Objectives

• Advocate a privacy protection ecosystem that shifts burden from users to developers and app stores, enforcing app design and deployment guidelines that are sensible and sensory
   
  • Sensible: provide meaningful functionality for users
     
  • Sensory: provide sensory feedback for users
     
• Model the features of legitimate & illegitimate private data uses in apps under various contexts
   
  • A new legitimacy definition based on user-perceivable and measurable app features
     
  • A set of techniques and a new framework for automatically determining legitimacy and mitigating misuses based on GUI and code contexts
     
  • A vocabulary that describes the relations among app features and private data uses
     
• Automatically determine the legitimacy of each use of private data in each app for each user
   
  • Automated: reduce burden on users
     
  • Fine-grained: control each private data use case, versus one decision for the whole app
     
  • Customizable: customize for different users and different contexts, versus fixed decisions for the same app or user
     

Existing Solutions and Their Limitations

• Biased training: need to assume some apps are "benign" for training classification models
   
• Limited view of app contexts: under-utilized the links among perceivable GUI features, app functionalities, and norms of private data uses across apps
   
• Coarse-grained: make fixed one-time decisions at app-level or library/package-level
   

Outcomes/Deliverables

Mid-Term

• High-precision & high-recall GUI feature modelling and app functionality modelling prototypes
   
• High-precision vocabulary describing the relations among app GUI features, functionalities , and private data uses
   

Final:

• An effective legitimacy definition for capturing misuses of private data
   

• An efficient, high-precision & high-recall prototype for detecting and mitigating misuses of private data on users' device.

Practical Applications and Impact

• Enhance user and developer awareness and the ecosystem for privacy protection
   
• Advocate the sensory and sensible principle for more kinds of smart apps
   
• Improve users' trust on smart apps and systems to facilitate SmartNation Initiative
   

• Applications for (1) app stores to build  the norms of private data uses and analyse apps offline, (2) mobile system developers to manage private data uses and monitor apps on-device, (3) mobile app developers to be more privacy-aware during app development, and (4) users to customize privacy preferences and usage controls on-device.

System Architecture/Description

• Key hypothesis: Legitimate uses of private data in an app should have user-perceivable elements relevant for the app's functionalities wanted by the user.

​

• Key approach: Automated feature modelling & legitimacy decision via static/dynamic program analysis and machine learning

​