Abstract
Since browser extensions are prevailingly executed in the background to enable extra functionalities and enhance the user experience for web browsers, the potential over-collection of personal data beyond the necessity for given purposes is always ignored by ordinary users. Existing privacy regulations, such as the principle of Data Minimization in GDPR, have provided the criteria that only directly relevant and necessary data for specified purposes should be collected. Various tools have made efforts to examine the compliance of data minimization and its equivalent in different application domains. To our knowledge, in the area of browser extensions, there is still a gap between the general data minimization principle and precisely defined extension behaviors. We propose MINDAExT, a framework that takes one step further to automatically examine end-to-end data minimization practices in browser extensions by description text analysis and hybrid program analysis techniques.
In our large-scale measurement, covering around 200K extensions collected in October 2023, we find that 38.0% of extensions are likely to collect private user data outside their essential functionality scopes. They are distributed across all categories, exhibiting distinct patterns of the target data types. Our evaluation shows that MINDAEXT can detect the data over-collection with a precision of 74.3%.
© 2024 IEEE.
In our large-scale measurement, covering around 200K extensions collected in October 2023, we find that 38.0% of extensions are likely to collect private user data outside their essential functionality scopes. They are distributed across all categories, exhibiting distinct patterns of the target data types. Our evaluation shows that MINDAEXT can detect the data over-collection with a precision of 74.3%.
© 2024 IEEE.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2024 |
| Publisher | IEEE |
| Pages | 964-975 |
| Number of pages | 12 |
| ISBN (Electronic) | 979-8-3503-3066-3 |
| ISBN (Print) | 979-8-3503-3067-0 |
| DOIs | |
| Publication status | Published - 2024 |
| Externally published | Yes |
| Event | 31st IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2024) - Rovaniemi, Finland Duration: 12 Mar 2024 → 15 Mar 2024 https://conf.researchr.org/home/saner-2024 https://ieeexplore.ieee.org/xpl/conhome/1831544/all-proceedings |
Publication series
| Name | Proceedings - IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER |
|---|---|
| ISSN (Print) | 1534-5351 |
| ISSN (Electronic) | 2640-7574 |
Conference
| Conference | 31st IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2024) |
|---|---|
| Place | Finland |
| City | Rovaniemi |
| Period | 12/03/24 → 15/03/24 |
| Internet address |
Funding
We are grateful to the anonymous reviewers for their valuable and detailed comments. The first author wishes to thank Nan Jiang for her feedback on the draft of this paper, Fuman Xie and Ruiping Liu for their encouraging and insightful discussions. This work is partially supported by National University of Singapore under the funding [A-8000596-00-00] (11.8-5.31); and the University of Queensland under the Global Strategy and Partnerships Seed Funding and Australian Research Council Discovery Projects under DP240103068.
Research Keywords
- browser extension
- compliance
- data minimization
- program analysis
Fingerprint
Dive into the research topics of 'Essential or Excessive? MINDAEXT: Measuring Data Minimization Practices among Browser Extensions'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver