Vertaisarvioitu artikkeli konferenssijulkaisussa (A4)

Where does your data go? Comparing network traffic and privacy policies of public sector mobile applications

Julkaisun tekijät: Carlsson Robin, Heino Timi, Koivunen Lauri, Rauti Sampsa, Leppänen Ville

Konferenssin vakiintunut nimi: World Conference on Information Systems and Technologies

Paikka: Cham

Julkaisuvuosi: 2022

Journal: Lecture notes in networks and systems

Kirjan nimi *: Information Systems and Technologies: WorldCIST 2022, Volume 1

Sarjan nimi: Lecture Notes in Networks and Systems

Volyymi: 468

ISBN: 978-3-031-04825-8

eISBN: 978-3-031-04826-5

ISSN: 2367-3370

eISSN: 2367-3389




As services increasingly move online and mobile devices become ubiquitous, mobile applications are widely used by ordinary people with little technical knowledge. Consequently, user privacy has become an essential matter to consider when developing mobile applications. In this paper, we study the privacy of 32 mobile applications provided by Finnish public sector bodies. First, we investigate with network traffic analysis what kind of personal data these application send out to third party analytics services. We then analyze the privacy policy documents of these applications and assess their clarity and transparency. Our findings show that there are several inconsistencies between the actual traffic of the studied applications and what is said about processing personal data in privacy policies. This underlines the need for software developers and organizations to be better aware of privacy regulations and data their applications send out. There is also lots of work to be done in making the privacy policies less vague and more informative, for example when it comes to explaining what technical data items are sent to third parties and how this can potentially affect the user privacy.

Last updated on 2022-30-05 at 07:43