当前位置: X-MOL 学术arXiv.cs.CY › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android~Apps
arXiv - CS - Computers and Society Pub Date : 2021-06-17 , DOI: arxiv-2106.09407
Konrad Kollnig, Reuben Binns, Pierre Dewitte, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, Nigel Shadbolt

Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices. This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent. EU and UK data protection law, however, requires consent, both 1) to access and store information on users' devices and 2) to legitimate the processing of personal data as part of third-party tracking, as we analyse in this paper. This paper further investigates whether and to what extent consent is implemented in mobile apps. First, we analyse a representative sample of apps from the Google Play Store. We find that most apps engage in third-party tracking, but few obtained consent before doing so, indicating potentially widespread violations of EU and UK privacy law. Second, we examine the most common third-party tracking libraries in detail. While most acknowledge that they rely on app developers to obtain consent on their behalf, they typically fail to put in place robust measures to ensure this: disclosure of consent requirements is limited; default consent implementations are lacking; and compliance guidance is difficult to find, hard to read, and poorly maintained.

中文翻译:

既成事实?Android~Apps 中第三方跟踪不同意的实证研究

第三方跟踪允许公司收集用户的行为数据并跟踪他们跨数字设备的活动。这可以让陌生人深入了解用户的私人生活,并且经常在用户不知情或明确同意的情况下发生。然而,欧盟和英国的数据保护法需要同意,1) 访问和存储用户设备上的信息和 2) 作为第三方跟踪的一部分,合法处理个人数据,正如我们在本文中分析的那样。本文进一步调查了移动应用程序中是否以及在多大程度上实现了同意。首先,我们分析来自 Google Play 商店的代表性应用样本。我们发现大多数应用程序都参与了第三方跟踪,但很少有人在这样做之前获得同意,这表明可能广泛违反欧盟和英国的隐私法。其次,我们详细检查了最常见的第三方跟踪库。虽然大多数人承认他们依赖应用程序开发人员代表他们获得同意,但他们通常没有采取强有力的措施来确保这一点:同意要求的披露是有限的;缺乏默认的同意实施;合规指南很难找到、难以阅读且维护不善。
更新日期:2021-06-18
down
wechat
bug