The growth of IoT apps poses increasing concerns about sensitive data leaks. While privacy policies are required to describe how IoT apps use private user data (i.e., data practice), problems such as missing, inaccurate, and inconsistent policies have been repeatedly reported. Therefore, it is important to assess the actual data practice in IoT apps and identify the potential gaps between the actual and declared data usage. In this work, we conducted a measurement study using our framework called IoTPrivComp, which applies an automated analysis of IoT apps’ code and privacy policies to identify compliance gaps. We collected 1,489 IoT apps with English privacy policies from the Play Store. IoTPrivComp found 532 apps with sensitive external data flows, among which 408 (76.7%) apps had undisclosed data leaks. Moreover, 63.4% of the data flows that involved health and wellness data was inconsistent with the practices disclosed in the apps’ privacy policies.
CITATION STYLE
Ahmad, J., Li, F., & Luo, B. (2022). IoTPrivComp: A Measurement Study of Privacy Compliance in IoT Apps. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 13555 LNCS, pp. 589–609). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-17146-8_29
Mendeley helps you to discover research relevant for your work.