%0 Conference Proceedings
%T Role of Apps in Undoing of Privacy Policies on Facebook
%+ Information Security R&D Center
%A Patil, Vishwas, T.
%A Jatain, Nivia
%A Shyamasundar, R., K.
%Z Part 2: Access Control Policies
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec)
%C Bergamo, Italy
%Y Florian Kerschbaum
%Y Stefano Paraboschi
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXII
%V LNCS-10980
%P 85-98
%8 2018-07-16
%D 2018
%R 10.1007/978-3-319-95729-6_6
%K Social network
%K Privacy
%K Linkability
%Z Computer Science [cs]Conference papers
%X Facebook allows its users to specify privacy settings for the information they share with other users and Apps. Apps seek a set of permissions from the user at the time of installation. There is no check that is performed to evaluate any possible adverse implications of App’s permissions on the in-force privacy settings of an user. In this paper, we have investigated Facebook’s platform for access to users’ data by Apps and Advertisers. By signing up with Facebook, users implicitly trust the platform, which they believe can be held accountable in case of a breach. However, similar expectation of accountability from Apps is hard to imagine and difficult to ensure. At times, Apps have as much access to user data as Facebook and such a common access to user data undermines provenance of data leakage. Recently, though Facebook has reduced the extent of data access for Apps by deprecating certain APIs, a systematic design approach is missing for platform-wide access policy specification and conformance. We have presented several scenarios where App permissions are violating user privacy policies. Our findings have been presented with the help of experiments using Facebook Developer Platform.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01954411/document
%2 https://inria.hal.science/hal-01954411/file/470961_1_En_6_Chapter.pdf
%L hal-01954411
%U https://inria.hal.science/hal-01954411
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-10980