IDPFilter: Mitigating Interdependent Privacy Issues in Third-Party Apps

TL;DR

This paper investigates interdependent privacy issues in third-party apps, analyzing permission structures, characterizing app behaviors, and proposing IDPFilter, a platform-agnostic API to mitigate privacy risks by filtering collateral data collection.

Contribution

It introduces IDPFilter, a novel API designed to reduce interdependent privacy risks in third-party apps, supported by analysis, principles, and a prototype implementation.

Findings

Identified permissions causing interdependent privacy issues

Characterized app permission request patterns

Demonstrated IDPFilter's effectiveness in filtering collateral data

Abstract

Third-party applications have become an essential part of today's online ecosystem, enhancing the functionality of popular platforms. However, the intensive data exchange underlying their proliferation has increased concerns about interdependent privacy (IDP). This paper provides a comprehensive investigation into the previously underinvestigated IDP issues of third-party apps. Specifically, first, we analyze the permission structure of multiple app platforms, identifying permissions that have the potential to cause interdependent privacy issues by enabling a user to share someone else's personal data with an app. Second, we collect datasets and characterize the extent to which existing apps request these permissions, revealing the relationship between characteristics such as the respective app platform, the app's type, and the number of interdependent privacy-related permissions it requests. Third, we analyze the various reasons IDP is neglected by both data protection regulations and app platforms and then devise principles that should be followed when designing a mitigation solution. Finally, based on these principles and satisfying clearly defined objectives, we propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection by filtering out data collected from their users but implicating others as data subjects. We implement a proof-of-concept prototype, IDPTextFilter, that implements the filtering logic on textual data, and provide its initial performance evaluation with regard to privacy, accuracy, and efficiency.