MR-1S1 [Torres] & MR-1S3 [Quevedo], IMDEA Networks Institute, Avda. del Mar Mediterráneo 22, 28918 Leganés (Madrid)
Mobile platforms have enabled third-party app ecosystems that provide users of all ages with an endless supply of rich content. At the same time, mobile devices present very serious privacy risks: their ability to capture real-time data about our behaviors and preferences has created a marketplace for user data that most consumers are simply unaware of. This is especially concerning when it concerns data collected from children, which is used to profile them so that their interests can be inferred and then tailored ads can be targeted at them.
Fortunately, many developed nations have outlawed these practices. Nonetheless, they are rampant largely due to information asymmetries: consumers simply do not have the tools necessary to make informed decisions about what apps may do with their children’s data, regulators lack the resources to pursue most of the offenders, and platforms have turned a blind eye to abuses of their policies.
In this talk, I will present research that my research group has conducted to automatically examine the privacy behaviors of mobile apps. Using analysis tools that we developed, we have tested over 300,000 of the most popular Android apps to examine what data they access and with whom they share it. I will present data on how mobile apps are tracking and profiling users, including within apps specifically targeted at children, how these practices are often against users' expectations and the apps’ public disclosures, and how app developers may be violating various privacy regulations. This research led to regulatory enforcement actions and changes to platform policies for app developers.
About Serge Egelman
Serge Egelman is the Research Director of the Usable Security and Privacy group at the International Computer Science Institute (ICSI), which is an independent research institute affiliated with the University of California, Berkeley. He conducts research to help people make more informed online privacy and security decisions, and is generally interested in consumer protection. This has included improvements to web browser security warnings, authentication on social networking websites, and most recently, privacy on mobile devices. Seven of his research publications have received awards at the ACM CHI conference, which is the top venue for human-computer interaction research; his research on privacy on mobile platforms has been cited in numerous lawsuits and regulatory actions, as well as featured in the New York Times, Washington Post, Wall Street Journal, Wired, CNET, NBC, and CBS. He received his PhD from Carnegie Mellon University and has previously performed research at Xerox Parc, Microsoft, and NIST.
Este evento se impartirá en inglés
NETCOM Research Group (Telematics Engineering Department, UC3M); IMDEA Networks Institute