Third-party applications have become an essential part of today's online ecosystem, enhancing the functionality of popular platforms. However, the intensive data exchange underlying their proliferation has increased concerns about interdependent privacy (IDP). This paper provides a comprehensive investigation into the previously underinvestigated IDP issues of third-party apps. Specifically, first, we analyze the permission structure of multiple app platforms, identifying permissions that have the potential to cause interdependent privacy issues by enabling a user to share someone else's personal data with an app. Second, we collect datasets and characterize the extent to which existing apps request these permissions, revealing the relationship between characteristics such as the respective app platform, the app's type, and the number of interdependent privacy-related permissions it requests. Third, we analyze the various reasons IDP is neglected by both data protection regulations and app platforms and then devise principles that should be followed when designing a mitigation solution. Finally, based on these principles and satisfying clearly defined objectives, we propose IDPFilter, a platform-agnostic API that enables application providers to minimize collateral information collection by filtering out data collected from their users but implicating others as data subjects. We implement a proof-of-concept prototype, IDPTextFilter, that implements the filtering logic on textual data, and provide its initial performance evaluation with regard to privacy, accuracy, and efficiency.

翻译：第三方应用已成为当今在线生态系统的重要组成部分，增强了流行平台的功能性。然而，其广泛普及背后密集的数据交换加剧了人们对相互依赖隐私（IDP）的担忧。本文对先前未充分研究的第三方应用IDP问题进行了全面调查。具体而言，首先，我们分析了多个应用平台的权限结构，识别出可能通过允许用户与他人共享个人数据而引发相互依赖隐私问题的权限。其次，我们收集数据集并表征现有应用请求这些权限的程度，揭示了各应用平台、应用类型及其请求的相互依赖隐私相关权限数量等特征之间的关系。第三，我们分析了数据保护法规及应用平台忽视IDP的多种原因，并制定了设计缓解方案时应遵循的原则。最后，基于这些原则并满足明确定义的目标，我们提出了IDPFilter——一个与平台无关的API，使应用提供商能够通过过滤从用户处收集但涉及他人作为数据主体的数据，最小化附带信息收集。我们实现了一个概念验证原型IDPTextFilter，该原型在文本数据上实施过滤逻辑，并提供了其在隐私性、准确性和效率方面的初步性能评估。