Risk Identification of Personally Identifiable Information from Collective Mobile App Data

Abstract

Big data analytics is being used by many market participants to utilize personal data in their business applications. Personally Identifiable Information (PII) (e.g. age, race, social security number, address, etc.) plays a vital role in providing user-centric services. Many IT companies collect, store and process PII of their customers by means of various mobile applications. This study explains how collective permission gathering through multiple Android applications by same publishers can disclose user's PII by using two new PII risk factors. To evaluate the usefulness of the proposed risk factors, our study conducted experiments with 625 dangerous permissions listed by Android such as ‘read location’, ‘read and write contacts’, ‘use camera’, ‘use microphone’ etc. from 118 applications of top 2 Korean mobile application publishing companies, Kakao and Naver, with 7 subsidiary organizations. The data flow is graphically outlined and the critical statistical evidence is identified. Through experimental data analysis, it is evident that the proposed PII risk factors hold definite advantages over other risk factors which only consider single way of data leaking. The experimental results suggest that PII like Google ID, location, phone number and social graph are at peril if collective permission gathering through multiple Android apps are not appropriately measured and controlled.