Should You Use the App for That?

When we use the Internet, more often than not, information about us is being transmitted to other parties. Sometimes this information is simple, like a tracking identifier, and sometimes it's very personal, like your name, birth date, or credentials. This information is leaked differently when you use an online service via a Web site and an app, but which is worse, app or Web?

To understand this question, we conducted the first head-to-head study of 50 popular, free online services. We conduct manual tests, extract personally identifiable information (PII) shared over plaintext and encrypted connections, and analyze the data to understand differences in user-data collection across platforms for the same service. While we find that all platforms expose users’ data, there are still opportunities to significantly limit how much information is shared with other parties by selectively using the app or Web version of a service.

Tool Use our App vs. Web tool to determine which is better based on your privacy preferences.

Anonymized Dataset

The anonymized data for IMC 2016 paper "app-vs-web" is here. The file name is organized by serviceName_deviceOS_platform_protocol.json

serviceName: a short name for the tested service, unique
deviceOS: value can be "ios" or "android"
platform: value can be "app", "chrome"/"safari"
protocol: value can be "http" or "https"

Each test consisted of interacting with a given service via an app or Web site for about four minutes. We collected network traffic generated during each experiment using Meddle, and used Mitmproxy to capture both HTTP and the plaintext content of HTTPS flows. For each service requiring a login, we created a new account using a previously unused email address.

We used two phones (a Nexus 4 and a Nexus 5) running stock Android 4.4, and one phone (iPhone 5) running iOS 9.3.1. All three phones were factory reset before our experiments, and included no apps beyond the stock services and the 50 apps evaluated in this work.

Publication

For more details, please check out the IMC paper:
  • Christophe Leung, Jingjing Ren, David Choffnes, and Christo Wilson. Should You Use the App for That? Comparing the Privacy Implications of Web- and App-based Online Services.in Proceedings of the 16th ACM Internet Measurement Conference (IMC'16), Santa Monica, CA, November 2016.[PDF]

© Copyright 2012-2024 by David Choffnes, Northeastern University.
This work is generously supported in part by a DHS S&T contract (#FA8750-17-2-0145), a Comcast Innovation Fund grant and the Data Transparency Lab.