Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Privacy Concerns in Social Login Ecosystems

Organization

Concordia University

Published

2025

Project Leader(s)

Mohammad Mannan

Amr Youssef

Summary

Federated Single Sign-On (SSO) is a widely used authentication method that delegates user login to Identity Providers (IdPs) such as Google and Facebook. While convenient, SSO raises privacy and security concerns, particularly, as we observed, when permissions vary across different platforms (web vs. mobile, even different versions of an app). Existing work on SSO logins completely lacks the exploration of such variances, and their privacy consequences, even though many users may use a service both via web and mobile platforms. This study examines such discrepancies at scale, alongside an analysis of dangerous permissions specifically requested on websites and Android apps. We developed a framework to automate SSO logins on both platforms, systematically measuring permission discrepancies. Our analysis, based on 661 and 318 successful logins using Google and Facebook SSO, respectively, across both the Android app and its corresponding website for the same service, reveals a 12.58% discrepancy in Facebook SSO permissions and a 3.48% discrepancy in Google SSO permissions between web and Android platforms. These findings, along with our analysis of top-5K Tranco websites, indicate that Android apps tend to request more intrusive permissions, underscoring the need for incremental authorization mechanisms to minimize unnecessary data exposure.

Project deliverables are available in the following language(s):

English

Full report

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

Mohammad Mannan
EV9.189, 1515 Ste-Catherine Street West
Montreal, Quebec  H3G 2W1

Email: m.mannan@concordia.ca

Telephone: (514) 848-2424 extension 8972

Date modified: