个性化应用程序的隐私和安全问题研究

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Information Security Pub Date : 2024-07-18 DOI:10.1007/s10207-024-00887-z

Stylianos Gerasimou, Konstantinos Limniotis

{"title":"个性化应用程序的隐私和安全问题研究","authors":"Stylianos Gerasimou, Konstantinos Limniotis","doi":"10.1007/s10207-024-00887-z","DOIUrl":null,"url":null,"abstract":"<p>This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users’ consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses.\n</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"37 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A study on privacy and security aspects of personalised apps\",\"authors\":\"Stylianos Gerasimou, Konstantinos Limniotis\",\"doi\":\"10.1007/s10207-024-00887-z\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users’ consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses.\\n</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"37 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00887-z\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00887-z","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

本文从数据保护和安全的角度研究个性化智能应用程序。更确切地说，以《通用数据保护条例》的规定为参考模型，我们研究了以提供个性化服务为理念的此类应用程序是否采用了适当的数据保护技术，尤其侧重于数据保护设计和默认原则的各个方面，以及它们的安全功能。我们对十款流行的此类安卓应用程序进行的分析表明，这些应用程序存在一些隐私问题，包括一些数据处理程序在未征得用户同意的情况下被默认启用，以及一些数据处理程序对用户而言理由不充分或不够透明。此外，有趣的是，所研究的应用程序并非没有已知的安全漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

摘要图片

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A study on privacy and security aspects of personalised apps

This paper studies personalised smart apps, from a data protection and security point of view. More precisely, having as a reference model the provisions stemming from the General Data Protection Regulation, we investigate whether such apps, whose philosophy is based on the provision of personalised services, adopt appropriate data protection techniques, focusing especially on aspects from the data protection by design and by default principles, as well as on their security features. Our analysis over ten popular such Android apps illustrates the existence of several privacy concerns, including the facts that several data processes are by default enabled without requesting users’ consent, as well as that several data processes are not well justified or sufficiently transparent to the users. Moreover, interestingly enough, the apps studied are not free of known security weaknesses.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.