Identifying and Analyzing the Privacy of Apps for Kids

One aspect of privacy that has not been well explored is privacy for children. We present the design and evaluation of a machine learning model for predicting whether a mobile app is designed for children, which is an important step in helping to enforce the Children's Online Privacy Protection Act (COPPA). We evaluated our model on 1,728 apps from Google Play and achieved 95% accuracy. We also applied our model on a set of nearly 1 million free apps from Google Play, and identified almost 68,000 apps for kids. We then conducted a privacy analysis of the usage of third-party libraries for each app, which can help us understand some of the app's privacy-related behaviors. We believe this list can serve as a good start point for further fine-grained privacy analysis on mobile apps for children.

[1]  Cynthia J. Larose,et al.  Children's Online Privacy Protection Act , 2015 .

[2]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[3]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[4]  Sonia Livingstone,et al.  Zero to eight: young children and their internet use , 2013 .

[5]  Yiming Yang,et al.  A Comparative Study on Feature Selection in Text Categorization , 1997, ICML.

[6]  Ning Chen,et al.  SimApp: A Framework for Detecting Similar Mobile Applications by Online Kernel Learning , 2015, WSDM.

[7]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[8]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[9]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[10]  Yuanyuan Zhang,et al.  App store mining and analysis: MSR for app stores , 2012, 2012 9th IEEE Working Conference on Mining Software Repositories (MSR).

[11]  Christos Faloutsos,et al.  Why people hate your app: making sense of user feedback in a mobile app store , 2013, KDD.

[12]  Ying Chen,et al.  Children's Exposure to Mobile In-App Advertising: An Analysis of Content Appropriateness , 2013, 2013 International Conference on Social Computing.

[13]  Trey Decker,et al.  Children's Online Privacy Protection Act , 2015 .

[14]  Ying Chen,et al.  Is this app safe for children?: a comparison study of maturity ratings on Android and iOS applications , 2013, WWW '13.

[15]  Suman Nath,et al.  Brahmastra: Driving Apps to Test the Security of Third-Party Components , 2014, USENIX Security Symposium.

[16]  Haoyu Wang,et al.  Using text mining to infer the purpose of permission use in mobile apps , 2015, UbiComp.

[17]  Hui Xiong,et al.  Ranking fraud detection for mobile apps: a holistic view , 2013, CIKM.

[18]  Hongxia Jin,et al.  Protecting Your Children from Inappropriate Content in Mobile Apps: An Automatic Maturity Rating Framework , 2015, CIKM.

[19]  Tao Xie,et al.  WHYPER: Towards Automating Risk Assessment of Mobile Applications , 2013, USENIX Security Symposium.

[20]  Wendy E. Mackay,et al.  Can apps play by the COPPA Rules? , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.