Doctor of Philosophy (PhD)
Mobile applications (apps) constantly demand access to sensitive user information in exchange for more personalized services. These-mostly unjustified-data collection tactics have raised major privacy concerns among mobile app users. Existing research on mobile app privacy aims to identify these concerns, expose apps with malicious data collection practices, assess the quality of apps' privacy policies, and propose automated solutions for privacy leak detection and prevention. However, existing solutions are generic, frequently missing the contextual characteristics of different application domains. To address these limitations, in this dissertation, we study privacy in the app store at a domain level. Our objective is to propose automated solutions that are tailored to the specific data collection practices of each operational domain.
The analysis in this dissertation can be divided into three main phases. In the first phase, we propose an automated solution to classify apps in the mobile app market into more coherent categories of functionally-related apps. In the second phase, we propose an effective approach for summarizing users' privacy concerns in mobile app reviews. Our objective is to help app developers identify and understand the most critical privacy challenges in their specific domain of operation. In the third phase, we conduct a qualitative analysis of mobile apps' privacy nutrition labels. Our objectives are to explore the information value of such labels, quantify the discrepancies between apps' privacy policies and their data collection labels, and identify privacy outlier apps in each domain. Based on our analysis, we suggest several design strategies to help app stores preserve the credibility and utility of their privacy label systems.
Ebrahimi Meymand, Fahimeh, "Domain Specific Analysis of Privacy Practices and Concerns in the Mobile Application Market" (2023). LSU Doctoral Dissertations. 6099.