Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps Abstract The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users’ personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user’s personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users’ personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users’ personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Proceedings on Privacy Enhancing Technologies de Gruyter

Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

Download PDF
14 pages

Loading next page...
 
/lp/de-gruyter/analyzing-remote-server-locations-for-personal-data-transfers-in-c0wvERwwjD
Publisher
de Gruyter
Copyright
Copyright © 2017 by the
ISSN
2299-0984
eISSN
2299-0984
DOI
10.1515/popets-2017-0008
Publisher site
See Article on Publisher Site

Abstract

Abstract The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users’ personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user’s personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users’ personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users’ personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe.

Journal

Proceedings on Privacy Enhancing Technologiesde Gruyter

Published: Jan 1, 2017

References

  • Analyzing privacy leaks in smartphones News
    Jagdish Prasad Achara
  • Tina Amirtha Safe Harbor was for EU privacy : But how safe is US data in Europe http www zdnet com article safe harbor was for eu privacy but how safe is us data ineurope
  • an information - flow tracking system for realtime privacy monitoring on smartphones on
    William Enck
  • Release Worldwide smartphone market will see the first single - digit growth year on record according to idc http www idc com getdoc jsp containerId prUS
    Press
  • Release Worldwide smartphone market will see the first single - digit growth year on record according to idc http www idc com getdoc jsp containerId prUS
    Press
  • Tool https github com JesusFreke smali wiki
    Ben Gruver
  • Thorsten and Spreitzenbarth Slicing Program Slicing for Code In Proceedings of the th ACM on SAC pages New
    Johannes Hoffmann
  • European Parliament Directive ec of the european parliament and of the Council of on the protection of individuals with regard to the processing of personal data and on the free movement of such data http eur lex europa eu eli dir oj
  • automatic security analysis of smartphone applications In Proceedings of the third ACM conference on Data and application security and privacy pages
    Vaibhav Rastogi
  • The Group TCP Dump http www tcpdump org
    Tcpdump
  • automatically detecting potential privacy leaks in android applications on a large scale
    Clint Gibler
  • Dominik Jens Lindemann Obtaining personal data and asking for erasure : Do app vendors and website owners honour your privacy rights
    Herrmann
  • Center ScanDal Static analyzer for detecting privacy leaks in android applications MoST
    Jinyung Kim
  • Court of Justice of the European Union The court of justice declares that the commission s us safe harbour decision is invalid http curia europa eu jcms upload docs application pdf cp en pdf
  • Yves Effective inter - component communication mapping in android with epicc : An essential step towards holistic security analysis Effective Inter - Component Communication Mapping in Android with Epicc : An Essential Step Towards Holistic
    Damien Octeau
  • Raja Rai Co Soot - a Java bytecode optimization framework In Proceedings of the conference of the Centre for Advanced Studies on Collaborative research page IBM
    Vallée
  • Making Succeed Enhancing the CERT Static Taint Analyzer for Android App Sets
    Johnathon Burket
  • an automatic system for revealing ui - based trigger conditions in android applications In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices pages
    Cong Zheng
  • Procedural Reflection in Programming Languages thesis Massachusetts Institute of Technology Laboratory for
    Brian Cantwell Smith
  • and Precise context flow field object - sensitive and lifecycle - aware taint analysis for android apps In volume pages
    Steven Arzt
  • an automatic system for revealing ui - based trigger conditions in android applications In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices pages
    Cong Zheng
  • automatically detecting potential privacy leaks in android applications on a large scale
    Clint Gibler
  • Commission press release EU US Privacy Shield http europa eu rapid press release IP en htm
  • European commission - overview on binding corporate rules http ec europa eu justice data protection internationaltransfers binding corporate rules index en htm
  • of Justice Commission Decision of july pursuant to directive ec of the european parliament and of the council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the us
    CELEX
  • Free online virus malware url scanner https www virustotal com
    VirusTotal
  • Procedural Reflection in Programming Languages thesis Massachusetts Institute of Technology Laboratory for
    Brian Cantwell Smith
  • precise and general inter - component data flow analysis framework for security vetting of android apps In Proceedings of the SIGSAC Conference on Computer and Communications pages
    Fengguo Wei
  • Court of Justice of the European Union The court of justice declares that the commission s us safe harbour decision is invalid http curia europa eu jcms upload docs application pdf cp en pdf
  • Release Smartphone os marketshare http www idc com prodserv smartphone os market share jsp
    Press
  • IPaddressAPI com An ip location api solution http www ipaddressapi com
  • and Detecting inter - component privacy leaks in Android apps In Proceedings of the th on Volume pages
    Li Li
  • tracking platform to monitor the sales and downloads of apps http com
    AppFigures
  • and Data Privacy Autonomous Spontaneous and Assurance th International Workshop th International Workshop rd International Workshop September Revised Selected chapter An Accountability Policy pages Springer International Publishing
    Monir Azraoui
  • Papakonstantinou The proposed data protection Regulation replacing Directive EC sound system for the protection of individuals
    Paul De Hert
  • tool - a tool for reverse engineering android apk files http ibotpeaches github io Apktool
    Connor Tumbleson
  • Dominik Jens Lindemann Obtaining personal data and asking for erasure : Do app vendors and website owners honour your privacy rights
    Herrmann
  • an information - flow tracking system for realtime privacy monitoring on smartphones on
    William Enck
  • An android application sandbox for dynamic analysis https code google com p droidbox
    Anthony Desnos
  • Making Succeed Enhancing the CERT Static Taint Analyzer for Android App Sets
    Johnathon Burket
  • Ericsson Europe mobility report appendix http www ericsson com res docs emr november regionalappendices europe pdf
  • Smv - hunter : Large scale automated detection of ssl / tls man - in - the - middle vulnerabilities in android apps In In Proceedings of the st Annual Network and Distributed System
    David Sounthiraraj
  • and Precise context flow field object - sensitive and lifecycle - aware taint analysis for android apps In volume pages
    Steven Arzt
  • IBM libraries for analysis http wala sourceforge net wiki index php
    Watson
  • Papakonstantinou The proposed data protection Regulation replacing Directive EC sound system for the protection of individuals
    Paul De Hert
  • An android application sandbox for dynamic analysis https code google com p droidbox
    Anthony Desnos
  • Smv - hunter : Large scale automated detection of ssl / tls man - in - the - middle vulnerabilities in android apps In In Proceedings of the st Annual Network and Distributed System
    David Sounthiraraj
  • Thorsten and Spreitzenbarth Slicing Program Slicing for Code In Proceedings of the th ACM on SAC pages New
    Johannes Hoffmann
  • Analyzing privacy leaks in smartphones News
    Jagdish Prasad Achara
  • Tool https github com JesusFreke smali wiki
    Ben Gruver
  • and Data Privacy Autonomous Spontaneous and Assurance th International Workshop th International Workshop rd International Workshop September Revised Selected chapter An Accountability Policy pages Springer International Publishing
    Monir Azraoui
  • and Detecting inter - component privacy leaks in Android apps In Proceedings of the th on Volume pages
    Li Li
  • Alessandro Automated Test Input Generation for Android : Are We There Yet In Automated th ACM International Conference on pages
    Shauvik Roy Choudhary
  • Choice architecture and smartphone privacy : There sa price for that In The economics of information security and privacy pages
    Serge Egelman
  • IPaddressAPI com An ip location api solution http www ipaddressapi com
  • The Group TCP Dump http www tcpdump org
    Tcpdump
  • Google Monkey Tool http developer android com tools help monkey html
  • Choice architecture and smartphone privacy : There sa price for that In The economics of information security and privacy pages
    Serge Egelman
  • Ericsson Europe mobility report appendix http www ericsson com res docs emr november regionalappendices europe pdf
  • Tina Amirtha Safe Harbor was for EU privacy : But how safe is US data in Europe http www zdnet com article safe harbor was for eu privacy but how safe is us data ineurope
  • automatic security analysis of smartphone applications In Proceedings of the third ACM conference on Data and application security and privacy pages
    Vaibhav Rastogi
  • tool - a tool for reverse engineering android apk files http ibotpeaches github io Apktool
    Connor Tumbleson
  • European Parliament Directive ec of the european parliament and of the Council of on the protection of individuals with regard to the processing of personal data and on the free movement of such data http eur lex europa eu eli dir oj
  • tracking platform to monitor the sales and downloads of apps http com
    AppFigures
  • Sara s privacy leaders gather to discuss suspending us safe harbor http www zdnet com article germanys privacy leaders gather to discuss suspending ussafe harbor
    Zaske
  • Center ScanDal Static analyzer for detecting privacy leaks in android applications MoST
    Jinyung Kim
  • Analyzing sensitive data transmission in android for privacy leakage detection In Proceedings of the conference on Computer pages
    Zhemin Yang
  • of Justice Commission Decision of july pursuant to directive ec of the european parliament and of the council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the us
    CELEX
  • Sara s privacy leaders gather to discuss suspending us safe harbor http www zdnet com article germanys privacy leaders gather to discuss suspending ussafe harbor
    Zaske
  • Long statically vetting android apps for component hijacking vulnerabilities In Proceedings of the conference on Computer and communications security pages
    Lu
  • European commission - overview on binding corporate rules http ec europa eu justice data protection internationaltransfers binding corporate rules index en htm
  • Alessandro Automated Test Input Generation for Android : Are We There Yet In Automated th ACM International Conference on pages
    Shauvik Roy Choudhary
  • Analyzing sensitive data transmission in android for privacy leakage detection In Proceedings of the conference on Computer pages
    Zhemin Yang
  • IBM libraries for analysis http wala sourceforge net wiki index php
    Watson
  • precise and general inter - component data flow analysis framework for security vetting of android apps In Proceedings of the SIGSAC Conference on Computer and Communications pages
    Fengguo Wei
  • and Fabio Massacci addressing the problem of dynamic code updates in the security analysis of android applications In Proceedings of the th ACM Conference on Data and Application Security and Privacy pages
    Yury Zhauniarovich
  • Google Monkey Tool http developer android com tools help monkey html
  • Long statically vetting android apps for component hijacking vulnerabilities In Proceedings of the conference on Computer and communications security pages
    Lu
  • Release Smartphone os marketshare http www idc com prodserv smartphone os market share jsp
    Press
  • and Fabio Massacci addressing the problem of dynamic code updates in the security analysis of android applications In Proceedings of the th ACM Conference on Data and Application Security and Privacy pages
    Yury Zhauniarovich
  • Yves Effective inter - component communication mapping in android with epicc : An essential step towards holistic security analysis Effective Inter - Component Communication Mapping in Android with Epicc : An Essential Step Towards Holistic
    Damien Octeau
  • Free online virus malware url scanner https www virustotal com
    VirusTotal
  • Raja Rai Co Soot - a Java bytecode optimization framework In Proceedings of the conference of the Centre for Advanced Studies on Collaborative research page IBM
    Vallée
  • Commission press release EU US Privacy Shield http europa eu rapid press release IP en htm