Skip to Main content Skip to Navigation
New interface
Conference papers

Detecting Privacy Leaks in the RATP App: how we proceeded and what we found

Jagdish Prasad Achara 1 James-Douglass Lefruit 1 Vincent Roca 1, * Claude Castelluccia 1 
* Corresponding author
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services, Inria Lyon
Abstract : We analyzed the RATP App, both Android and iOS versions, using our instrumented versions of these mobile OSs. Our analysis reveals that both versions of this App leak private data to third-party servers, which is in total contradiction to the In-App privacy policy. The iOS version of this App doesn't even respect Apple guidelines on cross-App user tracking for advertising purposes and employs various other cross- App tracking mechanisms that are not supposed to be used by Apps. Even if this work is illustrated with a single App, we describe an approach that is generic and can be used to detect privacy leaks from other Apps. In addition, our findings are representative of a trend in Advertising and Analytics (A&A) libraries that try to collect as much information as possible regarding the smartphone and its user to have a better profile of the user's interests and behaviors. In fact, in case of iOS, these libraries even generate their own persistent identifiers and share it with other Apps through covert channels to better track the user, and this happens even if the user has opted-out of device tracking for advertising purposes. Above all, this happens without the user knowledge, and sometimes even without the App developer's knowledge who might naively include these libraries during the App development. Therefore this article raises many questions concerning both the bad practices employed in the world of smartphones and the limitations of the privacy control features proposed by Android/iOS Mobile OSs.
Document type :
Conference papers
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download
Contributor : Vincent Roca Connect in order to contact the contributor
Submitted on : Monday, October 14, 2013 - 5:59:02 PM
Last modification on : Friday, August 5, 2022 - 3:50:29 AM
Long-term archiving on: : Friday, April 7, 2017 - 10:50:58 AM


Files produced by the author(s)


  • HAL Id : hal-00872967, version 1


Jagdish Prasad Achara, James-Douglass Lefruit, Vincent Roca, Claude Castelluccia. Detecting Privacy Leaks in the RATP App: how we proceeded and what we found. GREHACK 2013, Guillaume Jeanne, Nov 2013, Grenoble, France. ⟨hal-00872967⟩



Record views


Files downloads