Search for: All records

The cross-platform application-development paradigm alleviates a major challenge of native application development, namely the need to re-implement the codebase for each target platform, and streamlines the deployment of applications to different platforms. Essentially, cross-platform application development relies on migrating web application code and repackaging it as a native application. In other words, code that was designed and developed to execute within the confines of a browser, with all the security checks and safeguards that that entails, is now deployed within a completely different execution environment. In this paper, we explore the inherent security and privacy risks that arise from this migration, due to the fundamental differences between these two execution environments, which we refer to as security lacunae. To that end, we establish a differential analysis workflow and develop a set of customized tests designed to uncover divergent behaviors of web code executed within a browser and as an Electron cross-platform application. Guided by the findings from our empirical exploration, we retrofit part of the Web Platform Tests (WPTs) testing suite so as to apply to the Electron framework, and systematically assess mechanisms that relate to isolation and access control, and critical security policies and headers. Our research uncovers semantic gaps that exist between the two execution environments, which affect the enforcement of critical security mechanisms, thus exposing users to severe risks. This can lead to privacy issues such as the exposure of sensitive data over unencrypted connections or unregulated third-party access to the local filesystem, and security issues such as the incorrect enforcement of CSP script execution directives. We demonstrate that directly migrating web application code to a cross-platform application, without refactoring the code and implementing additional safeguards to address the conceptual and behavioral mismatches between the two execution environments, can significantly affect the application's security and privacy posture. 

Apple introduced privacy labels in Dec. 2020 as a way for developers to report the privacy behaviors of their apps. While Apple does not validate labels, they also require developers to provide a privacy policy, which offers an important comparison point. In this paper, we fine-tuned BERT-based language models to extract privacy policy features for 474,669 apps on the iOS App Store, comparing the output to the privacy labels. We identify discrepancies between the policies and the labels, particularly as they relate to data collected linked to users. We find that 228K apps' privacy policies may indicate data collection linked to users than what is reported in the privacy labels. More alarming, a large number (97%) of the apps with a Data Not Collected privacy label have a privacy policy indicating otherwise. We provide insights into potential sources for discrepancies, including the use of templates and confusion around Apple's definitions and requirements. These results suggest that significant work is still needed to help developers more accurately label their apps. Our system can be incorporated as a first-order check to inform developers when privacy labels are possibly misapplied. 

Starting December 2020, all new and updated iOS apps must display app-based privacy labels. As the first large-scale implementation of privacy nutrition labels in a real-world setting, we aim to understand how these labels affect perceptions of app behavior. Replicating the methodology of Emani-Naeini et al. [IEEE S&P '21] in the space of IoT privacy nutrition labels, we conducted an online study in January 2023 on Prolific with n=1,505 participants to investigate the impact of privacy labels on users' risk perception and willingness to install apps. We found that many privacy label attributes raise participants' risk perception and lower their willingness to install an app. For example, when the app privacy label indicates that financial info will be collected and linked to their identities, participants were 15 times more likely to report increased privacy and security risks associated with the app. Likewise, when a label shows that sensitive info will be collected and used for cross-app/website tracking, participants were 304 times more likely to report a decrease in their willingness to install. However, participants had difficulty understanding privacy label jargon such as diagnostics, identifiers, track and linked. We provide recommendations for enhancing privacy label transparency, the importance of label clarity and accuracy, and how labels can impact consumer choice when suitable alternative apps are available. 

Starting December 2020, all new and updated iOS apps must display app-based privacy labels. As the first large-scale implementation of privacy nutrition labels in a real-world setting, we aim to understand how these labels affect perceptions of app behavior. Replicating the methodology of Emani-Naeini et al. (IEEE S&P '21) in the space of IoT privacy nutrition labels, we conducted an online study in January 2023 on Prolific with n=1,505 participants to investigate the impact of privacy labels on users' risk perception and willingness to install apps. We found that many privacy label attributes raise participants' risk perception and lower their willingness to install an app. For example, when the app privacy label indicates that \emph{financial info} will be collected and linked to their identities, participants were 15 times more likely to report increased privacy and security risks associated with the app. Likewise, when a label shows that \emph{sensitive info} will be collected and used for cross-app/website tracking, participants were 304 times more likely to report a decrease in their willingness to install. However, participants had difficulty understanding privacy label jargon such as "diagnostics," "identifiers," "track" and "linked." We provide recommendations for enhancing privacy label transparency, the importance of label clarity and accuracy, and how labels can impact consumer choice when suitable alternative apps are available.