Leave my apps alone! A study on how Android developers access installed apps on user's device

Gian Luca Scoccia, Ibrahim Kanj, Ivano Malavolta, Kaveh Razavi

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

50 Downloads (Pure)

Abstract

To enable app interoperability, the Android platform exposes installed application methods (IAMs), i.e., APIs that allow developers to query for the list of apps installed on a user's device. It is known that information collected through IAMs can be used to precisely deduce end-users interests and personal traits, thus raising privacy concerns. In this paper, we present a large-scale empirical study investigating the presence of IAMs in Android apps and their usage by Android developers. Our results highlight that: (i) IAMs are widely used in commercial applications while their popularity is limited in open-source ones; (ii) IAM calls are mostly performed in included libraries code; (iii) more than one-third of libraries that employ IAMs are advertisement libraries; (iv) a small number of popular advertisement libraries account for over 33% of all usages of IAMs by bundled libraries; (v) developers are not always aware that their apps include IAMs calls. Based on the collected data, we confirm the need to (i) revise the way IAMs are currently managed by the Android platform, introducing either an ad-hoc permission or an opt-out mechanism and (ii) improve both developers and end-users awareness with respect to the privacy-related concerns raised by IAMs.

Original languageEnglish
Title of host publicationMOBILESoft '20
Subtitle of host publicationProceedings of the IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems
PublisherAssociation for Computing Machinery, Inc
Pages38-49
Number of pages12
ISBN (Electronic)9781450379595
DOIs
Publication statusPublished - Jul 2020
Event7th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2020 - Virtual, Online, Korea, Republic of
Duration: 13 Jul 2020 → …

Conference

Conference7th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2020
Country/TerritoryKorea, Republic of
CityVirtual, Online
Period13/07/20 → …

Keywords

  • Android
  • apps
  • privacy

Fingerprint

Dive into the research topics of 'Leave my apps alone! A study on how Android developers access installed apps on user's device'. Together they form a unique fingerprint.

Cite this