We previously built a testbed to run mobile apps automatically and then monitor their data flows. We use this to detect how personal data gets shared amongst third parties. Currently, we only do this for Android. Given that many of the same apps are available for both platforms, we want to examine whether they differ on iOS.

Research goal: Build a testbed to automatically track the dataflows of iOS apps so that we can examine whether iOS offers better privacy protections, as well as whether apps are violating App Store policies (to the extent that they are on Android).

Potential studies:

• iOS has specific policies for what identifiers can be used by apps; are these policies being followed?
• When an app has both an Android and iOS version, do they exhibit different privacy behaviors?