Privacy rights management for mobile applications

Proceedings of the 13th International IEEE Conference on Information Reuse and Integration (IRI) 2012, Las Vegas, Nevada, pp. 694-699

"Participatory applications provide users with valueadded and reusable information; however, collection of this information comes at the expense of the participants’ privacy. Preserving the mobile participants’ privacy is a key concern of mobile computing. This paper outlines current participatory application system model, privacy weaknesses, and existing privacy enhancing technologies. Next, it proposes a study to address mobile privacy protection by educating participants of exploitable privacy areas of their participatory applications. The contribution of the paper is two-fold: it provides a review of the existing privacy weaknesses of PS applications and demonstrates that participants’ wanting to know more about these weaknesses warrants further study."

IEEE Security & Privacy Magazine, 2004

2014 47th Hawaii International Conference on System Sciences, 2014

Evidences collected from smartphones users show a growing desire of personalization offered by services for mobile devices. However, the need to accurately identify users' contexts has important implications for user's privacy and it increases the amount of trust, which users are requested to have in the service providers. In this paper, we introduce a model that describes the role of personalization and control in users' assessment of cost and benefits associated to the disclosure of private information. We present an instantiation of such model, a context-aware application for smartphones based on the Android operating system, in which users' private information are protected. Focus group interviews were conducted to examine users' privacy concerns before and after having used our application. Obtained results confirm the utility of our artifact and provide support to our theoretical model, which extends previous literature on privacy calculus and user's acceptance of contextaware technology.

2020

Consumers are largely unaware regarding the use being made to the data that they generate through smart devices, or their GDPR-compliance, since such information is typically hidden behind vague privacy policy documents, which are often lengthy, difficult to read (containing legal terms and definitions) and frequently changing. This paper describes the activities of the CAP-A project, whose aim is to apply crowdsourcing techniques to evaluate the privacy friendliness of apps, and to allow users to better understand the content of Privacy Policy documents and, consequently, the privacy implications of using any given mobile app. To achieve this, we developed a set of tools that aim at assisting users to express their own privacy concerns and expectations and assess the mobile apps’ privacy properties through collective intelligence.

Lecture Notes in Computer Science, 2007

In this paper we address the realization of personal privacy control in pervasive computing. We argue that personal privacy demands differ substantially from those assumed in enterprise privacy control. This is demonstrated by introducing seven requirements specific for personal privacy, which are then used for the definition of our privacy policy language, called SenTry. It is designed to take into account the expected level of privacy from the perspective of the individual when interacting with context-aware services. SenTry serves as the base for implementing personal privacy in our User-centric Privacy Framework for pervasive computing.

The Privacy by Design concept proposes to integrate the respect of user privacy into systems managing user data from the design stage. This concept has increased in popularity and the European Union (EU) is enforcing it with a Data Protection Directive. Mobile applications have emerged onto the market and the current law and future directive is applicable to all mobile applications designed for EU users. By now it has been shown that mobile applications do not suit the Privacy by Design concept and lack for transparency, consent and security. The actual permission systems is judged as unclear for users. In this paper, we introduce a novel permission model suitable for mobile application that respects Privacy by Design. We show that such adapted permission system can improve the transparency and consent but also the security of mobile applications. Finally, we propose an example of the use of our system on mobile application.

Proceedings on Privacy Enhancing Technologies, 2016

Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users’ lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications and features, in many cases without a full appreciation of the nature and extent of the information that they are exposing to a variety of third parties. Nevertheless, studies show that users remain concerned about their privacy and vendors have similarly been increasing their utilization of privacy-preserving technologies in these devices. Still, despite significant efforts, these technologies continue to fail in fundamental ways, leaving users’ private data exposed.In this work, we survey the numerous components of mobile devices, giving particular attention to those that collect, process, or protect users’ private data. Whereas the individual compon...

Report, Norwegian Computing …

Knowledge of the location of a person's mobile phone can be used by service providers to tailor better services for their customers, and can generate new business opportunities. To make use of this information, the privacy of the users needs to be enforced. Information about a person's location is private information, and a key question is: "Who should have access to what location information under which circumstances?"

Wireless Information Systems, 2004

Next generation mobile services in business-to-employee (B2E) settings put very high demands on the privacy protection features of contextaware, personalization and adaptation enabling technologies. To this end we propose a middle agent framework that allows parties to securely exchange personal or business sensitive contextual information independently of the available networks. In order to demonstrate our privacy enforcing middle agent framework, we build a scheduling service, in which the middle agents collectively arrange an update of a meeting between employees by adapting location and time on the basis of privacy and scheduling policies of the traveling employees themselves or the companies they work for. We developed and deployed this scheduling service on a LEAP agent platform and used a PDA to communicate with the middle agents on the server using WLAN and GPRS networks.

2014

The number of smartphones, tablets, sensors, and connected wearable devices are rapidly increasing. Today, in many parts of the globe, the penetration of mobile computers has overtaken the number of traditional personal computers. This trend and the always-on nature of these devices have resulted in increasing concerns over the intrusive nature of these devices and the privacy risks that they impose on users or those associated with them. In this paper, we survey the current state of the art on mobile computing research, focusing on privacy risks and data leakage effects. We then discuss a number of methods, recommendations, and ongoing research in limiting the privacy leakages and associated risks by mobile computing.