Show simple item record

dc.contributor.authorFeal, Álvaro 
dc.contributor.authorCalciati, Paolo
dc.contributor.authorVallina-Rodriguez, Narseo 
dc.contributor.authorTroncoso, Carmela
dc.contributor.authorGorla, Alessandra
dc.date.accessioned2021-07-13T09:40:46Z
dc.date.available2021-07-13T09:40:46Z
dc.date.issued2020-07-14
dc.identifier.urihttp://hdl.handle.net/20.500.12761/775
dc.description.abstractAndroid parental control applications are used by parents to monitor and limit their children’s mobile behaviour (e.g., mobile apps use, Internet browsing, calls, and text messages). In order to offer this service, parental control apps require access to sensitive data and system resources which may significantly reduce the dangers associated with kids’ online activities, but it also raises important privacy concerns which are overlooked by European security centers providing recommendations to the public. We conduct the first in-depth study of the Android parental control applications ecosystem from a privacy and regulatory point of view. We exhaustively study 46 apps which have a combined 20M installs in the Google Play Store. Using a combination of static and dynamic analysis we find that, among others: these apps are on average more permission-hungry than the top 150 apps in the Google Play Store, and tend to request more dangerous permissions with new releases; 11% of the apps transmit personal data in the clear; 34% of the apps gather and send personal information without appropriate consent; and 72% of the apps share data with third parties (including online advertising and analytics services) without mentioning their presence in the apps’ privacy policies. In summary, parental control applications lack of transparency and lack of compliance with regulatory requirements can have severe implications for children’s privacy. Therefore, it is necessary to develop stricter auditing tools that incorporate transparency and privacy risk analysis before recommending their use to concerned parents.
dc.language.isoeng
dc.titleAngel or Devil? A Privacy Study of Mobile Parental Control Appsen
dc.typeconference object
dc.conference.date14–18 July 2020
dc.conference.placeMontreal, Canada
dc.conference.titleThe 20th Privacy Enhancing Technologies Symposium (PETS 2020)*
dc.event.typeconference
dc.journal.titleProceedings of Privacy Enhancing Technologies (PoPETS)
dc.pres.typepaper
dc.rights.accessRightsopen access
dc.volume.number2020
dc.description.refereedTRUE
dc.description.statuspub
dc.eprint.idhttp://eprints.networks.imdea.org/id/eprint/2080


Files in this item

This item appears in the following Collection(s)

Show simple item record