No Privacy for Privates: How Military Communities Experience and Perceive the Privacy Risks of Military-Marketed Mobile Apps

Research Projects

Organizational Units

Journal Issue

Alternative Title

Abstract

A subset of mobile applications is explicitly marketed to military-affiliated personnel. These Military-Marketed Mobile Apps (MMMapps) collect privacy-sensitive data using the same mechanisms as general-purpose apps. However, when such data belongs to military-affiliated personnel, it may be exploited by malicious actors in ways that threaten personal safety, unit operations, and national security. Despite these risks, the data practices and code provenance of MMMapps, as well as how this population perceives and attempts to mitigate these risks, remain poorly understood. In this paper, we address this gap by combining large-scale app analysis with a user study. We first curate a dataset of 242 MMMapps and leverage app analysis techniques to characterize their data practices and code provenance. Then, we conduct a user study with 103 military-affiliated participants in the United States to examine which data practices and code provenance characteristics they consider inappropriate, what threat scenarios they believe those practices enable, and which mitigations they view as most effective. Our results show that MMMapps frequently exhibit data practices and code provenance characteristics that are misaligned with the privacy expectations of military-affiliated personnel. For instance, 40% of MMMapps collect more data than they disclose in their privacy labels or data safety sections. 83.5% of our study participants report using at least one MMMapp that engages in data practices they are uncomfortable with. Additionally, although military-affiliated personnel are generally concerned about third-party libraries accessing their data, 64% of MMMapps include third-party SDKs, some developed in countries perceived as adversarial by a majority of the participants. Overall, our findings reveal a substantial misalignment between the privacy expectations of military-affiliated personnel and the data practices and software supply chains of MMMapps. We propose recommendations at the federal, DoD, app store, and device levels to improve privacy risk mitigation for this at-risk population.

Description

Citation

Shinkle, Joshua, Chandrika Mukherjee, Abdullah Imran, Arjun Arunasalam, Donna Artusy, Antonio Bianchi, Z. Berkay Celik, and Alexander Master. 2026. No Privacy for Privates: How Military Communities Experience and Perceive the Privacy Risks of Military-Marketed Mobile Apps. In Proceedings on Privacy Enhancing Technologies (PETS).

Publisher

Privacy Enhancing Technologies Symposium

License

Journal

Volume

Issue

PubMed ID

DOI

ISSN

EISSN

Endorsement

Review

Supplemented By

Referenced By