Withdrawing is believing? Detecting Inconsistencies Between Withdrawal Choices and Third-party Data Collections in Mobile Apps
Xiaolin Du, Zhemin Yang, Jiapeng Lin, Yinzhi Cao, Min Yang
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 4
This talk, presented at IEEE S&P by a collaborative team from Fudan University and Johns Hopkins University, delves into a critical yet often overlooked aspect of mobile application privacy: **withdrawal inconsistencies**. The research highlights a significant gap between users' explicit choices to withdraw consent for data collection and the actual data practices of mobile apps, particularly concerning **third-party libraries**. As global privacy regulations like **GDPR** and **CCPA** empower consumers with the right to object to or opt out of personal data processing, violations of these rights can lead to severe user privacy leakage. The talk introduces **M Checker**, a novel static analysis tool designed to automatically detect these inconsistencies in Android applications.
AI review
This research unearths a pervasive and critical privacy flaw: mobile apps routinely ignore user withdrawal requests, especially concerning third-party data collection. M Checker, a novel static analysis tool, meticulously identifies these 'unguarded collections,' exposing the widespread failure of apps to honor privacy choices. This isn't just a bug; it's a systemic betrayal of trust, demanding immediate attention from developers and regulators.