APIs and Your Privacy

23 Pages Posted: 14 Feb 2019

See all articles by N. Cameron Russell

N. Cameron Russell

Fordham Center on Law and Information Policy (CLIP)

Florian Schaub

University of Michigan at Ann Arbor - School of Information

Allison McDonald

University of Michigan at Ann Arbor

William Sierra-Rocafort

Fordham Center on Law and Information Policy (CLIP)

Date Written: February 5, 2019

Abstract

Application programming interfaces, or APIs, have been the topic of much recent discussion. Newsworthy events, including those involving Facebook’s API and Cambridge Analytica obtaining information about millions of Facebook users, have highlighted the technical capabilities of APIs for prominent websites and mobile applications. At the same time, media coverage of ways that APIs have been misused has sparked concern for potential privacy invasions and other issues of public policy. This paper seeks to educate consumers on how APIs work and how they are used within popular websites and mobile apps to gather, share, and utilize data.

APIs are used in mobile games, search engines, social media platforms, news and shopping websites, video and music streaming services, dating apps, and mobile payment systems. If a third-party company, like an app developer or advertiser, would like to gain access to your information through a website you visit or a mobile app or online service you use, what data might they obtain about you through APIs and how? This report analyzes 11 prominent online services to observe general trends and provide you an overview of the role APIs play in collecting and distributing information about consumers. For example, how might your data be gathered and shared when using your Facebook account login to sign up for Venmo or to access the Tinder dating app? How might advertisers use Pandora’s API when you are streaming music?

After explaining what APIs are and how they work, this report categorizes and characterizes different kinds of APIs that companies offer to web and app developers. Services may offer content-focused APIs, feature APIs, unofficial APIs, and analytics APIs that developers of other apps and websites may access and use in different ways. Likewise, advertisers can use APIs to target a desired subset of a service’s users and possibly extract user data. This report explains how websites and apps can create user profiles based on your online behavior and generate revenue from advertiser-access to their APIs. The report concludes with observations on how various companies and platforms connecting through APIs may be able to learn information about you and aggregate it with your personal data from other sources when you are browsing the internet or using different apps on your smartphone or tablet. While the paper does not make policy recommendations, it demonstrates the importance of approaching consumer privacy from a broad perspective that includes first parties and third parties, and that considers the integral role of APIs in today’s online ecosystem.

Note: © 2019 Fordham Center on Law and Information Policy (Fordham CLIP) and the Regents of the University of Michigan (Univ. of Michigan).

Keywords: API, Privacy

Suggested Citation

Russell, N. Cameron and Schaub, Florian and McDonald, Allison and Sierra-Rocafort, William, APIs and Your Privacy (February 5, 2019). Available at SSRN: https://ssrn.com/abstract=3328825 or http://dx.doi.org/10.2139/ssrn.3328825

N. Cameron Russell

Fordham Center on Law and Information Policy (CLIP) ( email )

Fordham Law School
140 West 62nd Street
New York, NY 10023
United States
212-930-8878 (Phone)

Florian Schaub (Contact Author)

University of Michigan at Ann Arbor - School of Information ( email )

105 S State St
Ann Arbor, MI 48109
United States

Allison McDonald

University of Michigan at Ann Arbor ( email )

500 S. State Street
Ann Arbor, MI 48109
United States

William Sierra-Rocafort

Fordham Center on Law and Information Policy (CLIP) ( email )

Fordham Law School
140 West 62nd Street
New York, NY 10023
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
30
Abstract Views
250
PlumX Metrics
!

Under construction: SSRN citations will be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information