An Investigation of the Role of Smartphone Application Permissions in Risks to End User Privacy
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Tekdesk (a division of Community Opportunity and Innovation Network)
Malcolm Sheppard, Training Specialist
Tekdesk’s researchers studied over 400 popular apps for Android and BlackBerry devices, iPhones, and Windows Phone handsets to determine if their software permissions properly described the effects the apps might have on users’ privacy, and more broadly reviewed privacy issues around smartphone use.
The researchers conducted the project in four phases:
Phase 1: Tekdesk staff performed a literature review and collected the results to both guide subsequent project phases and produce an annotated bibliography intended to introduce the literature in an accessible manner. This bibliography has been added as an appendix to the Phase 4 report.
Phase 2: Tekdesk staff analyzed the software permissions requested by the 50 most popular free and 50 most popular paid apps for four major platforms: Android, BlackBerry (before BlackBerry 10), Apple’s iOS and Windows Phone 7.
Phase 3: Tekdesk analyzed data flows between the phone and external servers to check compliance to declared permissions and detect other potential privacy hazards in a subset of the applications reviewed in Phase 2: Five free and five paid apps per platform. The original proposal called for these tests to be carried out through phone software emulators or software development kits (SDKs). After noting a range of potential problems with this method, Tekdesk elected to carry out “Man in the Middle” monitoring on actual smartphones instead.
Phase 4: Tekdesk produced knowledge dissemination materials to share its findings. First, it produced a report entitled “Smartphone Apps, Permissions and Privacy: Concerns and Next Steps.” The report details Tekdesk’s methods, findings, conclusions and recommendations for future actions.
Tekdesk then created educational materials for web-based and face-to-face delivery. These included a PowerPoint slide deck to teach learners about best practices in smartphone privacy, along with handouts covering aspects of this subject matter. Tekdesk delivered three live, face-to-face presentations to community organizations, and made a recorded webinar available for on-demand learning. Tekdesk took this last step instead of delivering live webinars to better meet the schedules of our audience.
Finally, Tekdesk created an additional report on app permissions and privacy for the BlackBerry Z10 smartphone: the first BlackBerry device to feature the new OS.
This document is available in the following language(s):
OPC Funded Project
This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.
345 Aylmer Street North, Lower Level
- Date modified: