The AppChk Crowd-Sourcing Platform: Which third parties are iOS apps talking to?
This addresses privacy concerns for iOS app users by providing a tool to uncover tracking practices, though it is incremental as it builds on existing monitoring methods.
The paper presents a crowd-sourcing platform for monitoring iOS app network traffic, enabling detection of new trackers and trends in app behavior, such as identifying seven new trackers not in current lists and showing a slight decrease in tracking but increase in contacted domains after iOS 14.
In this paper we present a platform which is usable by novice users without domain knowledge of experts. The platform consisting of an iOS app to monitor network traffic and a website to evaluate the results. Monitoring takes place on-device; no external server is required. Users can record and share network activity, compare evaluation results, and create rankings on apps and app-groups. The results are used to detect new trackers, point out misconduct in privacy practices, or automate comparisons on app-attributes like price, region, and category. To demonstrate potential use cases, we compare 75 apps before and after the iOS 14 release and show that we can detect trends in app-specific behavior change over time, for example, by privacy changes in the OS. Our results indicate a slight decrease in tracking but also an increase in contacted domains. We identify seven new trackers which are not present in current tracking lists such as EasyList. The games category is particularly prone to tracking (53% of the traffic) and contacts on average 36.2 domains with 59.3 requests per minute.