Hutton Luke, Price Blaine A, Kelly Ryan, McCormick Ciaran, Bandara Arosha K, Hatzakis Tally, Meadows Maureen, Nuseibeh Bashar
Software Engineering and Design Group, School of Computing and Communications, The Open University, Milton Keynes, United Kingdom.
Microsoft Research Centre for Social Natural User Interfaces, University of Melbourne, Melbourne, Australia.
JMIR Mhealth Uhealth. 2018 Oct 22;6(10):e185. doi: 10.2196/mhealth.9217.
The recent proliferation of self-tracking technologies has allowed individuals to generate significant quantities of data about their lifestyle. These data can be used to support health interventions and monitor outcomes. However, these data are often stored and processed by vendors who have commercial motivations, and thus, they may not be treated with the sensitivity with which other medical data are treated. As sensors and apps that enable self-tracking continue to become more sophisticated, the privacy implications become more severe in turn. However, methods for systematically identifying privacy issues in such apps are currently lacking.
The objective of our study was to understand how current mass-market apps perform with respect to privacy. We did this by introducing a set of heuristics for evaluating privacy characteristics of self-tracking services.
Using our heuristics, we conducted an analysis of 64 popular self-tracking services to determine the extent to which the services satisfy various dimensions of privacy. We then used descriptive statistics and statistical models to explore whether any particular categories of an app perform better than others in terms of privacy.
We found that the majority of services examined failed to provide users with full access to their own data, did not acquire sufficient consent for the use of the data, or inadequately extended controls over disclosures to third parties. Furthermore, the type of app, in terms of the category of data collected, was not a useful predictor of its privacy. However, we found that apps that collected health-related data (eg, exercise and weight) performed worse for privacy than those designed for other types of self-tracking.
Our study draws attention to the poor performance of current self-tracking technologies in terms of privacy, motivating the need for standards that can ensure that future self-tracking apps are stronger with respect to upholding users' privacy. Our heuristic evaluation method supports the retrospective evaluation of privacy in self-tracking apps and can be used as a prescriptive framework to achieve privacy-by-design in future apps.
近期自我追踪技术的迅速发展使个人能够生成大量关于其生活方式的数据。这些数据可用于支持健康干预措施并监测结果。然而,这些数据通常由具有商业动机的供应商存储和处理,因此,它们可能不会像其他医疗数据那样得到敏感对待。随着实现自我追踪的传感器和应用程序不断变得更加复杂,隐私问题也相应变得更加严重。然而,目前缺乏系统识别此类应用程序中隐私问题的方法。
我们研究的目的是了解当前大众市场应用程序在隐私方面的表现。我们通过引入一套用于评估自我追踪服务隐私特征的启发式方法来实现这一目标。
我们运用启发式方法,对64种流行的自我追踪服务进行了分析,以确定这些服务在多大程度上满足隐私的各个维度。然后,我们使用描述性统计和统计模型来探究应用程序的任何特定类别在隐私方面是否比其他类别表现更好。
我们发现,所检查的大多数服务未能向用户提供对其自身数据的完全访问权限,未就数据使用获得充分同意,或对向第三方披露的控制不足。此外,就收集的数据类别而言,应用程序的类型并非其隐私的有效预测指标。然而,我们发现收集与健康相关数据(如运动和体重)的应用程序在隐私方面的表现比为其他类型自我追踪设计的应用程序更差。
我们的研究提请人们注意当前自我追踪技术在隐私方面的糟糕表现,这促使需要制定标准,以确保未来的自我追踪应用程序在维护用户隐私方面更加强有力。我们的启发式评估方法支持对自我追踪应用程序中的隐私进行回顾性评估,并可作为一个规范性框架,以便在未来的应用程序中实现隐私设计。
Zotero 插件
