Designing for Privacy
byexultantwarning51
 
PDF
Designing for Privacy
bywrathfulplaza6959
 
PPTX
Helping Developers with Privacy
byJason Hong
 
PPTX
The Privacy and Security Behaviors of Smartphone, at USEC 2014
byJason Hong
 
PDF
App Development and Its Privacy Segment.pdf
byMobile App Experts India
 
PDF
App Development and Its Privacy Segment.pdf
byMobile App Experts India
 
PPTX
App Privacy
byConnectSafely
 
PDF
Ft cmobileprivacyreport
byGreg Sterling
 
PPTX
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
byJason Hong
 
PPTX
PRESENTATION DATA PROTECTION CONFERENCE ASIAN LEGAL BUSINESS (ALB) 2014 KUALA...
byNorshidah Mohamed
 
PPTX
Mobileprivacyazahir
byAzahir Hifzalla
 
PDF
CNIT 128 8: Mobile development security
bySam Bowne
 
PDF
Over The Air 2010: Privacy for Mobile Developers
byRicardo Varela
 
PPT
How to Analyze the Privacy of 750000 Smartphone Apps
byJason Hong
 
PDF
Mobile Apps - Legal and Practical Considerations
byJason Haislmaier
 
PDF
Golden Gekko, 10 burning questions on privacy
byDMI
 
PPTX
Protection of users mobile apps
byioannis iglezakis
 
PPTX
OPENi Privacy by design @Athens hackathon, September 2014
byopeni_ict
 
PPT
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
byBrian Heidelberger
 
Fostering an Ecosystem for Smartphone Privacy
byJason Hong
 
Designing for Privacy
byexultantwarning51
 
Designing for Privacy
bywrathfulplaza6959
 
Helping Developers with Privacy
byJason Hong
 
The Privacy and Security Behaviors of Smartphone, at USEC 2014
byJason Hong
 
App Development and Its Privacy Segment.pdf
byMobile App Experts India
 
App Development and Its Privacy Segment.pdf
byMobile App Experts India
 
App Privacy
byConnectSafely
 
Ft cmobileprivacyreport
byGreg Sterling
 
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
byJason Hong
 
PRESENTATION DATA PROTECTION CONFERENCE ASIAN LEGAL BUSINESS (ALB) 2014 KUALA...
byNorshidah Mohamed
 
Mobileprivacyazahir
byAzahir Hifzalla
 
CNIT 128 8: Mobile development security
bySam Bowne
 
Over The Air 2010: Privacy for Mobile Developers
byRicardo Varela
 
How to Analyze the Privacy of 750000 Smartphone Apps
byJason Hong
 
Mobile Apps - Legal and Practical Considerations
byJason Haislmaier
 
Golden Gekko, 10 burning questions on privacy
byDMI
 
Protection of users mobile apps
byioannis iglezakis
 
OPENi Privacy by design @Athens hackathon, September 2014
byopeni_ict
 
Brands Using Apps - What You Legally Need to Know - Ad Age Mini Law Lesson
byBrian Heidelberger
 

Privacy on Mobile Apps

  • 1.
    Privacy in MobileApps  Mobile Apps are software programs designed to run on mobile devices operating system such as phone, tablet or watch.  Mobile Apps have become more embedded in consumer’s daily life which collect, use and share of users’ personal data.  More than half of app users have uninstalled or decided to not install an app due to concerns about personal information.
  • 2.
    Using Computers andSmartphones 0% 50% 100% 150% 2013 2014 2015 2017 United Kingdom Japan USA 0% 20% 40% 60% 80% 100% 2013 2014 2015 2017 United Kingdom Japan USA Figure 1: percentage of people who use smartphones. Figure 2: percentage of people who use computers. Source : https://www.consumerbarometer.com
  • 3.
    Weekly Smartphone OnlineActivities 0% 20% 40% 60% 80% 100% Use search engines Visit social networks Play games Watch online videos Purchase products/services Look for product information India UAE USA Japan United Kingdom Figure 3: Weekly Smartphone Online Activities(Source: https://www.consumerbarometer.com)
  • 4.
    Privacy Policy inMobile Apps  Privacy Policy is a legal document that explains what data you collect, how you use it and with whom you share it.  Both IOS App Store and Android Google Play Platform require apps that collect personal data to have a privacy policy.  Percentage of top apps that have privacy policy is increasing.  Free apps that provided privacy policy are more than paid apps.  Only 71% of top apps (free and paid) in 2016 provided a link to their privacy policy from the app’s listing page on the IOS App Store or Google Play Platform.
  • 5.
    Top Apps thathave a Privacy Policy 0% 20% 40% 60% 80% 100% 2011 2012 2016 Free and Paid Free Apps Paid Apps 0% 20% 40% 60% 80% 100% 120% Free and Paid Free Apps Paid Apps
  • 6.
    Top Apps witha Link to a Privacy Policy on the App Listing Page 2016 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% IOS App Store Android Google Play All Platforms Free and Paid Free Apps Paid Apps
  • 7.
    Best Practices forPrivacy Policy ď‚— Make your privacy policy clear and specific. ď‚— Make you privacy policy accessible by providing a hyperlink to it prior download from the app store linking or in the sign up page and place your privacy policy in a prominent location. ď‚— Make your privacy policy up-to-date as your data usage practices changes and tell users what has changed. ď‚— Post updated privacy policies prior to implementing the new data use practices to give users time to notice and understand the change. ď‚— Obtain new permission if you make material changes to your data policies and practices that will apply to previously- collected data.
  • 8.
    Privacy and DataProtection Risks  Privacy and data protection risks that are relating to using of mobile devices come from the following:  Variety of data and multiple sensors: where mobile devices can access to various and huge amount of data that can be generates by embedded sensors.  Mobile devices are always on: and connected to network which make users perfect target for trackers.  Different types of identifier: such as device hardware ID, stored files, metadata or fingerprint.  Possibility of tracking: such as cross domain, cross device and cross app tracking that introduce new privacy concerns.  Limited physical security.  Limited user interfaces: for example privacy policies are more difficult to read on smartphones that can be enhanced using colors and symbols and using layered approach where the most important points are summarized.  Limitations of app developers: where apps are often developed by a small number of developers, with limited expertise.  Use of third-party software: where the developer can use third-party library to do some functions. These library collect data for their own use from different mobile apps and they are often closed-source and can’t be analyzed.  App market: where the app stores have to filter out the apps to prevent malicious or fake ones.  Cloud storage: where apps often store personal information in the cloud.  Online Social Networks: where apps often give option to the user to share his personal information with others users (as in social media).
  • 9.
    Challenges in MobileApp Ecosystem ď‚— Permission models can be classified as follows: ď‚— Static Permissions: that are managed by users upon app installation. ď‚— Dynamic Permission: that are prompted during the app runtime. ď‚— Custom Permissions: that can be set between different apps belonging to the same organizations. ď‚— Third-Party Library Permissions: that are managed by the app libraries used by the developers. ď‚— The main problems associated with permission can be summarized as follows: ď‚— Permission comprehension and attention by user: where users have limited understanding of potential risks of enabling permissions. ď‚— Permission comprehension and attention by app developer: where they may amplify bad security decisions at the platform level or demand more permissions than needed. ď‚— Permission comprehension and attention by IDE and OS developers.
  • 10.
    Challenges in MobileApp Ecosystem ď‚— Following are common issues in mobile apps that clearly violate a number of data protection rules: ď‚— Pre-installed or OEM apps in android are automatically granted all the required permission. ď‚— in most time, end user have to give all the necessary permissions in order to be able to use a certain app. ď‚— Permissions are not a one-to-one mapping with the actual methods exposed by the API to manage the permissions (for example access to camera may also granted access to photos automatically). ď‚— Certain apps may require more permissions than actually needed to functioning properly. ď‚— Certain APIs may introduce security flaws by not providing full control over the resources of the mobile device, therefore exposing certain personal information stored in the mobile device to all the apps.
  • 11.
    From Legal andRegulatory Aspects  Data protection framework will be applied after app developer collect data from device and its user ,unless personal data is fully anonymized.  In mobile apps, the app provider considered as data controller and have obligations for lawful, fair and transparent processing of personal data and respect for data subject rights.  The app provider maybe different from the app developer, where the app developer would have the technical role and the legal responsibility will remain on the app provider.  Processing of personal data should apply data protection principles to face challenges of security and privacy in the area of mobile app, which are:  Lawfulness, fairness and transparency.  Purpose limitation: where it’s common that app developer collect data for general purposes which’s not sufficient.  Data minimization: where personal data shall be adequate, relevant and limited to what is necessary for the purposes for which they are processed.  Accuracy: where personal data shall be accurate and up to date.  Storage limitation: where personal data shall be kept for no longer than is necessary for the purposes for which the personal data are processed.  Integrity and confidentiality: where the data controller shall implement appropriate technical and organizational measures to achieve that.
  • 12.
    References ď‚— https://s3.amazonaws.com/academia.edu.documents/42723605/Report_No_P RIVACY_MOBILE_SISTE_FEB.pdf?AWSAccessKeyId=AKIAIWOWYYGZ2Y53U L3A&Expires=1527412469&Signature=UGJwXurvF%2Ba9FTjXKwKLOqZ4Pvo% 3D&response-content- disposition=inline%3B%20filename%3DPrivacy_in_Mobile_Apps_Measuring_ Privacy.pdf ď‚— https://www.consumerbarometer.com ď‚—https://developer.apple.com/app-store/review/guidelines/#privacy ď‚— https://play.google.com/about/privacy-security-deception/personal-sensitive/ ď‚— https://fpf.org/wp-content/uploads/2016/08/2016-FPF-Mobile-Apps- Study_final.pdf ď‚— http://www.pewinternet.org/files/old- media/Files/Reports/2012/PIP_MobilePrivacyManagement.pdf ď‚— https://www.enisa.europa.eu/publications/privacy-and-data-protection-in- mobile-applications ď‚— https://www.cdt.org/files/pdfs/Best-Practices-Mobile-App-Developers.pdf