Abstract
Many religious communities are going online to save costs and reach a large audience to spread their religious beliefs. Since the COVID-19 pandemic, such online transitions have accelerated, primarily to maintain the existence and continuity of religious communities. However, online religious services (e.g., websites and mobile apps) open the door to privacy and security issues that result from tracking and leakage of personal/sensitive information. While web privacy in popular sites (e.g., commercial and social media sites) is widely studied, privacy and security issues of religious online services have not been systematically studied. In this paper, we perform privacy and security measurements in religious websites and Android apps: 62,373 unique websites and 1454 Android apps, pertaining to major religions (e.g., Christianity, Buddhism, Islam, Hinduism). We identified the use of commercial trackers on religious websites—e.g., 32% of religious websites and 78% of religious Android apps host Google trackers. Session replay services (FullStory, Yandex, Inspectlet, Lucky Orange) on 198 religious sites sent sensitive information to third parties. Religious sites (14) and apps (7) sent sensitive information in clear text. Besides privacy issues, we also identify sites with potential security issues: 19 religious sites were vulnerable to various security issues; and 69 religious websites and 29 Android apps were flagged by VirusTotal as malicious. We hope our findings will raise awareness of privacy and security issues in online religious services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
https://tinyurl.com/2p8ynsfj (we exclude CRDF and Quttera for their unreliable results as we observed).
- 2.
The URL is of the form <Firebase project name>.firebaseio.com/.json (e.g., https://catholic-connect-213606.firebaseio.com/.json).
- 3.
References
Campbell, H.: Introduction: The Rise of the Study of Digital Religion. Digital Religion, pp. 1–22 (2013)
Campbell, H.A., Altenhofen, B., Bellar, W., Cho, K.J.: There’s a religious app for that! A framework for studying religious mobile applications. Mob. Media Commun. 2(2), 154–172 (2014)
Pandemic Religion: Social media use during COVID-19 (2020). https://tinyurl.com/bdfbw3pk
Pew Research Center: Few Americans say their house of worship is open (2020). https://tinyurl.com/3ejcj7yr
Forbes: God is not the only one watching over your church’s website (2014). https://tinyurl.com/5xx5wa5d
CNET: Religious apps with sinful permissions requests are more common than you think (2019). https://tinyurl.com/yckme9x3
Los Angeles Times: Muslims reel over a prayer app that sold user data (2020). https://tinyurl.com/4edmn96n
BuzzFeed News Nothing sacred: These apps reserve the right to sell your prayers (2022). https://tinyurl.com/3z6jz7wh
The Washington Post: Chinese state-backed hackers infiltrated vatican (2020). https://tinyurl.com/mpttxmc
Campbell, H.A.: Religion and the internet: a microcosm for studying internet trends and implications. New Media Soc. 15(5), 680–694 (2013)
Keywords Standings Ltd.: URL Classification (2020). https://url-classification.io/
VirusTotal: VirusTotal (2021). https://www.virustotal.com
Princeton University: OpenWPM (2022). https://github.com/citp/OpenWPM
HTTP Toolkit: HTTP Toolkit (2022). https://httptoolkit.tech/
MobSF: MobSF (2022). https://tinyurl.com/mr2vwfr4
LiteRadar: LiteRadar (2020). https://github.com/pkumza/LiteRadar
Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: ACM Conference on Computer and Communications Security (CCS 2016), Vienna, Austria (2016)
Samarasinghe, N., Adhikari, A., Mannan, M., Youssef, A.: Et tu, brute? Privacy analysis of government websites and mobile apps. In: TheWebConf 2022 (2022)
Hoy, M.G., Phelps, J.: Consumer privacy and security protection on church web sites: reasons for concern. J. Public Policy Mark. 22(1), 58–70 (2003)
Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third party tracking in the mobile ecosystem. In: ACM Conference on Web Science (WebSci 2018) (2018)
Nguyen, T.T., Backes, M., Marnau, N., Stock, B.: Share first, ask later (or never?)-studying violations of GDPR’s explicit consent in Android apps. In: USENIX Security Symposium (USENIX Security 2021) (2021)
Cho, H., Ippolito, D., Yu, Y.W.: Contact tracing mobile apps for COVID-19: privacy considerations and related trade-offs. Preprint arXiv:2003.11511 (2020)
Felt, A.P., Barnes, R., King, A., Palmer, C., Bentzel, C., Tabriz, P.: Measuring HTTPS adoption on the web. In: USENIX Security Symposium (USENIX Security 2017) (2017)
Alabduljabbar, A., Ma, R., Choi, S., Jang, R., Chen, S., Mohaisen, D.: Understanding the security of free content websites by analyzing their SSL certificates: a comparative study. In: Workshop on Cybersecurity and Social Sciences (2022)
Google-Play-Scraper: Google-Play-Scraper (2022). https://tinyurl.com/pm75cxy2
LevelDB: LevelDB (2022). https://github.com/google/leveldb
EasyList: EasyList (2022). https://easylist.to/
Acar, G.: Script URL substrings used to detect the embeddings from the companies offering session replay services (2017). https://tinyurl.com/2rhnfbwz
Peng, P., Yang, L., Song, L., Wang, G.: Opening the blackbox of VirusTotal: analyzing online phishing scan engines. In: ACM Internet Measurement Conference (IMC 2019) (2019)
PyOpenSSL: PyOpenSSL (2022). https://pypi.org/project/pyOpenSSL/
Wapiti: Wapiti (2022). https://wapiti-scanner.github.io/
Google: Firebase (2021). https://firebase.google.com/
Mitmproxy: mitmproxy (2021). https://mitmproxy.org/
Google: Android Debug Bridge (ADB) (2020). https://tinyurl.com/2v2a28sc
Monkeyrunner: monkeyrunner (2020). https://tinyurl.com/yckz2hyb
PortSwigger: Burp Suite (2022). https://portswigger.net/burp
Retire.js: Retire.js (2022). https://retirejs.github.io/retire.js/
PKI Consortium: One Year Certs (2020). https://tinyurl.com/2p8y8eh4
Similarweb: Top Websites Ranking for Faith and Beliefs in the world. Online article (2022). https://tinyurl.com/2p9d43jk
OneSpan: Fraud Analytics (2021). https://tinyurl.com/muwn78j2
Foundation.mozilla.org: Pray.com (2022). https://tinyurl.com/2p8v5bep
Malwarebytes Labs: Android/Adware.MobiDash (2022). https://tinyurl.com/2p8kbcpk
2-viruses.com: FlyTrap (2021). https://tinyurl.com/ma7hr3ma
European Commission: How is data on my religious beliefs/sexual orientation/health/political views protected (2022). https://tinyurl.com/5cj2fmpt
Han, C., et al.: The price is (not) right: comparing privacy in free and paid apps. Proc. Priv. Enhanc.g Techno. 2020, 222–242 (2020)
Cassel, D., et al.: OmniCrawl: comprehensive measurement of web tracking with real desktop and mobile browsers. Proc. Priv. Enhancing Technol. 2022(1), 227–252 (2022)
Samarasinghe, N., Mannan, M.: Towards a global perspective on web tracking. Comput. Secur. 87, 101569 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Samarasinghe, N., Kapoor, P., Mannan, M., Youssef, A. (2023). No Salvation from Trackers: Privacy Analysis of Religious Websites and Mobile Apps. In: Garcia-Alfaro, J., Navarro-Arribas, G., Dragoni, N. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2022 2022. Lecture Notes in Computer Science, vol 13619. Springer, Cham. https://doi.org/10.1007/978-3-031-25734-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-25734-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25733-9
Online ISBN: 978-3-031-25734-6
eBook Packages: Computer ScienceComputer Science (R0)