Show simple item record

dc.contributor.authorHan, Catherine
dc.contributor.authorReyes, Irwin
dc.contributor.authorFeal, Álvaro 
dc.contributor.authorReardon, Joel
dc.contributor.authorWijesekera, Primal
dc.contributor.authorVallina-Rodriguez, Narseo 
dc.contributor.authorElazari Bar On, Amit
dc.contributor.authorBamberger, Kenneth. A
dc.contributor.authorEgelman, Serge
dc.date.accessioned2021-07-13T09:41:43Z
dc.date.available2021-07-13T09:41:43Z
dc.date.issued2020-07-14
dc.identifier.urihttp://hdl.handle.net/20.500.12761/800
dc.description.abstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one third-party library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.
dc.language.isoeng
dc.titleThe Price is (Not) Right:Comparing Privacy in Free and Paid Appsen
dc.typeconference object
dc.conference.date14–18 July 2020
dc.conference.placeMontreal, Canada
dc.conference.titleThe 20th Privacy Enhancing Technologies Symposium (PETS 2020)*
dc.event.typeconference
dc.pres.typepaper
dc.rights.accessRightsopen access
dc.description.refereedTRUE
dc.description.statuspub
dc.eprint.idhttp://eprints.networks.imdea.org/id/eprint/2121


Files in this item

This item appears in the following Collection(s)

Show simple item record