We are increasingly surrounded by devices that gather, process, and distribute data about our activities almost constantly. From applications on our mobile phones to sensors embedded in our homes and offices, data is being generated about us in myriad ways. And, while the organizations that are designing and developing the systems and devices which gather this data have made admirable efforts in recent years to provide users greater control over their data, much work is yet to be done to ensure the privacy and security of users.
In the current paradigm, application data permission requests by Apps on smartphones are being lumped together in an all-or-nothing configuration with little insight provided to users on the purpose behind these requests. For example, an App might want to have access to a variety of privacy sensitive data items on your phone such as your location or personal identifiers like your phone number. However the app doesn’t tell you why it needs those permissions, and whether that permission is integral to its functionality of for ancillary purposes like showing targeted advertisements. And while you may not mind it having access to your location, you don’t want it having access to your microphone or camera. In earlier versions of Smartphones OS's you could either grant Apps permission to all the components it requests or choose not to use that application at all.
We believe this model was fundamentally broken. The user’s intention is to use the app and by making control over data an all-or-nothing scenario, a user’s was not left with much of a choice in terms of controlling their privacy. As a result, we developed the first system for iOS, called ProtectMyPrivacy, that allows users to selectively control different permissions on a per app basis that is being used by hundreds of thousands of users.
We now believe that having the ability to selectively permit access to user data does little good if the user doesn’t understand what granting that permission means to their privacy. When your apps access data, they never tell you WHY they are accessing your data or WHERE the data is being sent to. Sometimes a user can infer why information, like location data, is being requested. However, the developer doesn’t explicitly point out how that data is going to be used. Further complicating matters, third-party interfaces and libraries that developers include in their code base can request and use data in radically different ways than the core functionality itself. All of this complexity clouds the ability of the user to infer the purpose behind the request.
Our project proposes to address this issue holistically by both enabling granular control of data permissions while also exploring how to apply static and dynamic analysis techniques to existing applications in order extract purpose from the code itself. In this way, users could know that a particular location call is actually part of the core application and not a third party library. In addition to being able to selectively control permissions users would gain insight into each request’s distinct purpose, whether it be for personalization, localization, advertisements, etc. We are also exploring novel user interfaces to being able to rethink how to nudge users into actively managing their privacy. Given the sheer number of privacy related decisions a user might need to now make, we are also exploring ways to build user profiles and combined that with crowdsourced data from other users to be able to give recommendations to users to reduce the cognitive burden of making constant privacy decisions.
We are proud to be working with the following faculty and researchers from across Carnegie Mellon and the world:
Jason Hong (CMU HCII)
Project Publications
"Does this App Really Need My Location? Context-Aware Privacy Management for Smartphones"
Saksham Chitkara, Nishad Gothoskar, Suhas Harish, Jason I. Hong, Yuvraj Agarwal. Ubicomp 2017 -- ACM Transactions on Interactive, Mobile, Wearable Ubiquitous Technology (IMWUT), September, 2017.
"PrivacyStreams: Enabling Transparency in Personal Data Processing for Mobile Apps"
Yuanchun Li, Fanglin Chen, Toby Jia-Jun Li, Yao Guo, Gang Huang, Matthew Fredrickson, Yuvraj Agarwal, Jason I. Hong. Ubicomp 2017 -- ACM Transactions on Interactive, Mobile, Wearable Ubiquitous Technology (IMWUT), September, 2017.
"Understanding the Purpose of Permission Use in Mobile Apps"
Haoyu Wang, Yuanchun Li, Yao Guo, Yuvraj Agarwal, Jason I. Hong. TOIS 2017 -- ACM Transactions on Information Systems, July 2017.
"Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions"
Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun Zhang, Norman Sadeh, Alessandro Acquisti, Yuvraj Agarwal. SOUPS 2016 -- USENIX Symposium on Usable Privacy and Security. June 2016.
"Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging"
Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Cranor, Yuvraj Agarwal. CHI 2015 -- SIGCHI Conference: Human Factors in Computing Systems, Seoul, South Korea, 2015.
"ProtectMyPrivacy: Detecting and Mitigating Privacy Leaks on iOS Devices Using Crowdsourcing"
Yuvraj Agarwal and Malcolm Hall. MobiSys 2013 -- Proceedings of the 11th International Conference on Mobile Systems, Applications and Services, 2013.
"Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings"
Jialiu Lin, Bin Liu, Norman Sadeh, Jason Hong -- Symposium On Usable Privacy and Security, 2014
