Carnegie Mellon University
A team of research and privacy experts' contribution to a new future for mobile privacy. The following projects and research papers were produced during the course of the DARPA Brandeis project, or had a major impact on Brandeis at CMU.
The policy manager gives Android users fine-grained control over sensitive data accesses on their phones, and provides context for these accesses through purposes. The policy manager is built on top of PE for Android. See more: Policy Manager
Coconut is an Android Studio plugin developed using IntelliJ, which requires developers to annotate any kind of access or storage of privacy-sensitive user data. These annotations can then be used to generate privacy policies for end-users. It also provides additional guidelines for developers on better privacy practices and risks. See more: Coconut IDE
Research Paper on Coconut
“Coconut: An IDE Plugin for Developing Privacy-Friendly Apps”. Tianshi Li, Yuvraj Agarwal, Jason I. Hong. In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 2 Issue 4, December 2018.
There is a PE for Android-enabled version of Coconut, which generates policy files for the policy manager and integrates with the PE for Android SDK. See more: LINK?
Many smartphone apps collect potentially sensitive personal data and send it to cloud servers. However, it can be difficult to understand what data is being collected, where it is being sent to, and why. MobiPurpose infers fine-grained privacy attributes of outgoing smartphone network traffic, regarding who, where, what (e.g., location, tracking ID, email address, etc.), and why (e.g., advertising, marketing analytics, maps, etc.).
Research Paper on MobiPurpose
Download the MobiPurpose network trace dataset
"Why Are They Collecting My Data? Inferring the Purposes of Network Traffic in Mobile Apps." Jin, Haojian, Minyi Liu, Kevan Dodhia, Yuanchun Li, Gaurav Srivastava, Matthew Fredrikson, Yuvraj Agarwal, and Jason I. Hong. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, no. 4 (2018): 1-27.
Mobile apps frequently request access to sensitive data, such as location and contacts. Understanding the purpose of why sensitive data is accessed could help improve privacy as well as enable new kinds of access control. In this article, we propose a text mining based method to infer the purpose of sensitive data access by Android apps. The key idea we propose is to extract multiple features from app code and then use those features to train a machine learning classifier for purpose inference.
Research Paper on Purpose Inference
"Understanding the purpose of permission use in mobile apps." Wang, Haoyu, Yuanchun Li, Yao Guo, Yuvraj Agarwal, and Jason I. Hong. ACM Transactions on Information Systems (TOIS) 35, no. 4 (2017): 1-40.
PrivacyGrade assigns privacy grades to apps based on crowdsourced information on people’s privacy expectations. It also allows users to view more in-depth and detailed data regarding what data apps collect, for what reason and where that data goes. See more: PrivacyGrade
PrivacyProxy is an app that allows users to control privacy sensitivity settings by filtering sensitive data that leaves the device via the network.See more: Download PrivacyProxy
Research Paper on PrivacyProxy
"PrivacyProxy: Leveraging Crowdsourcing and In Situ Traffic Analysis to Detect and Mitigate Information Leakage." Srivastava, Gaurav, Kunal Bhuwalka, Swarup Kumar Sahoo, Saksham Chitkara, Kevin Ku, Matt Fredrikson, Jason Hong, and Yuvraj Agarwal. arXiv preprint arXiv:1708.06384 (2017).
PrivacyStreams offers a stream-based API for accessing sensitive data on Android. There is often a mismatch between the data that Android offers via its APIs and the granularity of data that developers need. For example, we found that many apps request GPS data, but only really need neighborhood or city granularity. Also, by offering a stream-based API, we can make it easier for developers to get the granularity they want while also improving privacy almost as a side effect. For example, a developer might request access to microphone, set up a series of transformations to get loudness, and then send the result to a callback. We can statically analyze this code, making it possible for us to generate human-understandable text like “this app uses microphone to get loudness”. See Github repository: PrivacyStreams
Research Paper on PrivacyStreams
"Privacystreams: Enabling transparency in personal data processing for mobile apps." Li, Yuanchun, Fanglin Chen, Toby Jia-Jun Li, Yao Guo, Gang Huang, Matthew Fredrikson, Yuvraj Agarwal, and Jason I. Hong. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 1, no. 3 (2017): 1-26.
There is a PE for Android-enabled version of PrivacyStreams, which serializes PrivacyStream queries as JSON objects, and executes the code remotely in a PE for Android PAL module. This version of PrivacyStreams guarantees additional privacy, because the code that accesses sensitive data is executed in a trusted source (the OS). See more: LINK?
Protect My Privacy is an app that allows users to control what data apps on their phone are allowed to collect. The Android version expands on the iOS version by allowing users to allow or deny sensitive data accesses to third-party libraries (such as advertisers), and includes a minimal purpose taxonomy.
iOS: Download iOS App
Android: Download Android App
Android version (most recent)
"Does this app really need my location? Context-aware privacy management for smartphones." Chitkara, Saksham, Nishad Gothoskar, Suhas Harish, Jason I. Hong, and Yuvraj Agarwal. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 1, no. 3 (2017): 1-22.
iOS version
"Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing." Yuvraj Agarwal and Malcolm Hall. In MobiSys 2013 - Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services, 97–109. 2013. doi:10.1145/2462456.2464460.