David Rodriguez

• Master of Science
• Teaching Assistant at Universidad Politécnica de Madrid

Previous studies have demonstrated that privacy issues in mobile apps often stem from the integration of third-party libraries (TPLs). To shed light on factors that contribute to these issues, we investigate the privacy-related configuration choices available to and made by Android app developers who incorporate the Facebook Android SDK and Faceboo...

Large Language Models (LLMs) have gained unprecedented prominence, achieving widespread adoption across diverse domains and integrating deeply into society. The capability to fine-tune general-purpose LLMs, such as Generative Pre-trained Transformers (GPT), for specific tasks has facilitated the emergence of numerous Custom GPTs. These tailored mod...

Third-party libraries offer a wide range of services that simplify, enhance, and accelerate the development of mobile apps. These libraries oftentimes rely on distributed infrastructures and technologies, such as anycast addresses, to deliver their services worldwide. Yet, they are also frequently involved in personal data transfers, which may cros...

The number and dynamic nature of web sites and mobile applications present regulators and app store operators with significant challenges when it comes to enforcing compliance with applicable privacy and data protection laws. Over the past several years, people have turned to Natural Language Processing (NLP) techniques to automate privacy complian...

The number and dynamic nature of web and mobile applications presents significant challenges for assessing their compliance with data protection laws. In this context, symbolic and statistical Natural Language Processing (NLP) techniques have been employed for the automated analysis of these systems' privacy policies. However, these techniques typi...

Cross-border personal data transfers are heavily regulated worldwide, with data protection authorities imposing huge fines on organizations that fail to meet their strict compliance requirements. However, network-level optimizations such as anycast addresses were not designed with personal data in mind, and their use may unwittingly divert personal...

In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve in...

Many studies have exposed the massive collection of personal data in the digital ecosystem through, for instance, websites, mobile apps, or smart devices. This fact goes unnoticed by most users, who are also unaware that the collectors are sharing their personal data with many different organizations around the globe. This paper assesses techniques...

Privacy policies are long, complex documents that end-users seldom read. Privacy labels aim to ameliorate these issues by providing succinct summaries of salient data practices. In December 2020, Apple began requiring that app developers submit privacy labels describing their apps' data practices. Yet, research suggests that app developers often st...

The General Data Protection Regulation sets strict requirements to allow personal data transfers outside the European Economic Area. Thus, knowing the geographical destination of data transfers is becoming increasingly important for different stakeholders such as data controllers that may become data exporters or data protection authorities who nee...

Many studies have demonstrated that mobile applications are common means to collect massive amounts of personal data. This goes unnoticed by most users, who are also unaware that many different organizations are receiving this data, even from multiple apps in parallel. This paper assesses different techniques to identify the organizations that are...