{"id":"https://openalex.org/W4408216055","doi":"https://doi.org/10.56553/popets-2025-0056","title":"Privacy Settings of Third-Party Libraries in Android Apps: A Study of Facebook SDKs","display_name":"Privacy Settings of Third-Party Libraries in Android Apps: A Study of Facebook SDKs","publication_year":2025,"publication_date":"2025-03-07","ids":{"openalex":"https://openalex.org/W4408216055","doi":"https://doi.org/10.56553/popets-2025-0056"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2025-0056","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0056","pdf_url":"https://petsymposium.org/popets/2025/popets-2025-0056.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://petsymposium.org/popets/2025/popets-2025-0056.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100609859","display_name":"David Rodr\u00edguez","orcid":"https://orcid.org/0000-0002-0911-4608"},"institutions":[{"id":"https://openalex.org/I88060688","display_name":"Universidad Polit\u00e9cnica de Madrid","ror":"https://ror.org/03n6nwv02","country_code":"ES","type":"education","lineage":["https://openalex.org/I88060688"]}],"countries":["ES"],"is_corresponding":true,"raw_author_name":"David Rodriguez","raw_affiliation_strings":["ETSI Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETSI Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid","institution_ids":["https://openalex.org/I88060688"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028349350","display_name":"Joseph A. Calandrino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Joseph A. Calandrino","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090208333","display_name":"Jos\u00e9 M. Del \u00c1lamo","orcid":"https://orcid.org/0000-0002-6513-0303"},"institutions":[{"id":"https://openalex.org/I88060688","display_name":"Universidad Polit\u00e9cnica de Madrid","ror":"https://ror.org/03n6nwv02","country_code":"ES","type":"education","lineage":["https://openalex.org/I88060688"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Jose M. Del Alamo","raw_affiliation_strings":["ETSI Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"ETSI Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid","institution_ids":["https://openalex.org/I88060688"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081563886","display_name":"Norman Sadeh","orcid":"https://orcid.org/0000-0003-4829-5533"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Norman Sadeh","raw_affiliation_strings":["Carnegie Mellon University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University","institution_ids":["https://openalex.org/I74973139"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100609859"],"corresponding_institution_ids":["https://openalex.org/I88060688"],"apc_list":null,"apc_paid":null,"fwci":3.3413,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.89025886,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":"2025","issue":"2","first_page":"173","last_page":"187"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.994700014591217,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9751999974250793,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12799","display_name":"Mobile and Web Applications","score":0.9611999988555908,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.7365134954452515},{"id":"https://openalex.org/keywords/android","display_name":"Android (operating system)","score":0.6676487326622009},{"id":"https://openalex.org/keywords/third-party","display_name":"Third party","score":0.6410208344459534},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.5259979963302612},{"id":"https://openalex.org/keywords/mobile-apps","display_name":"Mobile apps","score":0.46702077984809875},{"id":"https://openalex.org/keywords/android-app","display_name":"Android app","score":0.44620272517204285},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3737725019454956},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.32069188356399536},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.07212218642234802}],"concepts":[{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.7365134954452515},{"id":"https://openalex.org/C557433098","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android (operating system)","level":2,"score":0.6676487326622009},{"id":"https://openalex.org/C2983583741","wikidata":"https://www.wikidata.org/wiki/Q16785388","display_name":"Third party","level":2,"score":0.6410208344459534},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.5259979963302612},{"id":"https://openalex.org/C2988145974","wikidata":"https://www.wikidata.org/wiki/Q620615","display_name":"Mobile apps","level":2,"score":0.46702077984809875},{"id":"https://openalex.org/C2988045736","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android app","level":3,"score":0.44620272517204285},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3737725019454956},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.32069188356399536},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.07212218642234802}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.56553/popets-2025-0056","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0056","pdf_url":"https://petsymposium.org/popets/2025/popets-2025-0056.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.56553/popets-2025-0056","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0056","pdf_url":"https://petsymposium.org/popets/2025/popets-2025-0056.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7915277041","display_name":null,"funder_award_id":"2021-2027","funder_id":"https://openalex.org/F4320334322","funder_display_name":"HORIZON EUROPE Framework Programme"}],"funders":[{"id":"https://openalex.org/F4320334322","display_name":"HORIZON EUROPE Framework Programme","ror":null}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4408216055.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2894765413","https://openalex.org/W2808363712","https://openalex.org/W769484497","https://openalex.org/W4321636160","https://openalex.org/W4386955307","https://openalex.org/W2506128599","https://openalex.org/W2794864670","https://openalex.org/W2597596645","https://openalex.org/W2887633424","https://openalex.org/W4312980538"],"abstract_inverted_index":{"Previous":[0],"studies":[1],"have":[2],"demonstrated":[3],"that":[4,24,71,112,154,179],"privacy":[5,110,118,138,204],"issues":[6,163,169],"in":[7,54,115,130,146,164,172],"mobile":[8],"apps":[9,83,88,148],"often":[10,135],"stem":[11,136],"from":[12,137],"the":[13,31,45,87,109,116],"integration":[14],"of":[15,144],"third-party":[16],"libraries":[17],"(TPLs).":[18],"To":[19],"shed":[20],"light":[21],"on":[22,197],"factors":[23],"contribute":[25],"to":[26,36,84,186,221,225],"these":[27,59,105,173],"issues,":[28],"we":[29,77,102],"investigate":[30],"privacy-related":[32,62,216],"configuration":[33],"choices":[34],"available":[35],"and":[37,49,64,74,96,120,128,181,210,214,223],"made":[38],"by":[39],"Android":[40,47],"app":[41],"developers":[42,98,113,190],"who":[43,194],"incorporate":[44,89],"Facebook":[46,50,60,90],"SDK":[48,53,180,217],"Audience":[51],"Network":[52],"their":[55,65],"apps.":[56,132,174],"We":[57,122,158,175],"compile":[58],"SDKs'":[61],"settings":[63,106,151,205],"defaults.":[66],"Employing":[67],"a":[68,141],"multi-method":[69],"approach":[70],"integrates":[72],"static":[73],"dynamic":[75],"analysis,":[76],"analyze":[78],"more":[79],"than":[80],"6,000":[81],"popular":[82,131],"determine":[85],"whether":[86,95],"SDKs":[91],"and,":[92],"if":[93],"so,":[94],"how":[97,104],"modify":[99],"settings.":[100],"Finally,":[101],"assess":[103],"align":[107],"with":[108,191,206],"practices":[111,127,213],"disclose":[114],"apps\u2019":[117],"labels":[119],"policies.":[121],"observe":[123,159],"widespread":[124],"inconsistencies":[125,134],"between":[126],"disclosures":[129],"These":[133],"settings,":[139],"including":[140],"substantial":[142],"number":[143],"cases":[145],"which":[147],"retain":[149],"default":[150,203],"over":[152],"alternatives":[153],"offer":[155],"greater":[156],"privacy.":[157],"fewer":[160,192],"possible":[161],"compliance":[162],"potentially":[165],"child-directed":[166],"apps,":[167],"but":[168],"persist":[170],"even":[171],"discuss":[176],"remediation":[177],"strategies":[178],"TPL":[182],"providers":[183],"could":[184],"employ":[185],"help":[187],"developers,":[188],"particularly":[189],"resources":[193],"rely":[195],"heavily":[196],"SDKs.":[198],"Our":[199],"recommendations":[200],"include":[201],"aligning":[202],"data":[207],"minimization":[208],"principles":[209],"other":[211],"conservative":[212],"making":[215],"information":[218],"both":[219],"easier":[220],"find":[222],"harder":[224],"miss.":[226]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}