Cryptology ePrint Archive: Report 2015/456

Collateral damage of Facebook Apps: an enhanced privacy scoring model

Iraklis Symeonids, Pagona Tsormpatzoudi and Bart Preneel

Abstract: Establishing friendship relationships on Facebook often entails information sharing which is based on the social trust and implicit contract between users and their friends. In this context, Facebook offers applications (Apps) developed by third party application providers (AppPs), which may grant access to users' personal data via Apps installed by their friends. Such access takes place outside the circle of social trust with the user not being aware whether a friend has installed an App collecting her data. In some cases, one or more AppPs may cluster several Apps and thus gain access to a collection of personal data. As a consequence privacy risks emerge. Previous research has mentioned the need to quantify privacy risks on Online Social Networks (OSNs). Nevertheless, most of the existing works do not focus on the personal data disclosure via Apps. Moreover, the problem of personal data clustering from AppPs has not been studied. In this work we perform a general analysis of the privacy threats stemming from the personal data requested by Apps installed by the userís friends from a technical and legal point of view. In order to assist users, we propose a model and a privacy scoring formula to calculate the amount of personal data that may be exposed to AppPs. Moreover, we propose algorithms that based on clustering, computes the visibility of each personal data to the AppPs.

Category / Keywords: applications / Social, economic and policy issues of trust, security and privacy; Security and privacy in social networks

Date: received 13 May 2015, last revised 12 Jan 2016

Contact author: iraklis symeonidis at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20160112:143402 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]