ABSTRACT
COVID-19 has affected human life since its advent. And to counteract its spread, humankind adopts social distancing, which encourages remote working for employees, and online learning for students. Many universities and schools quickly adopted e-learning solutions without much consideration of security, while it is important to consider users' privacy. Unfortunately, digital learning spaces face security vulnerabilities, risks and threats and are not spared from cyber-attacks. To ensure the security and privacy of e-learning solutions used by universities and schools, we analyzed how MOOCs and Organizations offering online courses long before COVID-19 deal with their users' privacy and personal data. In this study, we considered some popular platforms from The United States (Coursera, EdX, Udemy), Europe and the United Kingdom (FutureLearn, FUN MOOC, EduOpen), and Asia (XuetangX, SWAYAM, and K-MOOC). We discussed the personal data collected by these platforms, the purposes for which these data are collected, the different legislation for processing and storing data, and how the platforms ensure user privacy. © 2022 IEEE.
ABSTRACT
In the past decade, the gaming industry has seen a sharp rise in popularity, particularly in mobile gaming, and these numbers have only increased with the recent COVID-19 pandemic. Given the amount of user information being collected and shared by these gaming apps as well as the demographics of its users such as minors, it is critical to examine these apps' privacy vulnerabilities. In this study, we reviewed and analyzed 20 popular gaming apps' privacy policies and evaluated their explicit privacy protections or lack thereof. In particular, we examined if any specific privacy protections are provided to vulnerable groups like children and teenagers. Results found that although these gaming apps have privacy protections listed in their policies, only a few of them explicitly identify individual's consent and choice. Also, most of the privacy protections on minors like children and teenagers provided by these gaming apps are only at a basic level. Results from this study can provide guidance to both app users and app developers on the measures that each app is already taking on privacy protections, as well as identifying the vulnerabilities and potential privacy risks that currently exist. Furthermore, it can provide guidance for implementing appropriate privacy policies to protect users' personal data. © 2022 IEEE.
ABSTRACT
Mobile app developers are often obliged by regulatory frameworks to provide a privacy policy in natural comprehensible language to describe their apps' privacy practices. However, prior research has revealed that: (1) not all app developers offer links to their privacy policies; and (2) even if they do offer such access, it is difficult to determine if it is a valid link to a (valid) policy. While many prior studies looked at this issue in Google Play Store, Apple App Store, and particularly the iOS store, is much less clear. In this paper, we conduct the first and the largest study to investigate the previous issues in the iOS app store ecosystem. First, we introduce an App Privacy Policy Extractor (APPE), a system that embraces and analyses the metadata of over two million apps to give insightful information about the distribution of the supposed privacy policies, and the content of the provided privacy policy links, store-wide. The result shows that only 58.5% of apps provide links to purported privacy policies, while 39.3% do not provide policy links at all. Our investigation of the provided links shows that only 38.4% of those links were directed to actual privacy policies, while 61.6% failed to lead to a privacy policy. Further, for research purposes we introduce the App Privacy Policy Corpus (APPC-451K); the largest app privacy policy corpus consisting of data relating to more than 451K verified privacy policies.
Subject(s)
Mobile Applications , Privacy , Ecosystem , Policy , MetadataABSTRACT
Recently, smartphone usage has increased tremendously, and smartphones are being used as a requirement of daily life, equally by all age groups. Smartphone operating systems such as Android and iOS have made it possible for anyone with development skills to create apps for smartphones. This has enabled smartphone users to download and install applications from stores such as Google Play, App Store, and several other third-party sites. During installation, these applications request resource access permissions from users. The resources include hardware and software like contact, memory, location, managing phone calls, device state, messages, camera, etc. As per Google’s permission policy, it is the responsibility of the user to allow or deny any permissions requested by an app. This leads to serious privacy violation issues when an app gets illegal permission granted by a user (e.g., an app might request for granted map permission and there is no need for map permission in the app, and someone can thereby access your location by this app). This study investigates the behavior of the user when it comes to safeguarding their privacy while installing apps from Google Play. In this research, first, seven different applications with irrelevant permission requests were developed and uploaded to two different Play Store accounts. The apps were live for more than 12 months and data were collected through Play Store analytics as well as the apps’ policy page. The preliminary data analysis shows that only 20% of users showed concern regarding their privacy and security either through interaction with the development team through email exchange or through commenting on the platform and other means accordingly.
ABSTRACT
Governments around the world are utilizing their digital ecosystems to respond to the COVID-19 pandemic. To increase awareness among the beneficiaries about privacy risks, they must proactively publish the data handling practices for their digital initiatives through appropriate privacy policies. This study analyzes the privacy policies of public COVID-support mobile applications (apps) in the context of India. We found a total of 63 government initiated COVID-support apps in India out of which 38% were found to have an app-specific privacy policy. These policies were analyzed further to assess their coverage of key principles, such as ?Purpose,? ?Data Categories,? and ?Data Retention,? derived from legal requirements. We also analyzed the extent of the specificity of policies with a high coverage. In India, only one nation-wide app stood out to have both considerable coverage of key principles as well as a high level of specificity. Other national/regional apps fail to display the desired levels of coverage and/or specificity. The broader policy recommendations of this study are that the government should better address privacy concerns regarding its existing and future disaster management apps as well as its other digital initiatives by (a) establishing and enforcing a comprehensive legislative framework for data protection and (b) increasing privacy awareness among the beneficiaries.
ABSTRACT
Apps that enable contact-tracing are instrumental in mitigating the transmission of COVID-19, but there have been concerns among users about the data collected by these apps and their management. Contact tracing is of paramount importance when dealing with a pandemic, as it allows for rapid identification of cases based on the information collected from infected individuals about other individuals they may have had recent contact with. Advances in digital technology have enabled devices such as mobile phones to be used in the contract-tracing process. However, there is a potential risk of users' personal information and sensitive data being stolen should hackers be in the near vicinity of these devices. Thus, there is a need to develop privacy-preserving apps. Meanwhile, privacy policies that outline the risk associated with the use of contact-tracing apps are needed, in formats that are easily readable and comprehensible by the public. To our knowledge, no previous study has examined the readability of privacy policies of contact-tracings apps. Therefore, we performed a readability analysis to evaluate the comprehensibility of privacy policies of 7 contact-tracing apps currently in use. The contents of the privacy policies of these apps were assessed for readability using Readability Test Tool, a free web-based reliability calculator, which computes scores based on a number of statistics (ie, word count and the number of complex words) and indices (ie, Flesch Reading Ease, Flesch-Kincaid Reading Grade Level, Gunning Fog Index, and Simplified Measure of Gobbledygook index). Our analysis revealed that explanations used in the privacy policies of these apps require a reading grade between 7 and 14, which is considerably higher than the reading ability of the average individual. We believe that improving the readability of privacy policies of apps could be potentially reassuring for users and may help facilitate the increased use of such apps.