Measuring Alexa skill privacy practices across three years

Edu, Jide and Ferrer-Aran, Xavier and Such, Jose and Suarez-Tangil, Guillermo; (2022) Measuring Alexa skill privacy practices across three years. In: WWW '22 : Proceedings of the ACM Web Conference 2022. ACM, FRA. ISBN 9781450390965 (https://doi.org/10.1145/3485447.3512289)

Preview

Text. Filename: Edu_etal_WWW_2022_Measuring_Alexa_skill_privacy_practices_across_three_years.pdf Accepted Author Manuscript License: Strathprints license 1.0 Download (298kB)| Preview

Abstract

Smart Voice Assistants are transforming the way users interact with technology. This transformation is mostly fostered by the proliferation of voice-driven applications (called skills) offered by third-party developers through an online market. We see how the number of skills has rocked in recent years, with the Amazon Alexa skill ecosystem growing from just 135 skills in early 2016 to about 125k skills in early 2021. Along with the growth in skills, there is increasing concern over the risks that third-party skills pose to users' privacy. In this paper, we perform a systematic and longitudinal measurement study of the Alexa marketplace. We shed light on how this ecosystem evolves using data collected across three years between 2019 and 2021. We demystify developers' data disclosure practices and present an overview of the third-party ecosystem. We see how the research community continuously contribute to the market's sanitation, but the Amazon vetting process still requires significant improvement. We perform a responsible disclosure process reporting 675 skills with privacy issues to both Amazon and all affected developers, out of which 246 skills suffer from important issues (i.e., broken traceability). We see that 107 out of the 246 (43.5%) skills continue to display broken traceability almost one year after being reported. As a result, the overall state of affairs has improved in the ecosystem over the years. Yet, newly submitted skills and unresolved known issues pose an endemic risk.

ORCID iDs

Edu, Jide ORCID: https://orcid.org/0000-0003-1325-8740

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Book Section
  ID code:	85197
  Dates:	Date Event 25 April 2022 Published
  Subjects:	Science > Mathematics > Electronic computers. Computer science > Other topics, A-Z > Human-computer interaction
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	20 Apr 2023 09:44
  Last modified:	11 Nov 2024 15:32
  URI:	https://strathprints.strath.ac.uk/id/eprint/85197