Mobile applications (hereafter, apps) collect a plethora of information regarding the user behavior and his device through third-party analytics libraries. However, the collection and usage of such data raised several privacy concerns, mainly because the end-user - i.e., the actual owner of the data - is out of the loop in this collection process. Also, the existing privacy-enhanced solutions that emerged in the last years follow an "all or nothing" approach, leaving the user the sole option to accept or completely deny the access to privacy-related data. This work has the two-fold objective of assessing the privacy implications on the usage of analytics libraries in mobile apps and proposing a data anonymization methodology that enables a trade-off between the utility and privacy of the collected data and gives the user complete control over the sharing process. To achieve that, we present an empirical privacy assessment on the analytics libraries contained in the 4500 most-used Android apps of the Google Play Store between November 2020 and January 2021. Then, we propose an empowered anonymization methodology, based on MobHide, that gives the end-user complete control over the collection and anonymization process. Finally, we empirically demonstrate the applicability and effectiveness of such anonymization methodology thanks to HideDroid, a fully-fledged anonymization app for the Android ecosystem.
翻译:移动应用程序(以下称“应用程序”)通过第三方分析图书馆收集了大量关于用户行为及其设备的信息(以下称“应用程序”),然而,这些数据的收集和使用引起了若干隐私关切,主要是因为最终用户(即数据的实际所有者)在这一收集过程中已经脱离了循环。此外,过去几年中出现的加强隐私的现有解决方案遵循了“万无一物”的方法,使用户唯一选择是接受或完全拒绝获取与隐私有关的数据。这项工作的双重目标是评估对移动应用程序使用分析图书馆的隐私影响,并提出数据匿名化方法,使所收集的数据在效用和隐私之间实现交换,并使用户完全控制共享过程。为了实现这一点,我们对谷歌游戏商店4500个最常用的机器人应用程序(即2020年11月至2021年1月)中所含的分析图书馆进行了实证隐私权评估。然后,我们提出了基于MobHide应用程序的增强匿名图书馆使用权的匿名化方法,并提出了数据匿名化方法,使所收集数据的效用与隐私之间能够进行交换,从而充分展示了最终用户系统化的系统化。