• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal in computer virology >Detecting privacy leaks in the RATP App: how we proceeded and what we found
【24h】

Detecting privacy leaks in the RATP App: how we proceeded and what we found

机译:在RATP应用中检测隐私泄露:我们如何进行以及发现了什么

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

We analyzed the RATP App, both Android and iOS versions, using our instrumented versions of these mobile OSs. Our analysis reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. The iOS version of this App doesn’t even respect Apple guidelines on cross-App user tracking for advertising purposes and employs various other cross-App tracking mechanisms that are not supposed to be used by Apps. Even if this work is illustrated with a single App, we describe an approach that is generic and can be used to detect privacy leaks from other Apps. In addition, our findings are representative of a trend in Advertising and Analytics (A&A) libraries that try to collect as much information as possible regarding the smartphone and its user to have a better profile of the user’s interests and behaviors. In fact, in case of iOS, these libraries even generate their own persistent identifiers and share it with other Apps through covert channels to better track the user, and this happens even if the user has opted-out of device tracking for advertising purposes. Above all, this happens without the user knowledge, and sometimes even without the App developer’s knowledge who might have naively included these libraries during the App development. Therefore this article raises many questions concerning both the bad practices employed in the world of smartphones and the limitations of the privacy control features proposed by Android/iOS Mobile OSs.
机译:我们使用这些移动操作系统的检测版本分析了RATP App(Android和iOS版本)。我们的分析表明,此应用程序的两个版本都将私人数据泄露给第三方服务器,这与应用程序内隐私政策完全矛盾。此应用程序的iOS版本甚至没有遵守Apple出于广告目的进行跨应用程序用户跟踪的准则,并采用了应用程序不应该使用的各种其他跨应用程序跟踪机制。即使使用单个应用程序说明了这项工作,我们也会描述一种通用的方法,可用于检测其他应用程序的隐私泄漏。此外,我们的发现代表了广告和分析(A&A)库的趋势,该库试图收集尽可能多的有关智能手机及其用户的信息,以便更好地了解用户的兴趣和行为。实际上,在iOS的情况下,这些库甚至会生成自己的持久标识符,并通过秘密渠道与其他Apps共享以更好地跟踪用户,即使用户出于广告目的选择退出设备跟踪,也会发生这种情况。最重要的是,这是在用户不知情的情况下发生的,有时甚至是在应用程序开发人员不知道的情况下,他们可能在应用程序开发期间天真地包含了这些库。因此,本文对智能手机领域的不良做法以及Android / iOS Mobile OS提出的隐私控制功能的局限性提出了许多问题。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号