IDPFilter: Mitigating Interdependent Privacy Issues in Third-Party Apps
Shuaishuai Liu, Gergely Biczók
TL;DR
This work investigates interdependent privacy (IDP) in third-party apps by analyzing cross-platform permission structures, collecting large-scale app datasets, and assessing whether real apps request IDP/PIDP permissions. It introduces IDPFilter, a platform-agnostic API that filters data to minimize collateral information about others when users share data, and demonstrates a proof-of-concept text-filtering implementation (IDPTextFilter) that supports fine-grained, user-configurable filtering. The study shows IDP permissions are pervasive across Android, browser extensions, Google Workspace, and Zoom Marketplace, and that the category of an app correlates with the extent of IDP exposure. While not a complete redesign of permission systems, IDPFilter provides a practical, incremental, and usable mitigation aligned with Privacy-by-Design principles, offering transparency, configurability, and voluntary adoption to curb interdependent privacy risks in current ecosystems.
Abstract
Third-party applications have become an essential part of today's online ecosystem, enhancing the functionality of popular platforms. However, the intensive data exchange underlying their proliferation has increased concerns about interdependent privacy (IDP). This paper provides a comprehensive investigation into the previously underinvestigated IDP issues of third-party apps. Specifically, first, we analyze the permission structure of multiple app platforms, identifying permissions that have the potential to cause interdependent privacy issues by enabling a user to share someone else's personal data with an app. Second, we collect datasets and characterize the extent to which existing apps request these permissions, revealing the relationship between characteristics such as the respective app platform, the app's type, and the number of interdependent privacy-related permissions it requests. Third, we analyze the various reasons IDP is neglected by both data protection regulations and app platforms and then devise principles that should be followed when designing a mitigation solution. Finally, based on these principles and satisfying clearly defined objectives, we propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection by filtering out data collected from their users but implicating others as data subjects. We implement a proof-of-concept prototype, IDPTextFilter, that implements the filtering logic on textual data, and provide its initial performance evaluation with regard to privacy, accuracy, and efficiency.