The AppChk Crowd-Sourcing Platform : Which Third Parties are iOS Apps Talking To?

Faculty/Professorship: Privacy and Security  
Author(s): Geier, Oleg; Herrmann, Dominik  
Title of the compilation: ICT Systems Security and Privacy Protection : 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings
ISSN: 1868-4238, 1868-422X
Corporate Body: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021
Publisher Information: Berlin ; Heidelberg : Springer
Year of publication: 2021
Pages: 228-241
ISBN: 978-3-030-78119-4
Series ; Volume: IFIP Advances in Information and Communication Technology ; 625
Language(s): English
Licence: Creative Commons - CC BY - Attribution 4.0 International 
DOI: 10.1007/978-3-030-78120-0_15
In this paper we present a platform which is usable by novice users without domain knowledge of experts. The platform consisting of an iOS app to monitor network traffic and a website to evaluate the results. Monitoring takes place on-device; no external server is required.
Users can record and share network activity, compare evaluation results, and create rankings on apps and app-groups. The results are used to detect new trackers, point out misconduct in privacy practices, or automate comparisons on app-attributes like price, region, and category.
To demonstrate potential use cases, we compare 75 apps before and after the iOS 14 release and show that we can detect trends in app-specific behavior change over time, for example, by privacy changes in the OS. Our results indicate a slight decrease in tracking but also an increase in contacted domains. We identify seven new trackers which are not present in current tracking lists such as EasyList. The games category is particularly prone to tracking (53% of the traffic) and contacts on average 36.2 domains with 59.3 requests per minute.
Peer Reviewed: Ja
International Distribution: Ja
Type: Conferenceobject
Release Date: 25. June 2021
Project: Interaktive, visuelle Datenräume zur souveränen, datenschutzrechtlichen Entscheidungsfindung (InviDas)