Article (Scientific journals)
Collateral damage of Facebook third-party applications: a comprehensive study
SYMEONIDIS, Iraklis; Biczók, Gergely; Shirazi, Fatemeh et al.
2018In Computers and Security, 77, p. 179 - 208
Peer Reviewed verified by ORBi


Full Text
CIC_of_Facebook_Apps [Symeonidis, Journal].pdf
Author postprint (3.04 MB)

All documents in ORBilu are protected by a user license.

Send to


Keywords :
Interdependent privacy; Facebook; Applications; Application providers; Transparency enhancing technologies (TETs)
Abstract :
[en] Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers.
Disciplines :
Computer science
Author, co-author :
SYMEONIDIS, Iraklis ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Biczók, Gergely
Shirazi, Fatemeh
Pérez-Solà, Cristina
Schroers, Jessica
Preneel, Bart
External co-authors :
Language :
Title :
Collateral damage of Facebook third-party applications: a comprehensive study
Publication date :
Journal title :
Computers and Security
Publisher :
Volume :
Pages :
179 - 208
Peer reviewed :
Peer Reviewed verified by ORBi
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 04 December 2018


Number of views
169 (9 by Unilu)
Number of downloads
555 (11 by Unilu)

Scopus citations®
Scopus citations®
without self-citations
WoS citations


Similar publications

Contact ORBilu