research-article

Collateral damage of Facebook third-party applications: : a comprehensive study

Authors:

Iraklis Symeonidis,

Gergely Biczók,

Fatemeh Shirazi,

Cristina Pérez-Solà,

Jessica Schroers,

Bart PreneelAuthors Info & Claims

Volume 77, Issue C

Pages 179 - 208

https://doi.org/10.1016/j.cose.2018.03.015

Published: 01 August 2018 Publication History

Abstract

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers.

References

[1]

C. Abdelberi, Ding Y., R. Dey, M.A. Kâafar, K.W. Ross, A closer look at third-party OSN applications: are they leaking your personal information?, Proceedings of the 15th international conference passive and active measurement, PAM, Los Angeles, CA, USA, 2014, pp. 235–246.

[2]

C. Abdelberi, M.A. Kâafar, R. Boreli, Big friend is watching you: analyzing online social networks tracking capabilities, Proceedings of the 2012 ACM workshop on workshop on online social networks, WOSN 2012, Helsinki, Finland, 2012, pp. 7–12.

[3]

A. Acquisti, R. Gross, Imagined communities: awareness, information sharing, and privacy on the Facebook, Proceedings of the 6th international workshop privacy enhancing technologies, PET 2006, Cambridge, UK, June 28–30, 2006, Revised Selected Papers, 2006, pp. 36–58.

[4]

R. Albert, A.L. Barabási, Statistical mechanics of complex networks, Rev Mod Phys 74 (1) (2002) 47.

[5]

Alsenoy, B.V. Regulating data protection: the allocation of responsibility and risk among actors involved in personal data processing. PhD thesis, Research Unit KU Leuven Centre for IT IP Law (CiTiP), 2016.

[6]

AppInspect. AppInspect: a framework for automated security and privacy analysis of OSN application ecosystems. http://ai.sba-research.org/. 2017.

[7]

Article 29 Working Party. Guidelines on data protection impact assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679. http://ec.europa.eu/newsroom/document.cfm?doc_id=44137; 2017a.

[8]

Article 29 Working Party. Opinion 1/2010 on the concepts of “controller’ and “processor”. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp169_en.pdf; 2017.

[9]

Article 29 Working Party. Opinion 5/2009 on online social networking. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2009/wp163_en.pdf; 2017b.

[10]

F. Beato, I. Ion, S. Capkun, B. Preneel, M. Langheinrich, For some eyes only: protecting online information sharing, Proceedings of the third ACM conference on data and application security and privacy, CODASPY’13, San Antonio, TX, USA, 2013, pp. 1–12.

[11]

F. Beato, M. Kohlweiss, K. Wouters, Scramble! Your Social Network Data, Proceedings of the 11th international symposium privacy enhancing technologies, PETS 2011, Waterloo, ON, Canada, 2011, pp. 211–225.

[12]

G. Biczók, P.H. Chia, Interdependent privacy: let me share your data, Proceedings of the 7th international conference financial cryptography and data security, FC 2013, Okinawa, Japan, Revised Selected Papers, 2013, pp. 338–353.

[13]

C. Bier, K. Kühne, J. Beyerer, PrivacyInsight: the next generation privacy dashboard, Proceedings of the Privacy Technologies and Policy - 4th Annual Privacy Forum, APF 2016, Frankfurt/Main, Germany, 2016, pp. 135–152.

[14]

Bloemendaal E., Øveråsen I.M.H. Interdependent privacy on Facebook, NTNU Technical Report, 2013. https://www.dropbox.com/s/ci9ur2231ykle6i. 2013.

[15]

D. Boyd, N.B. Ellison, Social network sites: definition, history, and scholarship, J Comput-Mediated Commun 13 (1) (2007) 210–230.

[16]

D. Boyd, E. Hargittai, Facebook privacy settings: who cares?, First Monday 15 (8) (2010).

[17]

J. Buchmann, R. Capurro, M. Löw, G. Müller, A. Pretschner, A. Roßnagel, M. Waidner, K.I. Eiermann, M. Eldred, F. Kelbert, et al., Internet privacy: options for adequate realisation, Springer Science & Business Media, 2014.

[18]

J. Buchmann, M. Nebel, A. Rossnagel, F. Shirazi, H. Simo, M. Waidner, Personal information dashboard: putting the individual back in control, Digital enlightenment yearbook 2013: the value of personal data, IOS Press, 2013, pp. 139–164.

[19]

P.H. Chia, Y. Yamamoto, N. Asokan, Is this app safe?: a large scale study on application permissions and risk signals, Proceedings of the 21st world wide web conference 2012, WWW 2012, Lyon, France, 2012, pp. 311–320.

[20]

M. Conti, A. Hasani, B. Crispo, Virtual private social networks, Proceedings of the first ACM conference on data and application security and privacy, CODASPY 2011, San Antonio, TX, USA, 2011, pp. 39–50.

[21]

D. Cooper, J.H. Kagel, Other regarding preferences: a selective survey of experimental results, Handbook of experimental economics, 2, 2009.

[22]

Court of Justice of the European Union. Case C-101/01, Bodil Lindqvist, OJ 2004 C7/3, ECLI:EU:C:2003:596. http://curia.europa.eu/juris/liste.jsf?num=C-101/01. 2017.

[23]

R. Cramer, I. Damgård, J.B. Nielsen, Secure multiparty computation and secret sharing, Cambridge University Press, 2015.

Digital Library

[24]

E.D. Cristofaro, C. Soriente, G. Tsudik, A. Williams, Hummingbird: privacy at the time of Twitter, Proceedings of the IEEE symposium on security and privacy, SP 2012, 21–23 May 2012, San Francisco, California, USA, 2012, pp. 285–299.

[25]

L.A. Cutillo, R. Molva, M. Önen, Safebook: a distributed privacy preserving online social network, Proceedings of the 12th IEEE international symposium on a world of wireless, mobile and multimedia networks, WOWMOM 2011, Lucca, Italy, 20–24, 2011, pp. 1–3.

[26]

B. Debatin, J.P. Lovejoy, A. Horn, B.N. Hughes, Facebook and online privacy: attitudes, behaviors, and unintended consequences, J Comput-Mediated Commun 15 (1) (2009) 83–108,.

[27]

Directive 95/46/EC. Of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046. 2017.

[28]

W. Enck, P. Gilbert, B. Chun, L.P. Cox, J. Jung, P.D. McDaniel, A. Sheth, TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones, Commun ACM 57 (3) (2014) 99–106,.

Digital Library

[29]

P. Erdos, A. Rényi, On the evolution of random graphs, Publication of the Mathematical Institute of the Hungarian Academy of Science 5 (1960) 17–60.

[30]

Facebook. Add Facebook Login to Your App or Website. https://developers.facebook.com/docs/facebook-login/; 2017a.

[31]

Facebook. Candy crush saga. https://www.facebook.com/games/candycrush; 2017b.

[32]

Facebook. Criminal case. https://www.facebook.com/CriminalCaseGame/; 2017c.

[33]

Facebook. Facebook privacy settings and 3rd parties. https://developers.facebook.com/docs/graph-api/reference/v2.10/user; 2017d.

[34]

Federal Trade Commission. Android Flashlight App Developer Settles FTC Charges It Deceived Consumers. https://www.ftc.gov/news-events/press-releases/2013/12/android-flashlight-app-developer-settles-ftc-charges-it-deceived; 2017a.

[35]

Federal Trade Commission. Facebook, Inc.http://www.ftc.gov/enforcement/cases-proceedings/092-3184/facebook-inc; 2017b.

[36]

Federal Trade Commission. FTC and Facebook agreement for 3rd parties wrt privacy settings. http://www.ftc.gov/sites/default/files/documents/cases/2011/11/111129facebookagree.pdf; 2017c.

[37]

E. Ferrara, G. Fiumara, Topological features of online social networks, CoRR (2012).

[38]

S. Few, Information dashboard design - the effective visual communication of data, O’Reilly, 2006.

[39]

Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G., Eds. Privacy and identity management for life - 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/ PrimeLife International Summer School, Helsingborg, Sweden, August 2–6, 2010, Revised Selected Papers (2011), vol. 352 of IFIP advances in information and communication technology, Springer.

[40]

M. Frank, B. Dong, A.P. Felt, D. Song, Mining permission request patterns from Android and Facebook applications, Proceedings of the 12th IEEE international conference on data mining, ICDM 2012, Brussels, Belgium, 2012, pp. 870–875.

[41]

J. Golbeck, M.L. Mauriello, User perception of Facebook app data access: a comparison of methods and privacy concerns, Future Internet 8 (2) (2016) 9,.

[42]

S. Guha, Tang K., P. Francis, NOYB: privacy in online social networks, Proceedings of the first workshop on online social networks, WOSN 2008, Seattle, WA, USA, 2008, pp. 49–54.

[43]

D.L. Hall, J. Llinas, An introduction to multisensor data fusion, Proc. IEEE 85 (1) (1997) 6–23,.

[44]

E. Hamilton, M. Kriens, H. Karapandžic, K. Yaici, M. Main, S. Schniffer, Report on trust and reputation models, ENISA Report, 2011.

[45]

M. Hansen, Marrying transparency tools with user-controlled identity management, Proceedings of the third the future of identity in the information society 9.2, 9.6/ 11.6, 11.7/ FIDIS International Summer School on The Future of Identity in the Information Society, Karlstad University, IFIP WG, Sweden, 2007, pp. 199–220.

[46]

H. Harkous, K. Aberer, “If you can’t beat them, join them”: a usability approach to interdependent privacy in cloud apps, CoRR (2017).

[47]

H. Hedbom, A survey on transparency tools for enhancing privacy, Proceedings of the future of identity in the information society - 4th IFIP WG 9.2, 9.6/11.6, 11.7/FIDIS International Summer School, Brno, Czech Republic, Revised Selected Papers, 2008, pp. 67–82.

[48]

N. Helberger, J. Van Hoboken, Little brother is tagging you legal and policy implications of amateur data controllers, Computer law review international (CRi), 4/2010, 11(4), pp. 101–109, 2010.

[49]

L. Holtz, H. Zwingelberg, M. Hansen, Privacy Policy Icons, Privacy and identity management for life, 2011, pp. 279–285.

[50]

Hu H., G. Ahn, J. Jorgensen, Multiparty access control for online social networks: model and mechanisms, IEEE Trans Knowl Data Eng 25 (7) (2013) 1614–1627,.

Digital Library

[51]

M. Huber, M. Mulazzani, S. Schrittwieser, E.R. Weippl, Appinspect: large-scale evaluation of social networking apps, Proceedings of the conference on online social networks, COSN’13, Boston, MA, USA, 2013, pp. 143–154.

[52]

I. E. T. F. (IETF). The OAuth 2.0 authorization framework. https://www.rfc-editor.org/rfc/pdfrfc/rfc6749.txt.pdf. 2017.

[53]

ISO 9241-11:1998, Ergonomic requirements for office work with visual display terminals (VDTs) Part 11: guidance on usability., Technical report, International Organization for Standardization, Geneva, Switzerland, 2000.

[54]

S. Jahid, P. Mittal, N. Borisov, EASiER: encryption-based access control in social networks with efficient revocation, Proceedings of the 6th ACM symposium on information, computer and communications security, ASIACCS 2011, Hong Kong, China, 2011, pp. 411–415.

[55]

S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, A. Kapadia, DECENT: a decentralized architecture for enforcing privacy in online social networks, Proceedings of the Workshop tenth annual IEEE international conference on pervasive computing and communications, PerCom 2012, March 19–23, 2012, Lugano, Switzerland, 2012, pp. 326–332.

[56]

M. Janic, J.P. Wijbenga, T. Veugen, Transparency enhancing tools (TETs): an overview, Proceedings of the third workshop on socio-technical aspects in security and trust, STAST 2013, New Orleans, LA, USA, 2013, pp. 18–25.

[57]

D. Jobber, Principles and practice of marketing, Principles and practice of marketing, McGraw-Hill, 2010.

[58]

S. Kokolakis, Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon, Comput Secur 64 (2017) 122–134,.

Digital Library

[59]

B. Krishnamurthy, I know what you will do next summer, Comput Commun Rev 40 (5) (2010) 65–70,.

Digital Library

[60]

Liu K., E. Terzi, A framework for computing the privacy scores of users in online social networks, TKDD 5 (1) (2010).

[61]

Liu Y., P.K. Gummadi, B. Krishnamurthy, A. Mislove, Analyzing Facebook privacy settings: user expectations vs. reality, Proceedings of the 11th ACM SIGCOMM internet measurement conference, IMC ’11, Berlin, Germany, 2011, pp. 61–70.

[62]

M.M. Lucas, N. Borisov, FlyByNight: mitigating the privacy risks of social networking, Proceedings of the 2008 ACM workshop on privacy in the electronic society, WPES 2008, Alexandria, VA, USA, 2008, pp. 1–8.

[63]

Luo W., Q. Xie, U. Hengartner, FaceCloak: an architecture for user privacy on social networking sites, Proceedings of the 12th IEEE international conference on computational science and engineering, CSE 2009, Vancouver, BC, Canada, 2009, pp. 26–33.

[64]

M. Madejski, M.L. Johnson, S.M. Bellovin, A study of privacy settings errors in an online social network, Proceedings of the tenth annual IEEE international conference on pervasive computing and communications, workshops PerCom 2012, Lugano, Switzerland, 2012, pp. 340–345.

[65]

MailOnline. TripAdvisor links to Facebook to show reviews from your friends... and their friends too. http://www.dailymail.co.uk/travel/article-2128713/TripAdvisor-links-Facebook-reviews-friends.html. Accessed Nov, 2017.

[66]

M.S. Matell, J. Jacoby, Is there an optimal number of alternatives for likert scale items? study i: reliability and validity, Educ Psychol Meas 31 (3) (1971) 657–674,.

[67]

E.M. Maximilien, T. Grandison, Liu K., Sun T., D. Richardson, S. Guo, Enabling privacy as a fundamental construct for social networks, Proceedings of the 12th IEEE international conference on computational science and engineering, CSE 2009, Vancouver, BC, Canada, 2009, pp. 1015–1020.

[68]

McDonnel N., Troncoso C., Tsormpatzoudi P., Coudert F., Métayer L. Deliverable 5.1: state-of-play: current practices and solutions. FP7 PRIPARE Project. http://pripareproject.eu/research/#wp5-gaps-and-recommendations. 2017.

[69]

T. Minkus, N. Memon, On a scale from 1 to 10, how private are you? scoring facebook privacy settings, Proceedings of the workshop on usable security (USEC 2014). Internet Society, 2014.

[70]

A. Mislove, M. Marcon, P.K. Gummadi, P. Druschel, B. Bhattacharjee, Measurement and analysis of online social networks, Proceedings of the 7th ACM SIGCOMM internet measurement conference, IMC 2007, San Diego, California, USA, 2007, pp. 29–42.

[71]

R.K. Nepali, Y. Wang, SONET: A SOcial NETwork model for privacy monitoring and ranking, Proceedings of the 33rd international conference on distributed computing systems workshops (ICDCS 2013 Workshops), Philadelphia, PA, USA, 2013, pp. 162–166.

[72]

T.H. Ngoc, I. Echizen, K. Kamiyama, H. Yoshiura, New approach to quantification of privacy on social network sites, Proceedings of the 24th IEEE International Conference on advanced information networking and applications, AINA 2010, Perth, Australia, 2010, pp. 556–564.

[73]

O. O’Neill, Some limits of informed consent, J Med Eth 29 (1) (2003) 4–7,.

[74]

Pang J., Zhang Y., A new access control scheme for Facebook-style social networks, Comput Secur 54 (2015) 44–59,.

Digital Library

[75]

T. Paul, M. Stopczynski, D. Puscher, M. Volkamer, T. Strufe, C4PS - helping Facebookers manage their privacy settings, Proceedings of the Social Informatics - 4th International Conference, SocInfo 2012, Lausanne, Switzerland, 2012, pp. 188–201.

[76]

Pu Y., J. Grossklags, An economic model and simulation results of App adoption decisions on networks with interdependent privacy consequences, Proceedings of the 5th international conference decision and game theory for security, GameSec 2014, Los Angeles, CA, USA, 2014, pp. 246–265.

[77]

Pu Y., J. Grossklags, Using conjoint analysis to investigate the value of interdependent privacy in social app adoption scenarios, Proceedings of the international conference on information systems - exploring the information frontier, ICIS 2015, Fort Worth, Texas, USA, 2015.

[78]

Pu Y., J. Grossklags, Towards a model on the factors influencing social app users’ valuation of interdependent privacy, PoPETs 2016 (2) (2016) 61–81.

[79]

Pu Y., J. Grossklags, Valuating friends’ privacy: does anonymity of sharing personal data matter?, Proceedings of the thirteenth symposium on usable privacy and security, SOUPS 2017, Santa Clara, CA, USA, 2017, pp. 339–355.

[80]

Rovio. Angry birds. https://www.facebook.com/angrybirds/. Accessed Sep, 2017.

[81]

Recital 39. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L119, 4.5.2016. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679. Accessed Aug, 2017.

[82]

Recital 78. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L119, 4.5.2016. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679. Accessed Aug, 2017.

[83]

Regulation (EU) 2016/679. of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L119, 4.5.2016. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679. Accessed Aug, 2017.

[84]

S. Sackmann, J. Strüker, R. Accorsi, Personalization in privacy-aware highly dynamic systems, Commun ACM 49 (9) (2006) 32–38,.

[85]

D. Sánchez, A. Viejo, Privacy risk assessment of textual publications in social networks, ICAART 2015 - Proceedings of the international conference on agents and artificial intelligence, Volume 1, Lisbon, Portugal, 2015, pp. 236–241.

[86]

Selenium HQ. Browser automation. http://docs.seleniumhq.org/. Accessed Aug, 2017.

[87]

Statista. Number of daily active Facebook users worldwide as of 2nd quarter 2017 (in millions). https://www.statista.com/statistics/346167/facebook-global-dau/. Accessed Aug, 2017.

[88]

A. Sundararajan, Local network effects and complex network structure, BE J Theor Econ 7 (1) (2007).

[89]

L. Sweeney, Simple demographics often identify people uniquely, Health (San Francisco) 671 (2000) 1–34.

[90]

I. Symeonidis, F. Shirazi, G. Biczók, C. Pérez-Solà, B. Preneel, Collateral damage of Facebook apps: friends, providers, and privacy interdependence, Proceedings of the 31st IFIP TC 11 International Conference ICT Systems Security and Privacy Protection,SEC 2016, Ghent, Belgium, 2016, pp. 194–208.

[91]

I. Symeonidis, P. Tsormpatzoudi, B. Preneel, Collateral damage of online social network applications, Proceedings of the 2nd international conference on information systems security and privacy, ICISSP 2016, Rome, Italy, 2016, pp. 536–541.

[92]

N. Talukder, M. Ouzzani, A.K. Elmagarmid, H. Elmeleegy, M. Yakout, Privometer: Privacy protection in social networks, Workshops Proceedings of the 26th international conference on data engineering, ICDE, Long Beach, California, USA, 2010, pp. 266–269.

[93]

K. Thomas, C. Grier, D.M. Nicol, unFriendly: multi-party privacy risks in social networks, Proceedings of the 10th international symposium, privacy enhancing technologies, PETS 2010, Berlin, Germany, 2010, pp. 236–252.

[94]

TripAdvisor. Tripadvisor. https://www.facebook.com/games/tripadvisor. Accessed Jan, 2016.

[95]

J. Ugander, B. Karrer, L. Backstrom, C. Marlow, The anatomy of the Facebook social graph, CoRR (2011).

Digital Library

[96]

A. Viejo, D. Sánchez, Enforcing transparent access to private content in social networks by means of automatic sanitization, Expert Syst Appl 62 (2016) 148–160,.

Digital Library

[97]

L. Vu, K. Aberer, S. Buchegger, A. Datta, Enabling secure secret sharing in distributed online social networks, Proceedings of the twenty-fifth annual computer security applications conference, ACSAC 2009, Honolulu, Hawaii, 2009, pp. 419–428.

[98]

Wang N., J. Grossklags, Xu H., An online experiment of privacy authorization dialogues for social applications, Proceedings of the computer supported cooperative work, CSCW 2013, San Antonio, TX, USA, 2013, pp. 261–272.

[99]

Wang N., Xu H., J. Grossklags, Third-party apps on Facebook: privacy and the illusion of control, Proceedings of the 5th ACM symposium on computer human interaction for management of information technology, ACM, 2011, p. 4.

[100]

Wang T., M. Srivatsa, Liu L., Fine-grained access control of personal data, Proceedings of the 17th ACM symposium on access control models and technologies, SACMAT ’12, Newark, NJ, USA, 2012, pp. 145–156.

[101]

Wang Y., P.G. Leon, K. Scott, Chen X., A. Acquisti, L.F. Cranor, Privacy nudges for social media: an exploratory Facebook study, Proceedings of the 22nd international world wide web conference, WWW ’13, Rio de Janeiro, Brazil, Companion Volume, 2013, pp. 763–770.

[102]

Wang Y., G. Norcie, S. Komanduri, A. Acquisti, P.G. Leon, L.F. Cranor, “I regretted the minute I pressed share”: a qualitative study of regrets on Facebook, Proceedings of the symposium On usable privacy and security, SOUPS’11, Pittsburgh, PA, USA, 2011, p. 10.

[103]

Wästlund E., Fischer-Hübner S. End user transparency tools: UI prototypes, 2010.

[104]

D.J. Watts, S.H. Strogatz, Collective dynamics of “small-world” networks, Nature 393 (6684) (1998) 409–410.

[105]

D.J. Weitzner, H. Abelson, T. Berners-Lee, C. Hanson, J.A. Hendler, L. Kagal, D.L. McGuinness, G.J. Sussman, K.K. Waterman, Transparent accountable data mining: new strategies for privacy protection, Semantic Web Meets eGovernment, Papers from the 2006 AAAI Spring Symposium, Technical Report SS-06-06, Stanford, California, USA, 2006, p. 141.

[106]

C. Wilson, B. Boe, A. Sala, K.P.N. Puttaswamy, Zhao B.Y., User interactions in social networks and their implications, Proceedings of the 2009 EuroSys Conference, Nuremberg, Germany, April 1–3, 2009, 2009, pp. 205–218.

[107]

Xu H., Wang N., J. Grossklags, Privacy by ReDesign: alleviating privacy concerns for third-party apps, Proceedings of the international conference on information systems, ICIS 2012, Orlando, Florida, USA, 2012.

Cited By

Alshehri APahk ESpielman JParker JGilbert BYue C(2023)Exploring the Negotiation Behaviors of Owners and Bystanders over Data Practices of Smart Home DevicesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581360(1-27)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581360
Tahaei MAbu-Salma RRashid A(2023)Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy RamificationsProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581060(1-24)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581060
Zhang PLiu BDing XLu TGu HGu N(2021)Studying and Understanding Characteristics of Post-Syncing Practice and Goal in Social Network SitesACM Transactions on the Web10.1145/345798615:4(1-26)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1145/3457986

Index Terms

Collateral damage of Facebook third-party applications: a comprehensive study

Index terms have been assigned to the content through auto-classification.

Recommendations

Network level footprints of facebook applications
IMC '09: Proceedings of the 9th ACM SIGCOMM conference on Internet measurement

With over half a billion users, Online Social Networks (OSNs) are the major new applications on the Internet. Little information is available on the network impact of OSNs, although there is every expectation that the volume and diversity of traffic due ...
Third-party apps on Facebook: privacy and the illusion of control
CHIMIT '11: Proceedings of the 5th ACM Symposium on Computer Human Interaction for Management of Information Technology

Little research examines the privacy threats associated with the use of third-party apps on Facebook. To address this gap in the literature, we systematically study third-party apps' current practices for privacy notice and consent by: i) collecting ...
Poking facebook: characterization of osn applications
WOSN '08: Proceedings of the first workshop on Online social networks

Facebook is one of the most popular Internet sites today. A key feature that arguably contributed to Facebook's unprecedented success is its application platform, which enables the development of third-party social-networking applications. Understanding ...

Comments

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 77, Issue C

Aug 2018

887 pages

ISSN:0167-4048

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 August 2018

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Alshehri APahk ESpielman JParker JGilbert BYue C(2023)Exploring the Negotiation Behaviors of Owners and Bystanders over Data Practices of Smart Home DevicesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581360(1-27)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581360
Tahaei MAbu-Salma RRashid A(2023)Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy RamificationsProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581060(1-24)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581060
Zhang PLiu BDing XLu TGu HGu N(2021)Studying and Understanding Characteristics of Post-Syncing Practice and Goal in Social Network SitesACM Transactions on the Web10.1145/345798615:4(1-26)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1145/3457986

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents