ROI: a method for identifying organizations receiving personal data

ROI: a method for identifying organizations receiving personal data

Many studies have exposed the massive collection of personal data in the digital ecosystem through, for instance, websites, mobile apps, or smart devices. This fact goes unnoticed by most users, who are also unaware that the collectors are sharing their personal data with many different organization...

Full description

Saved in:
Bibliographic Details
Published in:Computing Vol. 106; no. 1; pp. 163 - 184
Main Authors: Rodriguez, David, Del Alamo, Jose M., Cozar, Miguel, García, Boni
Format: Journal Article
Language:English
Published: Vienna Springer Vienna 2024
Springer Nature B.V
Subjects:
Applications programs
Artificial Intelligence
Computer Appl. in Administrative Data Processing
Computer Communication Networks
Computer Science
Data transparency
Domains
Information Systems Applications (incl.Internet)
Mobile computing
Mobile operating systems
Organizations
Personal information
Privacy
Regular Paper
Software Engineering
Third party
68P27
Company
68U15
Data controller
Third-party
Identification
Apps
Personal data
Android
Privacy
68M11
NER
Domain
68M15
68M25
68M14
68T50
68M12
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many studies have exposed the massive collection of personal data in the digital ecosystem through, for instance, websites, mobile apps, or smart devices. This fact goes unnoticed by most users, who are also unaware that the collectors are sharing their personal data with many different organizations around the globe. This paper assesses techniques available in the state of the art to identify the organizations receiving this personal data. Based on our findings, we propose Receiver Organization Identifier (ROI), a fully automated method that combines different techniques to achieve a 95.71% precision score in identifying an organization receiving personal data. We demonstrate our method in the wild by evaluating 10,000 Android apps and exposing the organizations that receive users’ personal data. We further assess the transparency of these data-sharing practices by analyzing the apps’ privacy policies. The results reveal a concerning lack of transparency in almost 78% of apps, suggesting the need for regulators to take action.
ISSN:0010-485X
1436-5057
DOI:10.1007/s00607-023-01209-2