The computer science discipline undoubtedly has enormous impacts on our day-to-day lives. Increasingly, key parts of our society are run by algorithms. This has created a range of notable scandals, for example, when machine learning systems fail to account for the diversity of the human population. This is why many individuals, inside and outside of computer science, argue for compulsory ethics modules in the computer science curriculum. This would be similar to compulsory ethics education that is commonly part of business and finance degrees. I thus argue this thinking is too simple, and fails to identify the actual root problems.
The regulation and power of app stores is gaining increasing interests from regulators. This interested has been particularly spurred by Apple’s recent introduction of the App Tracking Transparency framework, which gives end-users more control over unwanted advertising-relating data collection, but also increases the price of targeted online ads on iOS (thereby potentially raising the prices of advertised products).
Since I have been doing much research into app ecosystems in my PhD at Oxford, I teamed up with my colleagues Reuben Binns and Nigel Shadbolt to submit evidence to the UK Competition and Markets authority in February 2022. This evidence has now been made public. The regulator has also published its final report on competition within the app ecosystem.
Our key recommendations were:
For many years, Apple has been voraciously pushing back against sideloading and alternative app stores on its iOS system. Apple’s senior vice-president Craig Federigh even called sideloading the “cybercriminal’s best friend“. This, however, misses the point.
A recently published pre-print titled ‘GDPR and the Lost Generation of Innovative Apps’ observes that a third of apps on the Google Play Store disappeared from this app store around the introduction of the GDPR in May 2018. The authors deduce ‘that GDPR is the cause’. The effects of the GDPR on the app economy are an important field to study. Unfortunately, the paper currently lacks a control condition and a key variable. As a result, the effects on app exits reported in the paper are likely overestimated, as we will discuss. We believe there are other factors which may better explain these changes in the Play Store aside from the GDPR.
When analysing the privacy properties of apps, one often wants to grant all permissions to apps by default. This makes the subsequent analysis of apps easier, especially when done at scale.
On Android, it is super easy to install an app and automatically grant all app permissions. All is that is needed is the following command:
adb install -g [path to apk]
On iOS, no publicly documented method exists, which makes automated app analysis a lot harder.
This is especially true when large-scale analysis of iOS apps, as my colleagues and I at Oxford did in our recent paper on comparing Android and iOS (forthcoming at PETS).
In the following, I’d like to present a method to automatically grant all permissions to iOS apps. This will require a jailbroken iOS device with full shell and file system access.