SlideShare a Scribd company logo

How to Analyze the Privacy of 1 Million Smartphone Apps

Download as PPTX, PDF
Jason Hong
Jason Hong

These slides are from a briefing to Congressional staffers about privacy, October 30 2014. It talks about our ongoing work with PrivacyGrade.org, which uses crowdsourcing techniques plus static analysis techniques to infer the privacy-related behaviors of apps.

Technology
1 of 23
©2014 Carnegie Mellon University : 1 How to Analyze the Privacy of 1 Million Smartphone Apps Oct 30 2014 Jason Hong jasonh@cs.cmu.edu Computer Human Interaction: Mobility Privacy Security
©2014 Carnegie Mellon University : 2 In the near future, our smartphones will know everything about us
©2014 Carnegie Mellon University : 3 Smartphones are Intimate • Mobile phones and millennials (Cisco 2012): • 75% use in bed before sleep • 83% sleep with their phones • 90% check first thing in the morning • A third use in bathroom (!!) • A fifth check every ten minutes
©2014 Carnegie Mellon University : 4 Lots of Data on Smartphones Who we know (contact list) Who we call (call log) Who we text (sms log)
©2014 Carnegie Mellon University : 5 Lots of Data on Smartphones Where we go (gps, foursquare) Photos (some geotagged) Sensors (accel, sound, light)
©2014 Carnegie Mellon University : 6 The Opportunity • We are creating a worldwide sensor network with these smartphones • Can analyze human behavior unprecedented fidelity and scale
©2014 Carnegie Mellon University : 7 These Capabilities Can Be Used for Tremendous Good • Ex. detecting onset of depression • Ex. understanding cities • Ex. next-gen intelligent agents
©2014 Carnegie Mellon University : 8 These Capabilities Can Also Be Creepy and Invasive Shared your location, gender, unique phone ID, phone# with advertisers Uploaded your entire contact list to their server (including phone #s)
©2014 Carnegie Mellon University : 9 Many Smartphone Apps Have “Unusual” Permissions Location Data Unique device ID Location Data Network Access Unique device ID Location Data Unique device ID
Nissan Maxima Gear Shift ©2014 Carnegie Mellon University : 10
©2014 Carnegie Mellon University : 11 Privacy as Expectations • Apply this same idea of mental models for privacy – Compare what people expect an app to do vs what an app actually does – Emphasize the biggest gaps, misconceptions that many people had App Behavior (What an app actually does) User Expectations (What people think the app does)
©2014 Carnegie Mellon University : 12 85% users were surprised this app sent their phone’s unique ID to mobile ads providers. 25% users were surprised this app sent their approximate location to dictionary.com for searching nearby words. 10% users were surprised this app wrote contents to their SD card. 0% users were surprised this app could control their audio settings. See all 95% users were surprised this app sent their approximate location to mobile ads providers. 95% users were surprised this app sent their phone’s unique ID to mobile ads providers. 90% users were surprised this app sent their precise location to mobile ads providers. 0% users were surprised this app can control camera flashlight.
©2014 Carnegie Mellon University : 13 Results for Location Data (N=20 per app, Expectations Condition) App Comfort Level (-2 – 2) Maps 1.52 GasBuddy 1.47 Weather Channel 1.45 • People more Foursquare 0.95 TuneIn Radio 0.60 Evernote 0.15 Angry Birds -0.70 Brightest Flashlight Free -1.15 Toss It -1.2 comfortable when told why app used data (even ads) • Our work helped influence FTC in fining Brightest Flashlight in Dec 2013
Scaling Up to 1 Million Apps ©2014 Carnegie Mellon University : 14
©2014 Carnegie Mellon University : 15 Scaling Up to 1 Million Apps • Crawled 1M apps on Google Play • Created a model to predict concerns – Ex. Contact list for social network mild – Ex. Contact list for ads very bad • Analyzed 1M apps for behaviors – Advertising, analytics, social net, other • Assigned grades based on model
©2014 Carnegie Mellon University : 16
©2014 Carnegie Mellon University : 17 What permissions used and why
©2014 Carnegie Mellon University : 18 Libraries are reusable pieces of code Most sensitive data requests due to third-party libraries
©2014 Carnegie Mellon University : 19 Check it out at privacygrade.org
©2014 Carnegie Mellon University : 20 Reflections on Privacy • FTC overwhelmed by sheer numbers – Too many web sites, hardware, apps • Developers don’t know what to do – State of developer tools also poor • NSF funding flat, unpredictable • Business models predicated on leveraging lots of user data • Too much burden on end-users
©2014 Carnegie Mellon University : 21 Reflections on Privacy • FTC (and third parties) need better tools to detect privacy problems – Scale up what FTC lawyers manually do today – Consider FTC fund 6.1, 6.2, 6.3 research • Expand NSF funding – Both education and research (centers) • Developers – Consider NIST holding developer conferences to work out best practices for privacy – Longer term: fund scholarships for privacy
©2014 Carnegie Mellon University : 22 Reflections on Privacy • Operating Systems / App Markets – Nearly every app distributed via markets – Ex. Make devs more aware of 3rd party issues – Ex. Better tools to help average developer – Not clear if much government can do here other than embarrassing Google, Apple • Businesses – Slap wrist of most egregious to set tone – Need to be careful not to squelch innovation • Ex. Facebook Newsfeed initially unpopular – Clearer rules for advertisers
©2014 Carnegie Mellon University : 23 Thanks! More info at cmuchimps.org or email jasonh@cs.cmu.edu • Shah Amini • Song Luan • Yuvraj Agarwal Special thanks to: • Army Research Office • NSF • Google • CMU Cylab • Jialiu Lin • Norman Sadeh

Recommended

Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014
Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014
Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014
Jason Hong
 
Introduction to User Experience and User Interface Design: A One-Hour Crash C...
Introduction to User Experience and User Interface Design: A One-Hour Crash C...Introduction to User Experience and User Interface Design: A One-Hour Crash C...
Introduction to User Experience and User Interface Design: A One-Hour Crash C...
Jason Hong
 
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Jason Hong
 
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
Jason Hong
 
Intelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full PotentialIntelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full Potential
Jason Hong
 
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Jason Hong
 
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Jason Hong
 
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
Jason Hong
 

Recommended

Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014
Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014
Privacy, Ethics, and Big (Smartphone) Data, at Mobisys 2014
Jason Hong
 
Introduction to User Experience and User Interface Design: A One-Hour Crash C...
Introduction to User Experience and User Interface Design: A One-Hour Crash C...Introduction to User Experience and User Interface Design: A One-Hour Crash C...
Introduction to User Experience and User Interface Design: A One-Hour Crash C...
Jason Hong
 
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Social Cybersecurity: Applying Social Psychology to Cybersecurity, at SecHuma...
Jason Hong
 
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
Jason Hong
 
Intelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full PotentialIntelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full Potential
Jason Hong
 
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Jason Hong
 
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Leveraging Human Factors for Effective Security Training, for ISSA 2013 CISO ...
Jason Hong
 
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
Jason Hong
 
Less is More: An Empirical Investigation of the Relationship Between Amount o...
Less is More: An Empirical Investigation of the Relationship Between Amount o...Less is More: An Empirical Investigation of the Relationship Between Amount o...
Less is More: An Empirical Investigation of the Relationship Between Amount o...
UXPA International
 
How to use Big Data to drive product strategy and adoption
How to use Big Data to drive product strategy and adoptionHow to use Big Data to drive product strategy and adoption
How to use Big Data to drive product strategy and adoption
UXPA International
 
How to Analyze the Privacy of 750000 Smartphone Apps
How to Analyze the Privacy of 750000 Smartphone Apps How to Analyze the Privacy of 750000 Smartphone Apps
How to Analyze the Privacy of 750000 Smartphone Apps
Jason Hong
 
Byod presentation jessica cowart_module_7
Byod presentation jessica cowart_module_7Byod presentation jessica cowart_module_7
Byod presentation jessica cowart_module_7
JLCT23
 
Eye Tracking the User Experience of Mobile: What You Need to Know
Eye Tracking the User Experience of Mobile: What You Need to KnowEye Tracking the User Experience of Mobile: What You Need to Know
Eye Tracking the User Experience of Mobile: What You Need to Know
Jennifer Romano Bergstrom
 
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Ray Poynter
 
So much UX data! Now what?
So much UX data! Now what?So much UX data! Now what?
So much UX data! Now what?
Jennifer Romano Bergstrom
 
Web Survey and Forms Usability Design & Testing
Web Survey and Forms Usability Design & TestingWeb Survey and Forms Usability Design & Testing
Web Survey and Forms Usability Design & TestingJennifer Romano Bergstrom
 
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Jennifer Romano Bergstrom
 
Ontela PicDeck (B): Case Analysis
Ontela PicDeck (B): Case AnalysisOntela PicDeck (B): Case Analysis
Ontela PicDeck (B): Case Analysis
Christopher Ortiz, MBA, PMP
 
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Joerg Blumtritt
 
Networked worlds and networked enterprises
Networked worlds and networked enterprisesNetworked worlds and networked enterprises
Networked worlds and networked enterprises
Pew Research Center's Internet & American Life Project
 
Ontela picdeck
Ontela picdeckOntela picdeck
Ontela picdeck
Loukik Huilgolkar
 
Ontella
OntellaOntella
Ontella
Yamna Rashid
 
Detection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social NetworkDetection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social Network
IRJET Journal
 
Kipp Bodnar - The Future of Social Media at HUG 2017
Kipp Bodnar - The Future of Social Media at HUG 2017Kipp Bodnar - The Future of Social Media at HUG 2017
Kipp Bodnar - The Future of Social Media at HUG 2017
SD Inbound Marketing
 
Boomerangers, teens & app enthusiasts- best practices for deploying mobile app
Boomerangers, teens & app enthusiasts- best practices for deploying mobile appBoomerangers, teens & app enthusiasts- best practices for deploying mobile app
Boomerangers, teens & app enthusiasts- best practices for deploying mobile appMerlien Institute
 
The Testing Planet Issue 7
The Testing Planet Issue 7The Testing Planet Issue 7
The Testing Planet Issue 7Rosie Sherry
 
Network effects presentation for blogger
Network effects presentation for bloggerNetwork effects presentation for blogger
Network effects presentation for bloggerdtait1
 
Mobile Data Analytics
Mobile Data AnalyticsMobile Data Analytics
Mobile Data Analytics
Joerg Blumtritt
 
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Jason Hong
 
Using Mobile Technology for Patient Recruitment Webinar
Using Mobile Technology for Patient Recruitment WebinarUsing Mobile Technology for Patient Recruitment Webinar
Using Mobile Technology for Patient Recruitment WebinarPatientWise
 

More Related Content

What's hot

Less is More: An Empirical Investigation of the Relationship Between Amount o...
Less is More: An Empirical Investigation of the Relationship Between Amount o...Less is More: An Empirical Investigation of the Relationship Between Amount o...
Less is More: An Empirical Investigation of the Relationship Between Amount o...
UXPA International
 
How to use Big Data to drive product strategy and adoption
How to use Big Data to drive product strategy and adoptionHow to use Big Data to drive product strategy and adoption
How to use Big Data to drive product strategy and adoption
UXPA International
 
How to Analyze the Privacy of 750000 Smartphone Apps
How to Analyze the Privacy of 750000 Smartphone Apps How to Analyze the Privacy of 750000 Smartphone Apps
How to Analyze the Privacy of 750000 Smartphone Apps
Jason Hong
 
Byod presentation jessica cowart_module_7
Byod presentation jessica cowart_module_7Byod presentation jessica cowart_module_7
Byod presentation jessica cowart_module_7
JLCT23
 
Eye Tracking the User Experience of Mobile: What You Need to Know
Eye Tracking the User Experience of Mobile: What You Need to KnowEye Tracking the User Experience of Mobile: What You Need to Know
Eye Tracking the User Experience of Mobile: What You Need to Know
Jennifer Romano Bergstrom
 
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Ray Poynter
 
So much UX data! Now what?
So much UX data! Now what?So much UX data! Now what?
So much UX data! Now what?
Jennifer Romano Bergstrom
 
Web Survey and Forms Usability Design & Testing
Web Survey and Forms Usability Design & TestingWeb Survey and Forms Usability Design & Testing
Web Survey and Forms Usability Design & TestingJennifer Romano Bergstrom
 
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Jennifer Romano Bergstrom
 
Ontela PicDeck (B): Case Analysis
Ontela PicDeck (B): Case AnalysisOntela PicDeck (B): Case Analysis
Ontela PicDeck (B): Case Analysis
Christopher Ortiz, MBA, PMP
 
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Joerg Blumtritt
 
Networked worlds and networked enterprises
Networked worlds and networked enterprisesNetworked worlds and networked enterprises
Networked worlds and networked enterprises
Pew Research Center's Internet & American Life Project
 
Ontela picdeck
Ontela picdeckOntela picdeck
Ontela picdeck
Loukik Huilgolkar
 
Ontella
OntellaOntella
Ontella
Yamna Rashid
 
Detection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social NetworkDetection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social Network
IRJET Journal
 
Kipp Bodnar - The Future of Social Media at HUG 2017
Kipp Bodnar - The Future of Social Media at HUG 2017Kipp Bodnar - The Future of Social Media at HUG 2017
Kipp Bodnar - The Future of Social Media at HUG 2017
SD Inbound Marketing
 
Boomerangers, teens & app enthusiasts- best practices for deploying mobile app
Boomerangers, teens & app enthusiasts- best practices for deploying mobile appBoomerangers, teens & app enthusiasts- best practices for deploying mobile app
Boomerangers, teens & app enthusiasts- best practices for deploying mobile appMerlien Institute
 
The Testing Planet Issue 7
The Testing Planet Issue 7The Testing Planet Issue 7
The Testing Planet Issue 7Rosie Sherry
 
Network effects presentation for blogger
Network effects presentation for bloggerNetwork effects presentation for blogger
Network effects presentation for bloggerdtait1
 
Mobile Data Analytics
Mobile Data AnalyticsMobile Data Analytics
Mobile Data Analytics
Joerg Blumtritt
 

What's hot (20)

Less is More: An Empirical Investigation of the Relationship Between Amount o...
Less is More: An Empirical Investigation of the Relationship Between Amount o...Less is More: An Empirical Investigation of the Relationship Between Amount o...
Less is More: An Empirical Investigation of the Relationship Between Amount o...
 
How to use Big Data to drive product strategy and adoption
How to use Big Data to drive product strategy and adoptionHow to use Big Data to drive product strategy and adoption
How to use Big Data to drive product strategy and adoption
 
How to Analyze the Privacy of 750000 Smartphone Apps
How to Analyze the Privacy of 750000 Smartphone Apps How to Analyze the Privacy of 750000 Smartphone Apps
How to Analyze the Privacy of 750000 Smartphone Apps
 
Byod presentation jessica cowart_module_7
Byod presentation jessica cowart_module_7Byod presentation jessica cowart_module_7
Byod presentation jessica cowart_module_7
 
Eye Tracking the User Experience of Mobile: What You Need to Know
Eye Tracking the User Experience of Mobile: What You Need to KnowEye Tracking the User Experience of Mobile: What You Need to Know
Eye Tracking the User Experience of Mobile: What You Need to Know
 
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
Cribbett and Redelinghuys - Cutting Edge of NewMR 2015
 
So much UX data! Now what?
So much UX data! Now what?So much UX data! Now what?
So much UX data! Now what?
 
Web Survey and Forms Usability Design & Testing
Web Survey and Forms Usability Design & TestingWeb Survey and Forms Usability Design & Testing
Web Survey and Forms Usability Design & Testing
 
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
Unifying the UX of a Survey Across Multiple Devices (MoDevEast 2013)
 
Ontela PicDeck (B): Case Analysis
Ontela PicDeck (B): Case AnalysisOntela PicDeck (B): Case Analysis
Ontela PicDeck (B): Case Analysis
 
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
Behavioral Analytics with Smartphone Data. Talk at Strata + Hadoop World 2014...
 
Networked worlds and networked enterprises
Networked worlds and networked enterprisesNetworked worlds and networked enterprises
Networked worlds and networked enterprises
 
Ontela picdeck
Ontela picdeckOntela picdeck
Ontela picdeck
 
Ontella
OntellaOntella
Ontella
 
Detection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social NetworkDetection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social Network
 
Kipp Bodnar - The Future of Social Media at HUG 2017
Kipp Bodnar - The Future of Social Media at HUG 2017Kipp Bodnar - The Future of Social Media at HUG 2017
Kipp Bodnar - The Future of Social Media at HUG 2017
 
Boomerangers, teens & app enthusiasts- best practices for deploying mobile app
Boomerangers, teens & app enthusiasts- best practices for deploying mobile appBoomerangers, teens & app enthusiasts- best practices for deploying mobile app
Boomerangers, teens & app enthusiasts- best practices for deploying mobile app
 
The Testing Planet Issue 7
The Testing Planet Issue 7The Testing Planet Issue 7
The Testing Planet Issue 7
 
Network effects presentation for blogger
Network effects presentation for bloggerNetwork effects presentation for blogger
Network effects presentation for blogger
 
Mobile Data Analytics
Mobile Data AnalyticsMobile Data Analytics
Mobile Data Analytics
 

Similar to How to Analyze the Privacy of 1 Million Smartphone Apps

Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Jason Hong
 
Using Mobile Technology for Patient Recruitment Webinar
Using Mobile Technology for Patient Recruitment WebinarUsing Mobile Technology for Patient Recruitment Webinar
Using Mobile Technology for Patient Recruitment WebinarPatientWise
 
Mobile App Benchmarks: Engagement & Retention
Mobile App Benchmarks: Engagement & RetentionMobile App Benchmarks: Engagement & Retention
Mobile App Benchmarks: Engagement & Retention
Emmanuel Quartey
 
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Elissa Redmiles
 
Getting users to trust your Mobile Apps and Mobile Web sites
Getting users to trust your Mobile Apps and Mobile Web sitesGetting users to trust your Mobile Apps and Mobile Web sites
Getting users to trust your Mobile Apps and Mobile Web sites
Janet Jaiswal
 
Fostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone PrivacyFostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone Privacy
Jason Hong
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Jason Hong
 
Making The Leap From Web To Mobile
Making The Leap From Web To MobileMaking The Leap From Web To Mobile
Making The Leap From Web To Mobile
Kris Mihalic
 
Getting Going with Mobile (What Your Users Really Want!)
Getting Going with Mobile (What Your Users Really Want!)Getting Going with Mobile (What Your Users Really Want!)
Getting Going with Mobile (What Your Users Really Want!)
Forum One
 
User-Centered (Mobile) Device Strategy
User-Centered (Mobile) Device StrategyUser-Centered (Mobile) Device Strategy
User-Centered (Mobile) Device Strategy
Søren Engelbrecht
 
260119 a digital approach towards market research upload
260119 a digital approach towards market research upload260119 a digital approach towards market research upload
260119 a digital approach towards market research upload
Syed Yeasef Akbar
 
PERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPT
PERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPTPERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPT
PERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPT
Palash Banerjee
 
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Jason Hong
 
Mobile Marketing Mix
Mobile Marketing MixMobile Marketing Mix
Mobile Marketing Mix
mattpiette
 
Mobile2013
Mobile2013Mobile2013
Mobile2013
John Yuiska
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
Jason Hong
 
Hc2013 my journey mobile app presentation
Hc2013 my journey mobile app presentationHc2013 my journey mobile app presentation
Hc2013 my journey mobile app presentation
Youth Mental Health Network
 
SharePoint Summit Vancouver: Reach your audience with a SharePoint mobile app
SharePoint Summit Vancouver: Reach your audience with a SharePoint mobile appSharePoint Summit Vancouver: Reach your audience with a SharePoint mobile app
SharePoint Summit Vancouver: Reach your audience with a SharePoint mobile app
Mallory O'Connor
 
Gg mobile apps_vs_web_july2011-5
Gg mobile apps_vs_web_july2011-5Gg mobile apps_vs_web_july2011-5
Gg mobile apps_vs_web_july2011-5
DMI
 

Similar to How to Analyze the Privacy of 1 Million Smartphone Apps (20)

Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
Analyzing the Privacy of Smartphone Apps, for CMU Cylab Talk on April 2013
 
Using Mobile Technology for Patient Recruitment Webinar
Using Mobile Technology for Patient Recruitment WebinarUsing Mobile Technology for Patient Recruitment Webinar
Using Mobile Technology for Patient Recruitment Webinar
 
Mobile App Benchmarks: Engagement & Retention
Mobile App Benchmarks: Engagement & RetentionMobile App Benchmarks: Engagement & Retention
Mobile App Benchmarks: Engagement & Retention
 
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
 
Getting users to trust your Mobile Apps and Mobile Web sites
Getting users to trust your Mobile Apps and Mobile Web sitesGetting users to trust your Mobile Apps and Mobile Web sites
Getting users to trust your Mobile Apps and Mobile Web sites
 
Outline MS PP EH
Outline MS PP EHOutline MS PP EH
Outline MS PP EH
 
Fostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone PrivacyFostering an Ecosystem for Smartphone Privacy
Fostering an Ecosystem for Smartphone Privacy
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
 
Making The Leap From Web To Mobile
Making The Leap From Web To MobileMaking The Leap From Web To Mobile
Making The Leap From Web To Mobile
 
Getting Going with Mobile (What Your Users Really Want!)
Getting Going with Mobile (What Your Users Really Want!)Getting Going with Mobile (What Your Users Really Want!)
Getting Going with Mobile (What Your Users Really Want!)
 
User-Centered (Mobile) Device Strategy
User-Centered (Mobile) Device StrategyUser-Centered (Mobile) Device Strategy
User-Centered (Mobile) Device Strategy
 
260119 a digital approach towards market research upload
260119 a digital approach towards market research upload260119 a digital approach towards market research upload
260119 a digital approach towards market research upload
 
PERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPT
PERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPTPERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPT
PERCEPTION OF MOBILE APPS AMONG COMMON PEOPLE PPT
 
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
Are my Devices Spying on Me? Living in a World of Ubiquitous Computing
 
Mobile Marketing Mix
Mobile Marketing MixMobile Marketing Mix
Mobile Marketing Mix
 
Mobile2013
Mobile2013Mobile2013
Mobile2013
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
 
Hc2013 my journey mobile app presentation
Hc2013 my journey mobile app presentationHc2013 my journey mobile app presentation
Hc2013 my journey mobile app presentation
 
SharePoint Summit Vancouver: Reach your audience with a SharePoint mobile app
SharePoint Summit Vancouver: Reach your audience with a SharePoint mobile appSharePoint Summit Vancouver: Reach your audience with a SharePoint mobile app
SharePoint Summit Vancouver: Reach your audience with a SharePoint mobile app
 
Gg mobile apps_vs_web_july2011-5
Gg mobile apps_vs_web_july2011-5Gg mobile apps_vs_web_july2011-5
Gg mobile apps_vs_web_july2011-5
 

Recently uploaded

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 

Recently uploaded (20)

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 

How to Analyze the Privacy of 1 Million Smartphone Apps

  • 1. ©2014 Carnegie Mellon University : 1 How to Analyze the Privacy of 1 Million Smartphone Apps Oct 30 2014 Jason Hong jasonh@cs.cmu.edu Computer Human Interaction: Mobility Privacy Security
  • 2. ©2014 Carnegie Mellon University : 2 In the near future, our smartphones will know everything about us
  • 3. ©2014 Carnegie Mellon University : 3 Smartphones are Intimate • Mobile phones and millennials (Cisco 2012): • 75% use in bed before sleep • 83% sleep with their phones • 90% check first thing in the morning • A third use in bathroom (!!) • A fifth check every ten minutes
  • 4. ©2014 Carnegie Mellon University : 4 Lots of Data on Smartphones Who we know (contact list) Who we call (call log) Who we text (sms log)
  • 5. ©2014 Carnegie Mellon University : 5 Lots of Data on Smartphones Where we go (gps, foursquare) Photos (some geotagged) Sensors (accel, sound, light)
  • 6. ©2014 Carnegie Mellon University : 6 The Opportunity • We are creating a worldwide sensor network with these smartphones • Can analyze human behavior unprecedented fidelity and scale
  • 7. ©2014 Carnegie Mellon University : 7 These Capabilities Can Be Used for Tremendous Good • Ex. detecting onset of depression • Ex. understanding cities • Ex. next-gen intelligent agents
  • 8. ©2014 Carnegie Mellon University : 8 These Capabilities Can Also Be Creepy and Invasive Shared your location, gender, unique phone ID, phone# with advertisers Uploaded your entire contact list to their server (including phone #s)
  • 9. ©2014 Carnegie Mellon University : 9 Many Smartphone Apps Have “Unusual” Permissions Location Data Unique device ID Location Data Network Access Unique device ID Location Data Unique device ID
  • 10. Nissan Maxima Gear Shift ©2014 Carnegie Mellon University : 10
  • 11. ©2014 Carnegie Mellon University : 11 Privacy as Expectations • Apply this same idea of mental models for privacy – Compare what people expect an app to do vs what an app actually does – Emphasize the biggest gaps, misconceptions that many people had App Behavior (What an app actually does) User Expectations (What people think the app does)
  • 12. ©2014 Carnegie Mellon University : 12 85% users were surprised this app sent their phone’s unique ID to mobile ads providers. 25% users were surprised this app sent their approximate location to dictionary.com for searching nearby words. 10% users were surprised this app wrote contents to their SD card. 0% users were surprised this app could control their audio settings. See all 95% users were surprised this app sent their approximate location to mobile ads providers. 95% users were surprised this app sent their phone’s unique ID to mobile ads providers. 90% users were surprised this app sent their precise location to mobile ads providers. 0% users were surprised this app can control camera flashlight.
  • 13. ©2014 Carnegie Mellon University : 13 Results for Location Data (N=20 per app, Expectations Condition) App Comfort Level (-2 – 2) Maps 1.52 GasBuddy 1.47 Weather Channel 1.45 • People more Foursquare 0.95 TuneIn Radio 0.60 Evernote 0.15 Angry Birds -0.70 Brightest Flashlight Free -1.15 Toss It -1.2 comfortable when told why app used data (even ads) • Our work helped influence FTC in fining Brightest Flashlight in Dec 2013
  • 14. Scaling Up to 1 Million Apps ©2014 Carnegie Mellon University : 14
  • 15. ©2014 Carnegie Mellon University : 15 Scaling Up to 1 Million Apps • Crawled 1M apps on Google Play • Created a model to predict concerns – Ex. Contact list for social network mild – Ex. Contact list for ads very bad • Analyzed 1M apps for behaviors – Advertising, analytics, social net, other • Assigned grades based on model
  • 16. ©2014 Carnegie Mellon University : 16
  • 17. ©2014 Carnegie Mellon University : 17 What permissions used and why
  • 18. ©2014 Carnegie Mellon University : 18 Libraries are reusable pieces of code Most sensitive data requests due to third-party libraries
  • 19. ©2014 Carnegie Mellon University : 19 Check it out at privacygrade.org
  • 20. ©2014 Carnegie Mellon University : 20 Reflections on Privacy • FTC overwhelmed by sheer numbers – Too many web sites, hardware, apps • Developers don’t know what to do – State of developer tools also poor • NSF funding flat, unpredictable • Business models predicated on leveraging lots of user data • Too much burden on end-users
  • 21. ©2014 Carnegie Mellon University : 21 Reflections on Privacy • FTC (and third parties) need better tools to detect privacy problems – Scale up what FTC lawyers manually do today – Consider FTC fund 6.1, 6.2, 6.3 research • Expand NSF funding – Both education and research (centers) • Developers – Consider NIST holding developer conferences to work out best practices for privacy – Longer term: fund scholarships for privacy
  • 22. ©2014 Carnegie Mellon University : 22 Reflections on Privacy • Operating Systems / App Markets – Nearly every app distributed via markets – Ex. Make devs more aware of 3rd party issues – Ex. Better tools to help average developer – Not clear if much government can do here other than embarrassing Google, Apple • Businesses – Slap wrist of most egregious to set tone – Need to be careful not to squelch innovation • Ex. Facebook Newsfeed initially unpopular – Clearer rules for advertisers
  • 23. ©2014 Carnegie Mellon University : 23 Thanks! More info at cmuchimps.org or email jasonh@cs.cmu.edu • Shah Amini • Song Luan • Yuvraj Agarwal Special thanks to: • Army Research Office • NSF • Google • CMU Cylab • Jialiu Lin • Norman Sadeh

Editor's Notes

  1. Professor in School of Computer Science at Carnegie Mellon University Past work Anti-phishing research Wombat Security Location privacy
  2. Jason Hong / jasonh@cs.cmu.edu I’m a computer scientist, and I’ve been working with sensor-based systems for 15 years My claim: in the near future, smartphones will know everything about us Our Smartphones will know if we are depressed or not / what our carbon footprint is / what our information needs are before we even know what we need Images from http://www.androidtapp.com/how-simple-is-your-smartphone-to-use-funny-videos/ http://www.sfgate.com/crime/article/Absorbed-device-users-oblivious-to-danger-4876709.php#photo-5278749 http://www.reneweduponadream.com/2012/09/business-without-smartphone-dont-let-it.html
  3. Main stats on this page are from: http://www.cisco.com/c/en/us/solutions/enterprise/connected-world-technology-report/index.html#~2012 Additional stats about mobile phones: http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/ ----------------------- What’s also interesting are trends in how people use these smartphones http://blog.sciencecreative.com/2011/03/16/the-authentic-online-marketer/ http://www.generationalinsights.com/millennials-addicted-to-their-smartphones-some-suffer-nomophobia/ In fact, Millennials don’t just sleep with their smartphones. 75% use them in bed before going to sleep and 90% check them again first thing in the morning.  Half use them while eating and third use them in the bathroom. A third check them every half hour. Another fifth check them every ten minutes. A quarter of them check them so frequently that they lose count. http://www.androidtapp.com/how-simple-is-your-smartphone-to-use-funny-videos/ Pew Research Center Around 83 percent of those 18- to 29-year-olds sleep with their cell phones within reach.  http://persquaremile.com/category/suburbia/
  4. Pushing further, smartphone data is really intimate Location, call logs, SMS, pics, more
  5. A grand challenge for computer science http://www.flickr.com/photos/robby_van_moor/478725670/
  6. On the left is Nissan Maxima gear shift. It turns out my brother was driving in 3rd gear for over a year before I pointed out to him that 3 and D are separate. The older Nissan Maxima gear shift on the right makes it hard to make this mistake.
  7. Lin et al, Expectation and Purpose: Understanding User’s Mental Models of Mobile App Privacy thru Crowdsourcing. Ubicomp 2012.
  8. In expectations condition, people were told app used a permission but not why.
  9. We created a predictive model of people’s concerns using a combination of static analysis and crowdsourcing.
  10. DARPA Google CMU CyLab