How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?Technical
Mobile application (app) developers commonly utilize analytic services to analyze their app users’ behavior to support debugging, service quality, and advertising. Anonymization and aggregation can reduce the sensitivity of behavioral data, and analytic services may encourage the use of these protections, however, developers can misconfigure the analytic services and expose personal information to greater privacy risk. Since people use apps in every aspect of their daily lives, apps may contain a lot of personal information, such as a user’s real-time location, health data, or dating preferences. To study this issue and identify potential privacy risks due to such misconfigurations, we developed a semi-automated approach, Privacy-Aware Analytics Misconfiguration Detector (PAMDroid), which enables the empirical analysis of modern analytic service practices. This paper describes a study of 1,000 top apps using top analytic services using PAMDroid in which we found misconfigurations in 120 apps, among which, 52 apps also cause a violation of either the analytic service providers’ terms of service or the app’s own privacy policy.
Thu 9 Jul Times are displayed in time zone: (UTC) Coordinated Universal Time change
01:05 - 02:05: P16-Security and LearningPaper Presentations / Technical Papers / Journal First at Baekje Chair(s): Lingming ZhangThe University of Texas at Dallas | |||
01:05 - 01:17 Talk | Software Visualization and Deep Transfer Learning for Effective Software Defect PredictionTechnical Technical Papers Jinyin ChenCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Keke HuCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Yue YuCollege of Computer, National University of Defense Technology, Changsha 410073, China, Zhuangzhi ChenCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Qi XuanInstitute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023, China, Yi LiuInstitute of Process Equipment and Control Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Vladimir FilkovUniversity of California at Davis, USA | ||
01:17 - 01:25 Talk | Easy-to-Deploy API Extraction by Multi-Level Feature Embedding and Transfer LearningJ1 Journal First Suyu MaMonash University, Zhenchang XingAustralia National University, Chunyang ChenMonash University, Cheng ChenPricewaterhouseCoopers Firm, Lizhen QuMonash University, Guoqiang LiShanghai Jiao Tong University | ||
01:25 - 01:37 Talk | How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?Technical Technical Papers Xueling ZhangUniversity of Texas at San Antonio, Xiaoyin WangUniversity of Texas at San Antonio, USA, Rocky SlavinUniversity of Texas at San Antonio, Travis BreauxCarnegie Mellon University, Jianwei NiuUniversity of Texas at San Antonio | ||
01:37 - 01:49 Talk | Securing UnSafe Rust Programs with XRust Technical Papers | ||
01:49 - 02:01 Talk | Is Rust Used Safely by Software Developers?Technical Technical Papers Ana Nora EvansUniversity of Virginia, USA, Bradford CampbellUniversity of Virginia, Mary Lou SoffaUniversity of Virginia |