Mitigating privacy risks of smartphones in mobile computing

Abstract

The ubiquitous and ever-more-capable smartphones bring forth unprecedented performance in mobile computing. The pursuit of high quality mobile applications and services may however compromise users' privacy, which is a pivotal issue in mobile computing. Much attention goes into how to mitigate users' privacy risks in smartphones. Compared with traditional privacy-preserving methods, new challenges have raised in smartphone privacy. On one hand, users have to provide their information for better functionality and service in the smartphone. On the other hand, they are reluctant to reveal some sensitive or personal data. In this thesis, we investigate smartphone privacy to address these new challenges. We survey the state of the art on the smartphone privacy, focusing on the current issues, proposed methods and existing systems. We discuss the characteristics of smartphone privacy in mobile computing and then review a number of related works and on-going research in detecting and mitigating privacy risks in smartphones. According to our findings, we consider two important cases of smartphone privacy disclosure in mobile computing: privacy leakage during mobile participatory sensing and privacy disclosure of mobile applications. First, we study smartphone privacy during mobile participatory sensing with a focus on privacy measurement. With the development of mobile devices, a novel sensing paradigm emerges, namely, participatory sensing, which engages users with mobile devices to collect and interpret sensory information from the environment. The users participate in multi-farious sensing tasks and share their information. It is not uncommon that their privacy is likely disclosed when the information is shared. Current works focus on privacy protecting and preserving and propose algorithms and mechanisms to prevent users' information from being disclosed. However, users are reluctant to hold their data perpetually since it is routine for them to share information in a participatory sensing systems. Users, therefore, need to know how much the privacy risk they have and which data can be shared. Unfortunately, it is arduous for users to apprehend their privacy risk in mobile participatory sensing systems, and make a proper decision on data sharing accordingly. To address this issue, we propose a privacy measurement method, PriMe, which quantifies the privacy in participatory sensing systems from the perspective of individual sensitivity. Participants are recruited to conduct the experiments for evaluation. The experiment results show that PriMe can provide accurate results to the participants. Second, we study smartphone privacy in mobile applications, focusing on mitigating users' privacy risks. Privacy is a crucial issue of mobile apps because there is a plethora of personal and sensitive information in smartphones. Various mechanisms and tools have been proposed to detect and mitigate privacy leaks. However, they rarely consider users' preferences and expectations. Users hold various expectations towards different mobile apps. For example, users may allow a social network app to access their photos rather than a game app because it is beyond users' expectation that an entertainment app attempt to get the personal photos. Therefore, it is vital to understand users' privacy expectations of various mobile apps and help them to mitigate privacy risks in the smartphone accordingly. To achieve this objective, we propose and implement PriWe, a system based on crowdsourcing driven by users who share privacy permission settings of their apps in smartphones. PriWe leverages the crowdsourced permission settings to understand users' privacy expectation and provides app specific recommendations to mitigate information leakage. We deployed PriWe in the real world for evaluation. Feedbacks are collected from the real world users and participants on Amazon Mechanical Turk. The results show that PriWe can make proper recommendations which meet participants' privacy expectation and are accepted by the users.