부산대학교 도서관

Mobile applications (hereafter, apps) collect a plethora of information regarding the user behavior and his device through third-party analytics libraries. However, the collection and usage of such data raised several privacy concerns, mainly because the end-user - i.e., the actual owner of the data - is out of the loop in this collection process. Also, the existing privacy-enhanced solutions that emerged in the last years follow an ”all or nothing” approach, leaving the user the sole option to accept or completely deny access to privacy-related data. This work has the two-fold objective of assessing the privacy impact of mobile analytics libraries and proposing a data anonymization methodology that offers a trade-off between the utility and privacy of the collected data and enables complete control over the sharing process. To achieve that, we present an empirical privacy assessment on the analytics libraries used in the 4500 most-used Android apps of the Google Play Store in late 2020. Then, we propose an empowered anonymization methodology, based on MobHide (Caputo et al. , 2020), that gives the end-user complete control over the collection and anonymization process. Finally, we empirically demonstrate the applicability and effectiveness of our solution thanks to HideDroid, a fully-fledged anonymization app for the Android ecosystem.