{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:13:14Z","timestamp":1726359194457},"reference-count":68,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T00:00:00Z","timestamp":1721260800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T00:00:00Z","timestamp":1721260800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,10]]},"DOI":"10.1007\/s10207-024-00887-z","type":"journal-article","created":{"date-parts":[[2024,7,18]],"date-time":"2024-07-18T12:01:34Z","timestamp":1721304094000},"page":"3217-3239","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A study on privacy and security aspects of personalised apps"],"prefix":"10.1007","volume":"23","author":[{"given":"Stylianos","family":"Gerasimou","sequence":"first","affiliation":[]},{"given":"Konstantinos","family":"Limniotis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,7,18]]},"reference":[{"key":"887_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2020.100318","volume":"39","author":"Y Hajjaji","year":"2021","unstructured":"Hajjaji, Y., Boulila, W., Farah, I.R., Romdhani, I., Hussain, A.: Big data and IoT-based applications in smart environments: a systematic review. Comput. Sci. Rev. 39, 100318 (2021). https:\/\/doi.org\/10.1016\/j.cosrev.2020.100318","journal-title":"Comput. Sci. Rev."},{"key":"887_CR2","unstructured":"OECD: E-commerce in the time of COVID-19 (2020). Available in https:\/\/www.oecd.org\/coronavirus\/policy-responses\/e-commerce-in-the-time-of-covid-19-3a2b78e8\/ https:\/\/www.forbes.com\/sites\/blakemorgan\/2020\/02\/18\/50-stats-showing-the-power-of-personalization\/?sh=7ce8a77a2a94"},{"issue":"1","key":"887_CR3","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1177\/0950422220962696","volume":"35","author":"M Nandy","year":"2021","unstructured":"Nandy, M., Lodh, S., Tang, A.: Lessons from Covid-19 and a resilience model for higher education. Ind. High. Educ. 35(1), 3\u20139 (2021). https:\/\/doi.org\/10.1177\/0950422220962696","journal-title":"Ind. High. Educ."},{"issue":"3","key":"887_CR4","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1097\/JOM.0000000000002097","volume":"63","author":"Y Xiao","year":"2021","unstructured":"Xiao, Y., Becerik-Gerber, B.D., Lucas, G., Roll, S.C.: Impacts of working from home during COVID-19 pandemic on physical and mental well-being of office workstation users. J. Occup. Environ. Med. 63(3), 181\u2013190 (2021). https:\/\/doi.org\/10.1097\/JOM.0000000000002097","journal-title":"J. Occup. Environ. Med."},{"key":"887_CR5","unstructured":"McKinsey & Company: How COVID-19 has pushed companies over the technology tipping point-and transformed business forever, (2020). Available in https:\/\/www.mckinsey.com\/capabilities\/strategy-and-corporate-finance\/our-insights\/how-covid-19-has-pushed-companies-over-the-technology-tipping-point-and-transformed-business-forever"},{"key":"887_CR6","unstructured":"Morgan, B.: $$50$$ Stats showing The Power Of Personalization (2020). Available in https:\/\/www.forbes.com\/sites\/blakemorgan\/2020\/02\/18\/50-stats-showing-the-power-of-personalization\/?sh=7ce8a77a2a94 (Accessed on May 14th, 2024)"},{"key":"887_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2020.102517","volume":"145","author":"SW Tay","year":"2021","unstructured":"Tay, S.W., Teh, P.S., Payne, S.J.: Reasoning about privacy in mobile application install decisions: risk perception and framing. Int. J. Hum Comput Stud. 145, 102517 (2021). https:\/\/doi.org\/10.1016\/j.ijhcs.2020.102517","journal-title":"Int. J. Hum Comput Stud."},{"key":"887_CR8","unstructured":"European Union Agency for Cybersecurity: Privacy and Data Protection in Mobile Applications\u2014A Study on the App Development Ecosystem and the Technical Implementation of GDPR (2017). Available in https:\/\/www.enisa.europa.eu\/publications\/privacy-and-data-protection-in-mobile-applications. (Accessed on May 14th, 2024)"},{"key":"887_CR9","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MC.2020.3004606","volume":"53","author":"J Michael","year":"2020","unstructured":"Michael, J., Kuhn, R., Voas, J.: Security or privacy: can you have both? Computer 53, 20\u201330 (2020). https:\/\/doi.org\/10.1109\/MC.2020.3004606","journal-title":"Computer"},{"key":"887_CR10","unstructured":"European Union: Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (general data protection regulation). Off. J. L. 119(1) (2016)"},{"issue":"9","key":"887_CR11","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1145\/3411049","volume":"63","author":"M Kaminski","year":"2020","unstructured":"Kaminski, M.: A recent renaissance in privacy law. Commun. ACM 63(9), 24\u201327 (2020). https:\/\/doi.org\/10.1145\/3411049","journal-title":"Commun. ACM"},{"key":"887_CR12","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-319-67280-9_9","volume-title":"Privacy Technologies and Policy - APF 2017 10518","author":"M Alshammari","year":"2017","unstructured":"Alshammari, M., Simpson, A.: Towards a Principled Approach for Engineering Privacy by Design. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds.) Privacy Technologies and Policy - APF 2017 10518, pp. 161\u2013177. Springer, Heidelberg (2017). https:\/\/doi.org\/10.1007\/978-3-319-67280-9_9"},{"key":"887_CR13","unstructured":"European union agency for cybersecurity: recommendations on shaping technology according to GDPR provisions\u2014Exploring the notion of data protection by default (2019). Available in https:\/\/www.enisa.europa.eu\/publications\/recommendations-on-shaping-technology-according-to-gdpr-provisions-part-2"},{"key":"887_CR14","unstructured":"European Data Protection Board: Guidelines 2\/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive (2023). Available in https:\/\/edpb.europa.eu\/our-work-tools\/documents\/public-consultations\/2023\/guidelines-22023-technical-scope-art-53-eprivacy_en (Accessed on May 14th, 2024)"},{"key":"887_CR15","unstructured":"Statcounter: Mobile Operating System Market Share Worldwide (2023). Available in https:\/\/gs.statcounter.com\/os-market-share\/mobile\/worldwide (Accessed on May 14th, 2024)"},{"issue":"5","key":"887_CR16","doi-asserted-by":"publisher","first-page":"1247","DOI":"10.3390\/electronics12051247","volume":"12","author":"G Achilleos","year":"2023","unstructured":"Achilleos, G., Limniotis, K.: Exploring personal data processing in video conferencing apps. Electronics 12(5), 1247 (2023). https:\/\/doi.org\/10.3390\/electronics12051247","journal-title":"Electronics"},{"key":"887_CR17","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1016\/j.cose.2018.05.007","volume":"77","author":"C Lyvas","year":"2018","unstructured":"Lyvas, C., Lambrinoudakis, C., Geneiatakis, D.: Dypermin: dynamic permission mining framework for android platform. Comput. Secur. 77, 472\u2013487 (2018). https:\/\/doi.org\/10.1016\/j.cose.2018.05.007","journal-title":"Comput. Secur."},{"key":"887_CR18","doi-asserted-by":"publisher","unstructured":"Kurtz, A., Gascon, H., Becker, T., Rieck, K. and Freiling. F.: Fingerprinting mobile devices using personalized configurations. In: Proceedings on privacy enhancing technologies, pp. 4\u201319 (2016). https:\/\/doi.org\/10.1515\/popets-2015-0027","DOI":"10.1515\/popets-2015-0027"},{"issue":"1","key":"887_CR19","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1108\/IJQSS-07-2015-0054","volume":"8","author":"A Bilgihan","year":"2016","unstructured":"Bilgihan, A., Kandampully, J., Zhang, T.: Towards a unified customer experience in online shopping environments: antecedents and outcomes. Int. J. Qual. Serv. Sci. 8(1), 102\u2013119 (2016). https:\/\/doi.org\/10.1108\/IJQSS-07-2015-0054","journal-title":"Int. J. Qual. Serv. Sci."},{"key":"887_CR20","unstructured":"Levenson, H.: Mobile App Personalization: How To Do It Right (2018). Available in https:\/\/usabilitygeek.com\/mobile-app-personalization-how-to\/ (Accessed on May 14th, 2024)"},{"key":"887_CR21","doi-asserted-by":"crossref","unstructured":"Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third Party Tracking in the Mobile Ecosystem. arXiv:1804.03603v3 [cs.CY] (2018). Available in https:\/\/arxiv.org\/pdf\/1804.03603.pdf (Accessed on May 14th, 2024)","DOI":"10.31235\/osf.io\/u7qmz"},{"key":"887_CR22","unstructured":"Okoyomon, E., Samarin, N., Wijesekera, P., Elazari, A., Vallina-Rodriguez, N., Reyes, I., Feal, A., Egelman, S.: On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies. In: The workshop on technology and consumer protection (ConPro \u201919) (2019)"},{"key":"887_CR23","doi-asserted-by":"publisher","unstructured":"Bracamonte, V., Pape, S., L\u00f6bner, S.: \u201cAll apps do this\u201d: Comparing Privacy Concerns Towards Privacy Tools and Non-Privacy Tools for Social Media Content. Proc. Priv. Enhancing Technol., pp. 57\u201378 (2022). https:\/\/doi.org\/10.56553\/popets-2022-0062","DOI":"10.56553\/popets-2022-0062"},{"key":"887_CR24","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1504\/IJEG.2022.123245","volume":"14","author":"S Monogios","year":"2022","unstructured":"Monogios, S., Magos, K., Limniotis, K., Kolokotronis, N., Shiaeles, S.: Privacy issues in android applications: the cases of GPS navigators and fitness trackers. Int. J. Electron. Gov. (IJEG) 14, 83\u2013111 (2022). https:\/\/doi.org\/10.1504\/IJEG.2022.123245","journal-title":"Int. J. Electron. Gov. (IJEG)"},{"key":"887_CR25","doi-asserted-by":"publisher","first-page":"9390","DOI":"10.1109\/ACCESS.2018.2799522","volume":"6","author":"A Papageorgiou","year":"2018","unstructured":"Papageorgiou, A., Strigkos, M., Politou, E., Alepis, E., Solanas, A., Patsakis, C.: Security and privacy analysis of mobile health applications: the alarming state of practice. IEEE Access 6, 9390\u20139403 (2018). https:\/\/doi.org\/10.1109\/ACCESS.2018.2799522","journal-title":"IEEE Access"},{"key":"887_CR26","doi-asserted-by":"crossref","unstructured":"Son, S., Kim, D. and Shmatikov, V.: What mobile ads know about mobile users. In: Network and distributed system security symposium (2016). 0.14722\/ndss.2016.23407","DOI":"10.14722\/ndss.2016.23407"},{"key":"887_CR27","doi-asserted-by":"publisher","unstructured":"Taylor, V. F., Beresford, A. R., Martinovic, I.: Intra-Library Collusion: A Potential Privacy Nightmare on Smartphones. arXiv:1708.03520v1 [cs.CR] (2017). https:\/\/doi.org\/10.48550\/arXiv.1708.03520","DOI":"10.48550\/arXiv.1708.03520"},{"key":"887_CR28","volume-title":"Is Our Children\u2019s Apps Learning?","author":"I Reyes","year":"2017","unstructured":"Reyes, I., Wijesekera, P., Razaghpanah, A., Reardon, J., VallinaRodriguez, N., Egelman, S., Kreibich, C.: Is Our Children\u2019s Apps Learning? Automatically detecting COPPA violations, IEEE Workshop on Technology and Consumer Protection (ConPro) (2017)"},{"key":"887_CR29","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1504\/IJEG.2019.103720","volume":"11","author":"V Chatzistefanou","year":"2019","unstructured":"Chatzistefanou, V., Limniotis, K.: Anonymity in social networks: the case of anonymous social media. Int. J. Electron. Gov. 11, 361\u2013385 (2019). https:\/\/doi.org\/10.1504\/IJEG.2019.103720","journal-title":"Int. J. Electron. Gov."},{"key":"887_CR30","doi-asserted-by":"publisher","unstructured":"Razaghpanah, A., Nithyanand, R., Vallina-Rodriguez, N., Sundaresan, S., Allman, M., Kreibich, C., Gill, P.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem. In: Network and distributed system security symposium (2018). https:\/\/doi.org\/10.14722\/ndss.2018.23353","DOI":"10.14722\/ndss.2018.23353"},{"issue":"4","key":"887_CR31","doi-asserted-by":"publisher","first-page":"5509","DOI":"10.1109\/JSYST.2022.3147808","volume":"16","author":"EP de Mattos","year":"2022","unstructured":"de Mattos, E.P., Domingues, A.C.S.A., Santos, B.P., Ramos, H.S., Loureiro, A.A.F.: The impact of mobility on location privacy: a perspective on smart mobility. IEEE Syst. J. 16(4), 5509\u20135520 (2022). https:\/\/doi.org\/10.1109\/JSYST.2022.3147808","journal-title":"IEEE Syst. J."},{"key":"887_CR32","unstructured":"Kollnig, K., Binns, R., Dewitte, P., Van Kleek, M., Wang, G., Omeiza, D., Webb, H., Shadbolt, N.: A fait accompli? An empirical study into the absence of consent to third-party tracking in android apps. In: Proceedings of the 17th symposium on usable privacy and security (2021). Available in https:\/\/www.usenix.org\/system\/files\/soups2021-kollnig.pdf (Accessed on May 14th, 2024)"},{"key":"887_CR33","doi-asserted-by":"publisher","unstructured":"Kollnig, K., Shuba, A., Binns, R., Van Kleek, M., Shadbolt, N.: Are iPhones really better for privacy? A comparative study of iOS and android apps. Proc. Priv. Enhancing Technol. (POPETS), pp. 6\u201324 (2022). https:\/\/doi.org\/10.2478\/popets-2022-0033","DOI":"10.2478\/popets-2022-0033"},{"key":"887_CR34","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1016\/j.jbusres.2020.09.039","volume":"123","author":"A Riegger","year":"2021","unstructured":"Riegger, A., Klein, J.F., Merfeld, K., Henkel, S.: Technology-enabled personalization in retail stores: understanding drivers and barriers. J. Bus. Res. 123, 140\u2013155 (2021). https:\/\/doi.org\/10.1016\/j.jbusres.2020.09.039","journal-title":"J. Bus. Res."},{"key":"887_CR35","doi-asserted-by":"publisher","first-page":"647","DOI":"10.1007\/s10207-022-00655-x","volume":"22","author":"I Ullah","year":"2023","unstructured":"Ullah, I., Boreli, R., Kanhere, S.S.: Privacy in targeted advertising on mobile devices: a survey. Int. J. Inf. Secur. 22, 647\u2013678 (2023). https:\/\/doi.org\/10.1007\/s10207-022-00655-x","journal-title":"Int. J. Inf. Secur."},{"key":"887_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2021.106976","volume":"126","author":"N Ameen","year":"2022","unstructured":"Ameen, N., Hosany, S., Paul, J.: The personalisation-privacy paradox: consumer interaction with smart technologies and shopping mall loyalty. Comput. Hum. Behav. 126, 106976 (2022). https:\/\/doi.org\/10.1016\/j.chb.2021.106976","journal-title":"Comput. Hum. Behav."},{"issue":"5","key":"887_CR37","doi-asserted-by":"publisher","first-page":"757","DOI":"10.1007\/s40258-021-00647-3","volume":"19","author":"D P\u00e9rez-Troncoso","year":"2021","unstructured":"P\u00e9rez-Troncoso, D., Epstein, D.M., Casta\u00f1eda-Garc\u00eda, J.A.: Consumers\u2019 preferences and willingness to pay for personalised nutrition. Appl. Health Econ. Health Policy 19(5), 757\u2013767 (2021). https:\/\/doi.org\/10.1007\/s40258-021-00647-3","journal-title":"Appl. Health Econ. Health Policy"},{"key":"887_CR38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65785-7_8","author":"K Volchek","year":"2021","unstructured":"Volchek, K., Yu, J., Neuhofer, B., Egger, R., Rainoldi, M.: Co-creating personalised experiences in the context of the personalisation-privacy paradox. Inform. Commun. Technol. Tour (2021). https:\/\/doi.org\/10.1007\/978-3-030-65785-7_8","journal-title":"Inform. Commun. Technol. Tour"},{"key":"887_CR39","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1016\/j.cose.2015.07.002","volume":"64","author":"S Kokolakis","year":"2017","unstructured":"Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Sec. 64, 122\u2013134 (2017). https:\/\/doi.org\/10.1016\/j.cose.2015.07.002","journal-title":"Comput. Sec."},{"key":"887_CR40","doi-asserted-by":"publisher","unstructured":"Au, K. W. Y., Zhou, Y. F., Huang, Z. and Lie, D.: PScout: Analyzing the android permission specification. In: Proceedings of the 19th ACM conference on computer and communications security (CCS), Oct (2012). https:\/\/doi.org\/10.1145\/2382196.2382222","DOI":"10.1145\/2382196.2382222"},{"key":"887_CR41","doi-asserted-by":"publisher","unstructured":"Zhao, Z., Osono, F. C. C.: TrustDroid: Preventing the use of smartphones for information leaking in corporate networks through the used of static analysis taint tracking. In: 7th International conference on malicious and unwanted software, Fajardo, PR, USA, pp. 135\u2013143 (2012). https:\/\/doi.org\/10.1109\/MALWARE.2012.6461017","DOI":"10.1109\/MALWARE.2012.6461017"},{"key":"887_CR42","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1145\/2666356.2594299","volume":"49","author":"S Arzt","year":"2014","unstructured":"Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Traon, Y.L., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49, 259\u2013269 (2014). https:\/\/doi.org\/10.1145\/2666356.2594299","journal-title":"ACM SIGPLAN Not."},{"key":"887_CR43","unstructured":"Backes, M. Bugiel, S., ,Derr, E., McDaniel, P., Octeau, D., Weisgerber, S.: On demystifying the Android application framework: re-visiting android permission specification analysis. In: Proceedings of the $$25$$th USENIX security symposium (USENIX Security), Austin, TX., USENIX Association, pp. 1101\u20131118 (2016). Available in https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity16\/sec16_paper_backes-android.pdf (Accessed on May 14th, 2024)"},{"key":"887_CR44","doi-asserted-by":"publisher","unstructured":"Lee, S. Hwang, S., Ryu, S.: All about activity injection: threats, semantics, and detection. In: $$32$$nd IEEE\/ACM international conference on automated software engineering (ASE), IEEE, pp. 252-262 (2017). https:\/\/doi.org\/10.1109\/ASE.2017.8115638","DOI":"10.1109\/ASE.2017.8115638"},{"key":"887_CR45","doi-asserted-by":"publisher","unstructured":"Spreitzer, R., Palfinger, G., Mangard, S.: SCAnDroid: Automated side-channel analysis of android APIs. In: Proceedings of the $$11$$th ACM conference on security & privacy in wireless and mobile networks (WiSec), pp. 224\u2013235 (2018). https:\/\/doi.org\/10.1145\/3212480.3212506","DOI":"10.1145\/3212480.3212506"},{"key":"887_CR46","unstructured":"Carlsson, A., Pedersen, C., Persson, F. and S\u00f6derlund, G.: KAUDroid\u2014a tool that will spy on applications and how they spy on their users. Working paper, 2018. Available in https:\/\/www.diva-portal.org\/smash\/get\/diva2:1179950\/FULLTEXT01.pdf (Accessed on May 14th, 2024)"},{"key":"887_CR47","doi-asserted-by":"publisher","unstructured":"Burguera, I., Zurutuza, U., Nadjm-Tehrani, S.: Crowdroid: Behavior-based malware detection system for Android. In: Proceedings of the 1st ACM workshop on security and privacy in smartphones and mobile devices (SPSM), pp. 15\u201326 (2011). https:\/\/doi.org\/10.1145\/2046614.2046619","DOI":"10.1145\/2046614.2046619"},{"key":"887_CR48","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/s10844-010-0148-x","volume":"38","author":"A Shabtai","year":"2012","unstructured":"Shabtai, A., Kanonov, U., Elovici, Y., Weiss, Y.: Andromaly: a behavioral malware detection framework for android devices. J. Intell. Inf. Syst. 38, 161\u2013190 (2012). https:\/\/doi.org\/10.1007\/s10844-010-0148-x","journal-title":"J. Intell. Inf. Syst."},{"key":"887_CR49","doi-asserted-by":"publisher","unstructured":"Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P. D., Sheth, A, N.: TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32, 1\u201329 (2014). https:\/\/doi.org\/10.1145\/2619091","DOI":"10.1145\/2619091"},{"key":"887_CR50","doi-asserted-by":"publisher","unstructured":"Tam, K., Khan, S. J., Fattori, A., and Cavallaro, L.: CopperDroid: automatic reconstruction of Android malware behaviors. NDSS \u201915, 8\u201311 Feb 2015, San Diego, CA, USA (2015). https:\/\/doi.org\/10.14722\/ndss.2015.23145","DOI":"10.14722\/ndss.2015.23145"},{"key":"887_CR51","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102468","volume":"111","author":"C Lyvas","year":"2021","unstructured":"Lyvas, C., Lambrinoudakis, C., Geneiatakis, D.: On Android\u2019s activity hijacking prevention. Comput. Secur. 111, 102468 (2021). https:\/\/doi.org\/10.1016\/j.cose.2021.102468","journal-title":"Comput. Secur."},{"key":"887_CR52","unstructured":"Titze, D., Stephanow, P., Schuette, J.: App-Ray: user-driven and fully automated android app security assessment report. Available in https:\/\/www.aisec.fraunhofer.de\/content\/dam\/aisec\/Dokumente\/Publikationen\/Studien_TechReports\/englisch\/2014_03 (2013)"},{"key":"887_CR53","doi-asserted-by":"publisher","unstructured":"Liu, J., Wu, D., Xue, J.: Tdroid: Exposing app switching attacks in android with control flow specialization. In: Proceedings of the $$33$$rd ACM\/IEEE international conference on automated software engineering, pp. 236\u2013247 (2018). https:\/\/doi.org\/10.1145\/3238147.3238188","DOI":"10.1145\/3238147.3238188"},{"key":"887_CR54","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101688","volume":"90","author":"J Gajrani","year":"2020","unstructured":"Gajrani, J., Agarwal, U., Laxmi, V., Bezawada, B., Gaur, M.S., Tripathi, M., Zemmari, A.: EspyDroid+: precise reflection analysis of android apps. Comput. Sec. 90, 101688 (2020). https:\/\/doi.org\/10.1016\/j.cose.2019.101688","journal-title":"Comput. Sec."},{"key":"887_CR55","unstructured":"European data protection board: urgent binding decision 01\/2023 requested by the Norwegian SA for the ordering of final measures regarding Meta Platforms Ireland Ltd (Art. 66(2) GDPR) (2023). Available in: https:\/\/edpb.europa.eu\/system\/files\/2023-12\/edpb_urgentbindingdecision_202301_no_metaplatformsireland_en_0.pdf (Accessed on May 14th, 2024)"},{"key":"887_CR56","unstructured":"Exodus Privacy. https:\/\/exodus-privacy.eu.org\/en\/ (Accessed on May 14th, 2024)"},{"key":"887_CR57","unstructured":"Tracker Control for Android. https:\/\/trackercontrol.org\/ (Accessed on May 14th, 2024)"},{"key":"887_CR58","unstructured":"ImmuniWeb for Mobile App Security. https:\/\/www.immuniweb.com\/mobile\/ (Accessed on May 14th, 2024)"},{"key":"887_CR59","unstructured":"Naeem, A.: Apps that Americans can\u2019t live without (2023). Available in https:\/\/www.digitalinformationworld.com\/2023\/10\/apps-that-americans-cant-live-without.html. (Accessed on May 14th, 2024)"},{"key":"887_CR60","unstructured":"Du, T.: Ranked: The World\u2019s Most Popular Apps by Downloads (2023). Available in https:\/\/www.visualcapitalist.com\/cp\/most-popular-apps-by-downloads\/#google_vignette (Accessed on May 14th, 2024)"},{"key":"887_CR61","unstructured":"Leo, K.: Manage External Storage Permission -Android Studio - Java (2023). https:\/\/medium.com\/@kezzieleo\/manage-external-storage-permission-android-studio-java-9c3554cf79a7 (Accessed on May 14th, 2024)"},{"key":"887_CR62","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1016\/j.infsof.2017.04.001","volume":"88","author":"L Li","year":"2017","unstructured":"Li, L., Bissyand\u00e9, T.F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., Klein, J., Le Traon, Y.: Static analysis of android apps: a systematic literature review. Inf. Softw. Technol. 88, 67\u201395 (2017). https:\/\/doi.org\/10.1016\/j.infsof.2017.04.001","journal-title":"Inf. Softw. Technol."},{"key":"887_CR63","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s10664-020-09934-4","volume":"26","author":"M Hatamian","year":"2021","unstructured":"Hatamian, M., Wairimu, S., Momen, N., Fritsch, L.: A privacy and security analysis of early-deployed COVID-19 contact tracing android apps. Empir Softw. Eng 26, 36 (2021). https:\/\/doi.org\/10.1007\/s10664-020-09934-4","journal-title":"Empir Softw. Eng"},{"key":"887_CR64","unstructured":"OWASP: Mobile Top $$10$$ (2023). https:\/\/owasp.org\/www-project-mobile-top-10\/ (Accessed on May 14th, 2024)"},{"key":"887_CR65","unstructured":"MITRE: CWE List Version $$4.13$$. https:\/\/cwe.mitre.org\/data\/index.html (Accessed on May 14th, 2024)"},{"key":"887_CR66","unstructured":"Campagna, R.: 5 Reasons to Stop Using CVSS Scores to Measure Risk. https:\/\/www.balbix.com\/blog\/5-reasons-to-stop-using-cvss-scores-to-measure-risk\/ (Accessed on May 9th, 2024)"},{"key":"887_CR67","unstructured":"MITRE: 2023 CWE Top 25 Most Dangerous Software Weaknesses. https:\/\/cwe.mitre.org\/top25\/archive\/2023\/2023_top25_list.html (Accessed on May 9th, 2024)"},{"key":"887_CR68","unstructured":"NOYB: NOYB files GDPR complaint against Meta over \u201cPay or Okay\u201d. https:\/\/noyb.eu\/en\/noyb-files-gdpr-complaint-against-meta-over-pay-or-okay. (Accessed on May 9th, 2024)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00887-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00887-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00887-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,14]],"date-time":"2024-09-14T01:05:01Z","timestamp":1726275901000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00887-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,18]]},"references-count":68,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2024,10]]}},"alternative-id":["887"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00887-z","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2024,7,18]]},"assertion":[{"value":"3 July 2024","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 July 2024","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"All data generated or analyzed during this study are included in this published article. The software tools that have been used for the analysis are available in public.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Data availability"}}]}}