Description
Using mobile apps often involves sharing personal data with the app provider and their partners (“third parties”), such as analytics or advertisement providers, included via software development kits (SDKs). However, it is not always clear whether the data is used, if so for what purpose, and how long it is retained. Although the privacy policy and consent dialog of an app should provide users with sufficient information to make an informed decision, there is a debate about whether this is truly the case.
The objective of this thesis is to identify mobile apps that collect personal data and measure the retention and distribution of the data by using honey values. To this end, the student has to identify and interact with apps that collect personal data, fill in honey data, and subsequently analyze how data is retained and shared. Ideally, with the gained insights, the student should be able to demonstrate what data is shared and how. The legal and ethical aspects of the research method must be evaluated before carrying out the experiment, and approval must be obtained. In the thesis, the student documents their approach, assesses the data sharing by apps, and provides insights into how the documented data sharing agrees with the information stated by the analyzed apps.