Write a Blog >>
ICSE 2020
Wed 24 June - Thu 16 July 2020
ICSE 2020 (series) / Technical Papers /

How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?

TechnicalArtifact Available
Xueling Zhang, Xiaoyin Wang, Rocky Slavin, Travis Breaux, Jianwei Niu
ICSE 2020 Technical Papers
Thu 9 Jul 2020 01:25 - 01:37 at Baekje - P16-Security and Learning Chair(s): Lingming Zhang

Mobile application (app) developers commonly utilize analytic services to analyze their app users’ behavior to support debugging, service quality, and advertising. Anonymization and aggregation can reduce the sensitivity of behavioral data, and analytic services may encourage the use of these protections, however, developers can misconfigure the analytic services and expose personal information to greater privacy risk. Since people use apps in every aspect of their daily lives, apps may contain a lot of personal information, such as a user’s real-time location, health data, or dating preferences. To study this issue and identify potential privacy risks due to such misconfigurations, we developed a semi-automated approach, Privacy-Aware Analytics Misconfiguration Detector (PAMDroid), which enables the empirical analysis of modern analytic service practices. This paper describes a study of 1,000 top apps using top analytic services using PAMDroid in which we found misconfigurations in 120 apps, among which, 52 apps also cause a violation of either the analytic service providers’ terms of service or the app’s own privacy policy.

small-avatar
Xueling Zhang
University of Texas at San Antonio
Xiaoyin Wang
Xiaoyin Wang
University of Texas at San Antonio, USA
United States
small-avatar
Rocky Slavin
University of Texas at San Antonio
Travis Breaux
Travis Breaux
Carnegie Mellon University
United States
Jianwei Niu
Jianwei Niu
University of Texas at San Antonio
United States

Thu 9 Jul
Times are displayed in time zone: (UTC) Coordinated Universal Time change

01:05 - 02:05: P16-Security and LearningPaper Presentations / Technical Papers / Journal First at Baekje
Chair(s): Lingming ZhangThe University of Texas at Dallas
01:05 - 01:17
Talk		Software Visualization and Deep Transfer Learning for Effective Software Defect PredictionTechnical
Technical Papers
Jinyin ChenCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Keke HuCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Yue YuCollege of Computer, National University of Defense Technology, Changsha 410073, China, Zhuangzhi ChenCollege of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Qi XuanInstitute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310023, China, Yi LiuInstitute of Process Equipment and Control Engineering, Zhejiang University of Technology, Hangzhou 310023, China, Vladimir FilkovUniversity of California at Davis, USA
01:17 - 01:25
Talk		Easy-to-Deploy API Extraction by Multi-Level Feature Embedding and Transfer LearningJ1
Journal First
Suyu MaMonash University, Zhenchang XingAustralia National University, Chunyang ChenMonash University, Cheng ChenPricewaterhouseCoopers Firm, Lizhen QuMonash University, Guoqiang LiShanghai Jiao Tong University
01:25 - 01:37
Talk		How Does Misconfiguration of Analytic Services Compromise Mobile Privacy?TechnicalArtifact Available
Technical Papers
Xueling ZhangUniversity of Texas at San Antonio, Xiaoyin WangUniversity of Texas at San Antonio, USA, Rocky SlavinUniversity of Texas at San Antonio, Travis BreauxCarnegie Mellon University, Jianwei NiuUniversity of Texas at San Antonio
01:37 - 01:49
Talk		Securing UnSafe Rust Programs with XRustArtifact ReusableTechnical
Technical Papers
Peiming LiuTexas A&M University, Gang ZhaoTexas A&m University, Jeff HuangTexas A&M University
01:49 - 02:01
Talk		Is Rust Used Safely by Software Developers?Technical
Technical Papers
Ana Nora EvansUniversity of Virginia, USA, Bradford CampbellUniversity of Virginia, Mary Lou SoffaUniversity of Virginia