A considerable amount of smartphone apps and web applications leak personal information to a variety of destinations and for a variety of purposes. Some of these purposes are critical for providing the service, whilst others include advertising and analytics.
Yet, most users are unaware which data is being collected about them, or by whom the data ends up being used. This causes a number of problems, including anxiety about potential misuse of data, and inability to reason about whether particular apps or services are "safe" to use in accordance with one's privacy preferences.
The Mobile App X-Ray project aims to help end-users make better informed privacy decisions by making the hidden information flows within and behind social machines visible, in particular for smartphone and web applications. We have developed several ways to measure hidden information disclosure activities, including dynamic (intercepting network traffic) and static methods (static analysis of disassembled compiled binaries).
We have also designed visual interfaces to represent this information to users and explore their privacy concerns and information management needs. Previous work in this project included analysis of third-party trackers associated with the top 5,000 Android app and top 5,000 websites.
Current efforts in the 'Ethical Data Initiative' scales up this work and aims to automated analysis of hundreds of thousands of apps from Google's app store and will provide a website and developer API that make this information publicly accessible.