An Investigation of the Role of Smartphone Application Permissions in Risks to End User Privacy

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Organization

Tekdesk (a division of Community Opportunity and Innovation Network)

Published

2013

Project Leader(s)

Malcolm Sheppard, Training Specialist

Summary

Tekdesk’s researchers studied over 400 popular apps for Android and BlackBerry devices, iPhones, and Windows Phone handsets to determine if their software permissions properly described the effects the apps might have on users’ privacy, and more broadly reviewed privacy issues around smartphone use.

The researchers conducted the project in four phases:

Phase 1: Tekdesk staff performed a literature review and collected the results to both guide subsequent project phases and produce an annotated bibliography intended to introduce the literature in an accessible manner. This bibliography has been added as an appendix to the Phase 4 report.

Phase 2: Tekdesk staff analyzed the software permissions requested by the 50 most popular free and 50 most popular paid apps for four major platforms: Android, BlackBerry (before BlackBerry 10), Apple’s iOS and Windows Phone 7.

Phase 3: Tekdesk analyzed data flows between the phone and external servers to check compliance to declared permissions and detect other potential privacy hazards in a subset of the applications reviewed in Phase 2: Five free and five paid apps per platform. The original proposal called for these tests to be carried out through phone software emulators or software development kits (SDKs). After noting a range of potential problems with this method, Tekdesk elected to carry out “Man in the Middle” monitoring on actual smartphones instead.

Phase 4: Tekdesk produced knowledge dissemination materials to share its findings. First, it produced a report entitled “Smartphone Apps, Permissions and Privacy: Concerns and Next Steps.” The report details Tekdesk’s methods, findings, conclusions and recommendations for future actions.

Tekdesk then created educational materials for web-based and face-to-face delivery. These included a PowerPoint slide deck to teach learners about best practices in smartphone privacy, along with handouts covering aspects of this subject matter. Tekdesk delivered three live, face-to-face presentations to community organizations, and made a recorded webinar available for on-demand learning. Tekdesk took this last step instead of delivering live webinars to better meet the schedules of our audience.

Finally, Tekdesk created an additional report on app permissions and privacy for the BlackBerry Z10 smartphone: the first BlackBerry device to feature the new OS.

This document is available in the following language(s):

English only

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

345 Aylmer Street North, Lower Level
Peterborough, Ontario
K9H 3V7

Email: info@rebootpeterborough.ca
Website: http://rebootpeterborough.ca/tekdesk-it-services/
Tel: Toll free at 866-484-0355 or regular number at 705-760-9198
Fax: 705-760-9887

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: