ROI: A method for identifying organizations receiving personal data
David Rodriguez, Jose M. Del Alamo, Miguel Cozar, Boni Garcia
TL;DR
This paper introduces ROI, an automated method that accurately identifies organizations receiving personal data from digital platforms, demonstrated through extensive analysis of Android apps.
Contribution
The paper presents ROI, a novel automated technique combining multiple methods to identify data recipients with high precision, addressing a gap in data flow transparency.
Findings
ROI achieves 95.71% precision in identifying data recipients.
Evaluation of 10,000 Android apps demonstrates practical effectiveness.
The method uncovers organizations receiving personal data in real-world scenarios.
Abstract
Many studies have exposed the massive collection of personal data in the digital ecosystem through, for instance, websites, mobile apps, or smart devices. This fact goes unnoticed by most users, who are also unaware that the collectors are sharing their personal data with many different organizations around the globe. This paper assesses techniques available in the state of the art to identify the organizations receiving this personal data. Based on our findings, we propose ROI (Receiver Organization Identifier), a fully automated method that combines different techniques to achieve a 95.71% precision score in identifying an organization receiving personal data. We demonstrate our method in the wild by evaluating 10,000 Android apps and exposing the organizations that receive users' personal data.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy, Security, and Data Protection · Personal Information Management and User Behavior · Data Quality and Management