Even apps that are installed but not used can access sensitive personal data
FRANKFURT. More and more applications (apps) for smartphones are available that are able to access personal data without the user’s knowledge. Researchers at the Goethe University Frankfurt have now developed an app which detects data privacy risks and puts users back in control of what their installed apps do.
The unstoppable spread of smartphones brings an increasing number of apps that are on the one hand useful but on the other hand precarious in terms of data privacy, for example in the areas of transportation, e-health, etc. There is meanwhile even the term “smartphone ecosystems” as a consequence of this widespread connectivity. Accordingly, users wanting to use an app are often obliged to reveal their personal data. As a result, data privacy is becoming one of the most important challenges in this rapidly growing market.
“There are companies that sell smartphone users’ personal data to the advertising agencies. Individuals who blindly share photos, videos, email addresses, credit card details or home/work location via insecure apps are also vulnerable to blackmail,” explains computer scientist Majid Hatamian, doctoral researcher at the “Deutsche Telekom Chair of Mobile Business & Multilateral Security” of Goethe University Frankfurt. From his experience, most users are shocked when they discover how much personal information is being passed on without their knowledge and consent.
That is why Hatamian, who has Iranian roots, has developed an app for Android users that shows which personal data are accessed by an installed app, at what time, how often and for what reason. The “Android App Behaviour Analyser (A3)” is a tool that analyses and detects those apps which could misuse personal data. Through extensive experimental analysis, Hatamian was able to show that a considerable number of apps, which were installed but had not been used even once, still passed on and accessed user’s sensitive personal data.
Goethe University Frankfurt (Dr. Jetzabel Serna and Prof. Kai Rannenberg) and RheinMain University of Applied Sciences (Prof. Bodo Igler) were responsible for the project’s scientific coordination. It was financed from the "Privacy&Us" project under the EU’s Marie Skłodowska-Curie programme. The results of the study, which were announced in 2017 at the
14th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2017), have now been published and are publicly available.
Publication: Hatamian M., Serna J., Rannenberg K., Igler B. (2017) FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps. In: Lopez J., Fischer-Hübner S., Lambrinoudakis C. (eds.) Trust, Privacy and Security in Digital Business. TrustBus 2017. Lecture Notes in Computer Science, Vol. 10442. Springer, Cham
Further information: Majid Hatamian, Deutsche Telekom Chair of Mobile Business & Multilateral Security, Faculty of Economics and Business Administration, Westend Campus, Tel.: +49(0)69-798-34662; firstname.lastname@example.org