CyLab Researchers Investigate Apple's Privacy Labels
CyLab researchers will present two papers at the upcoming ACM CHI Conference on Human Factors in Computing Systems that examine Apple's privacy nutrition labels.
Named after the black and white nutrition labels found on packaged food, privacy nutrition labels are intended to help consumers better understand how apps, connected devices and other technology handle data and private information. CyLab has studied privacy nutrition labels for more than a decade, so when Apple introduced labels in their app store a little over a year ago, researchers were eager to investigate them.
"Naturally we had a lot of questions," said CyLab director Lorrie Cranor, a professor in the Institute for Software Research and the Engineering and Public Policy Department, as well as the principal investigator of early privacy label research at Carnegie Mellon University. "Are the labels conveying accurate information? How easy is it for app developers to make the labels?"
In one paper, "Understanding iOS Privacy Nutrition Labels: An Exploratory Large-Scale Analysis of App Store Data," CyLab researchers present comprehensive measurements of Apple privacy nutrition labels to learn about the rate of compliance in creating the labels and how accurate existing labels are.
"No one has conducted a large-scale analysis of Apple privacy labels like this before," said Yucheng Li, a student in the Heinz College's Master of Information Systems Management program and the lead author on the study.
A second paper being presented at the conference, "Understanding Challenges for Developers To Create Accurate Privacy Nutrition Labels," identified some key challenges developers face when creating privacy labels — which may explain some of the findings of Li's paper.
"If the labels are not accurate, they will probably do more harm than good to users," says Tianshi Li, a Ph.D. student in the Human-Computer Interaction Institute and lead author of the study, which earned an Honorable Mention from the conference organizers. "We currently have little understanding of developers' ability to create privacy nutrition labels."
More information about the research is available on CyLab's website.
Friday, April 29, 2022
By Daniel Tkacik
Security and Privacy