{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:11:49Z","timestamp":1772039509560,"version":"3.50.1"},"reference-count":0,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"1","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["PoPETs"],"abstract":"<jats:p>The increasing use of the Internet of Things (IoT) technology has made our lives convenient, however, it also poses new security and privacy threats. In this work, we study a new type of privacy threat enabled by cross-app chains built among multiple seemingly benign IoT apps. We find that interactions among apps could leak privacy-sensitive information, e.g., users' identification, location and tracking, activity patterns, etc. To tackle this challenge, we introduce PrivacyGuard, which extracts cross-app chains in the form of trigger-condition-action rules and identifies the corresponding privacy leakage risk with an inference probability. PrivacyGuard supports a fine-grained categorization of privacy threats to generate detailed alerts about privacy leakages. We evaluated PrivacyGuard on a dataset with 2,101 SmartApps, 2,788 IFTTT rules, and 2,086 OpenHAB rules, respectively. The results show that PrivacyGuard could uncover hidden privacy leaks that existing studies fail to detect. For example, 7.67% chains constructed by two seemingly benign IoT apps could leak at least one type of privacy information, while over 80% of the leaks involved privacy information regarding Localization &amp; Tracking and Activity Profiling.<\/jats:p>","DOI":"10.56553\/popets-2025-0040","type":"journal-article","created":{"date-parts":[[2024,11,10]],"date-time":"2024-11-10T19:21:16Z","timestamp":1731266476000},"page":"776-791","source":"Crossref","is-referenced-by-count":3,"title":["PrivacyGuard: Exploring Hidden Cross-App Privacy Leakage Threats In IoT Apps"],"prefix":"10.56553","volume":"2025","author":[{"given":"Zhaohui","family":"Wang","sequence":"first","affiliation":[{"name":"The University of Kansas"}]},{"given":"Bo","family":"Luo","sequence":"additional","affiliation":[{"name":"The University of Kansas"}]},{"given":"Fengjun","family":"Li","sequence":"additional","affiliation":[{"name":"The University of Kansas"}]}],"member":"35752","published-online":{"date-parts":[[2025,1]]},"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"deposited":{"date-parts":[[2024,11,13]],"date-time":"2024-11-13T19:21:04Z","timestamp":1731525664000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2025\/popets-2025-0040.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1]]},"references-count":0,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,1]]}},"alternative-id":["10.56553\/popets-2025-0040"],"URL":"https:\/\/doi.org\/10.56553\/popets-2025-0040","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1]]}}}