Consumers and organizations often rely on permissions requested during the installation of mobile applications (apps) and on official privacy policies to determine how safe an app is and decide whether the app producer is acting ethically or not. This research raises several concerns about the collection and sharing of personal data conducted by mobile apps without the knowledge or consent of the user. The findings of this case study research clearly demonstrate that permissions and privacy policies are not enough to determine how invasive an app is. By analysing six popular mobile apps we demonstrate how extensive amounts of data, which go well beyond the permissions requested of the user, are commonly collected. This study illustrates the effectiveness of our proposed approach, which is based upon a static and dynamic analysis, in addition to a review of privacy policy statements. From a corporate perspective, the outcomes of this study are important to understand how many mobile apps put employees, and intellectual property, at risk. Furthermore, we have highlighted how sensitive information being collected may eventually be used in public or private investigations. Moreover, we have also evidenced how the data being collected is contrary to the developers' privacy policies. The results of this study will assist policymakers who may be concerned with consumer privacy and data collection practices.
Hayes, D., Cappa, F., Le-Khac, N.A. (2020). An effective approach to mobile device management: Security and privacy issues associated with mobile applications. DIGITAL BUSINESS, 1(1) [10.1016/j.digbus.2020.100001].
An effective approach to mobile device management: Security and privacy issues associated with mobile applications
Cappa F.;
2020-01-01
Abstract
Consumers and organizations often rely on permissions requested during the installation of mobile applications (apps) and on official privacy policies to determine how safe an app is and decide whether the app producer is acting ethically or not. This research raises several concerns about the collection and sharing of personal data conducted by mobile apps without the knowledge or consent of the user. The findings of this case study research clearly demonstrate that permissions and privacy policies are not enough to determine how invasive an app is. By analysing six popular mobile apps we demonstrate how extensive amounts of data, which go well beyond the permissions requested of the user, are commonly collected. This study illustrates the effectiveness of our proposed approach, which is based upon a static and dynamic analysis, in addition to a review of privacy policy statements. From a corporate perspective, the outcomes of this study are important to understand how many mobile apps put employees, and intellectual property, at risk. Furthermore, we have highlighted how sensitive information being collected may eventually be used in public or private investigations. Moreover, we have also evidenced how the data being collected is contrary to the developers' privacy policies. The results of this study will assist policymakers who may be concerned with consumer privacy and data collection practices.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
