AppCensus: Learn the Privacy Costs of Free Apps

Principal Investigator(s): 
Serge Egelman

There exists a mature ecosystem of developers and service providers that produce mobile applications, often offering them at zero up-front cost. These free apps are supported by advertising networks, who distribute software libraries that developers use for drop-in integration of ad delivery and audience tracking functionality. However, integrated advertiser code and core application code run with the same access privileges, a security and privacy risk not readily apparent to end-users and developers alike. Leveraging expertise on instrumented mobile environments and dynamic analysis, the AppCensus project sheds light on the often-invisible data access and sharing behaviors of mobile apps and their component libraries: which sensitive resources apps access, and which services collected that data. ICSI researchers seek to better inform users, developers, and regulators alike of the privacy implications of seemingly free mobile apps.

This project's searchable results for individual apps are available at https://appcensus.mobi

Funding provided by NSF, DHS, the Rose Foundation for Communities and the Environment, the Data Transparency Lab, and the UC Berkeley CLTC