Over the past several years, our research team has developed infrastructure that gives us an unprecedented view into the privacy behaviors of Android apps. AppCensus is our dynamic analysis testbed that combines bespoke instrumentation within the operating system itself with sophisticated network analysis tools, which allows us to detect exactly when applications attempt to access sensitive user data and then monitor with whom it is shared. As a case study last year, we used this infrastructure to examine children’s apps’ compliance with the Children’s Online Privacy Protection Act (COPPA) and found that a majority of applications in the Google Play Store appear to be violating this federal law. The publication of that research led to several enforcement actions brought by regulators, as well as several class action lawsuits against app developers and advertisers. We are now seeking an additional year of funding to perform additional research using this existing infrastructure.
Grant / August 2019