Are PETs (Privacy Enhancing Technologies) Giving Protection for Smartphones? -- A Case Study

TL;DR

This study evaluates the effectiveness of popular privacy-enhancing apps for smartphones, identifying security gaps through forensic experiments and standards comparison to improve privacy protections.

Contribution

It provides a comprehensive assessment of 512 privacy apps, highlighting their strengths and weaknesses in data protection and suggesting standards for future development.

Findings

Many privacy apps fail to maintain consistent security protections.

Forensic experiments reveal gaps in data security functionalities.

Standards like NIST and OWASP are useful for evaluating app security.

Abstract

With smartphone technologies enhanced way of interacting with the world around us, it has also been paving the way for easier access to our private and personal information. This has been amplified by the existence of numerous embedded sensors utilized by millions of apps to users. While mobile apps have positively transformed many aspects of our lives with new functionalities, many of these applications are taking advantage of vast amounts of data, privacy apps, a form of Privacy Enhancing Technology can be an effective privacy management tool for smartphones. To protect against vulnerabilities related to the collection, storage, and sharing of sensitive data, developers are building numerous privacy apps. However, there has been a lack of discretion in this particular area which calls for a proper assessment to understand the far-reaching utilization of these apps among users. During this process we have conducted an evaluation of the most popular privacy apps from our total collection of five hundred and twelve to demonstrate their functionality specific data protections they are claiming to offer, both technologically and conventionally, measuring up to standards. Taking their offered security functionalities as a scale, we conducted forensic experiments to indicate where they are failing to be consistent in maintaining protection. For legitimate validation of security gaps in assessed privacy apps, we have also utilized NIST and OWASP guidelines. We believe this study will be efficacious for continuous improvement and can be considered as a foundation towards a common standard for privacy and security measures for an app's development stage.