Skip to Main content Skip to Navigation
Conference papers

Role of Apps in Undoing of Privacy Policies on Facebook

Vishwas T. Patil 1 Nivia Jatain 1 R. K. Shyamasundar 1 
1 Information Security R&D Center
Department of Computer Science and Engineering [Bombay]
Abstract : Facebook allows its users to specify privacy settings for the information they share with other users and Apps. Apps seek a set of permissions from the user at the time of installation. There is no check that is performed to evaluate any possible adverse implications of App’s permissions on the in-force privacy settings of an user. In this paper, we have investigated Facebook’s platform for access to users’ data by Apps and Advertisers. By signing up with Facebook, users implicitly trust the platform, which they believe can be held accountable in case of a breach. However, similar expectation of accountability from Apps is hard to imagine and difficult to ensure. At times, Apps have as much access to user data as Facebook and such a common access to user data undermines provenance of data leakage. Recently, though Facebook has reduced the extent of data access for Apps by deprecating certain APIs, a systematic design approach is missing for platform-wide access policy specification and conformance. We have presented several scenarios where App permissions are violating user privacy policies. Our findings have been presented with the help of experiments using Facebook Developer Platform.
Document type :
Conference papers
Complete list of metadata

Cited literature [27 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, December 13, 2018 - 4:03:43 PM
Last modification on : Thursday, February 7, 2019 - 3:37:43 PM
Long-term archiving on: : Thursday, March 14, 2019 - 4:57:45 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Vishwas T. Patil, Nivia Jatain, R. K. Shyamasundar. Role of Apps in Undoing of Privacy Policies on Facebook. 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2018, Bergamo, Italy. pp.85-98, ⟨10.1007/978-3-319-95729-6_6⟩. ⟨hal-01954411⟩



Record views


Files downloads