The Price is (Not) Right: Comparing Privacy in Free and Paid Apps-Reference-Cited by-同舟云学术

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps

Published:2020-07-01 Issue:3 Volume:2020 Page:222-242
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Han Catherine¹,Reyes Irwin²,Feal Álvaro³,Reardon Joel⁴,Wijesekera Primal⁵,Vallina-Rodriguez Narseo⁶,Elazari Amit¹,Bamberger Kenneth A.¹,Egelman Serge⁷

Affiliation:

1. University of California , Berkeley

2. Two Six Labs / International Computer Science Institute

3. IMDEA Networks Institute / Universidad Carlos III de Madrid

4. University of Calgary / AppCensus, Inc .

5. International Computer Science Institute / University of California , Berkeley

6. IMDEA Networks Institute/International Computer Science Institute / AppCensus, Inc .

7. International Computer Science Institute / University of California , Berkeley / AppCensus, Inc.

Abstract

Abstract It is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging consumer expectations surrounding free and paid apps. We use both static and dynamic analysis to examine 5,877 pairs of free Android apps and their paid counterparts for differences in data collection practices and privacy policies between pairs. To understand user expectations for paid apps, we conducted a 998-participant online survey and found that consumers expect paid apps to have better security and privacy behaviors. However, there is no clear evidence that paying for an app will actually guarantee protection from extensive data collection in practice. Given that the free version had at least one thirdparty library or dangerous permission, respectively, we discovered that 45% of the paid versions reused all of the same third-party libraries as their free versions, and 74% of the paid versions had all of the dangerous permissions held by the free app. Likewise, our dynamic analysis revealed that 32% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Finally, we found that 40% of apps did not have a privacy policy link in the Google Play Store and that only 3.7% of the pairs that did reflected differences between the free and paid versions.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2020-0050

Reference52 articles.

1. [1] Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Bryan Dzung Ta, and Atif M. Memon. MobiGUITAR: Automated Model-Based Testing of Mobile Apps. IEEE Software, pages 53–59, 2015.

2. [2] Amina Wagner, Nora Wessels, Peter Buxmann, Hanna Krasnova. Putting a Price Tag on Personal Information - A Literature Review. In Proc. of the 51st Hawaii International Conference on System Sciences, pages 3760–3769, 2018.

3. [3] Sara Angeles. Are Free Apps Safe? https://www.businessnewsdaily.com/4868-free-app-security-risk.html. Archived at https://web.archive.org/web/20181129010454/https://www.businessnewsdaily.com/4868-free-app-securityrisk.html. Last Accessed: November 28, 2018.

4. [4] App Annie. Digital App Economy Forecast: App Annie’s App Monetization Report. https://web.archive.org/web/20200218001956/https://www.appannie.com/en/insights/market-data/app-monetization-report-2016/. Last Accessed: February 17, 2020.

5. [5] AppBrain. Number of Android apps on Google Play. https://www.appbrain.com/stats/number-of-android-apps. Archived at https://web.archive.org/web/20181129003859/https://www.appbrain.com/stats/number-of-android-apps. Last Accessed: August 26, 2019.

Cited by 22 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Understanding the Privacy Practices of Political Campaigns: A Perspective from the 2020 US Election Websites;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

3. Poster: Longitudinal Measurement of the Adoption Dynamics in Apple's Privacy Label Ecosystem;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

4. IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

5. Use of Personal Data for Monetization Purposes: The Case of Mobile Applications;Journal of Economic Issues;2023-10-02