how to analyze the privacy of 1 million smartphone apps
DESCRIPTION
These slides are from a briefing to Congressional staffers about privacy, October 30 2014. It talks about our ongoing work with PrivacyGrade.org, which uses crowdsourcing techniques plus static analysis techniques to infer the privacy-related behaviors of apps.TRANSCRIPT
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
1
How to Analyze the Privacy of 1 Million Smartphone Apps
Oct 30 2014
Jason [email protected]
ComputerHumanInteraction:MobilityPrivacySecurity
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
2
In the near future, our smartphones will know
everything about us
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
3
Smartphones are Intimate
• Mobile phones and millennials (Cisco 2012):• 75% use in bed before sleep • 83% sleep with their phones• 90% check first thing in the
morning• A third use in bathroom (!!)• A fifth check every ten
minutes
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
4
Lots of Data on Smartphones
Who we know(contact list)
Who we call(call log)
Who we text(sms log)
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
5
Lots of Data on Smartphones
Where we go(gps, foursquare)
Photos(some geotagged)
Sensors(accel, sound, light)
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
6
The Opportunity
• We are creating a worldwide sensor network with these smartphones
• Can analyze human behavior unprecedented fidelity and scale
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
7
These Capabilities Can Be Used for Tremendous Good
• Ex. detecting onset of depression• Ex. understanding cities• Ex. next-gen intelligent agents
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
8
These Capabilities Can Also Be Creepy and Invasive
Shared your location,gender, unique phone ID,phone# with advertisers
Uploaded your entire contact list to their server(including phone #s)
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
9
Many Smartphone Apps Have “Unusual” Permissions
Location Data
Unique device ID
Location Data
Network Access
Unique device ID
Location Data
Unique device ID
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
10
Nissan Maxima Gear Shift
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
11
Privacy as Expectations
• Apply this same idea of mental models for privacy– Compare what people expect an app
to do vs what an app actually does– Emphasize the biggest gaps,
misconceptions that many people had
App Behavior(What an app actually does)
User Expectations(What people think
the app does)
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
12
10% users were surprised this app wrote contents to their SD card.
25% users were surprised this app sent their approximate location to dictionary.com for searching nearby words.
85% users were surprised this app sent their phone’s unique ID to mobile ads providers.
0% users were surprised this app could control their audio settings.
See all
90% users were surprised this app sent their precise location to mobile ads providers.
95% users were surprised this app sent their approximate location to mobile ads providers.
95% users were surprised this app sent their phone’s unique ID to mobile ads providers.
See all
0% users were surprised this app can control camera flashlight.
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
13
Results for Location Data (N=20 per app, Expectations Condition)
App Comfort Level (-2 – 2)
Maps 1.52
GasBuddy 1.47
Weather Channel 1.45
Foursquare 0.95
TuneIn Radio 0.60
Evernote 0.15
Angry Birds -0.70
Brightest Flashlight Free -1.15
Toss It -1.2
• People more comfortable when told why app used data (even ads)
• Our work helped influence FTC in fining Brightest Flashlight in Dec 2013
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
14
Scaling Up to 1 Million Apps
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
15
Scaling Up to 1 Million Apps
• Crawled 1M apps on Google Play• Created a model to predict concerns
– Ex. Contact list for social network mild– Ex. Contact list for ads very bad
• Analyzed 1M apps for behaviors– Advertising, analytics, social net, other
• Assigned grades based on model
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
16
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
17
What permissions
used and why
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
18
Libraries are reusable pieces
of code
Most sensitive data requests due to third-
party libraries
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
19
Check it out at privacygrade.org
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
20
Reflections on Privacy
• FTC overwhelmed by sheer numbers– Too many web sites, hardware, apps
• Developers don’t know what to do– State of developer tools also poor
• NSF funding flat, unpredictable• Business models predicated on
leveraging lots of user data• Too much burden on end-users
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
21
Reflections on Privacy
• FTC (and third parties) need better tools to detect privacy problems– Scale up what FTC lawyers manually do today – Consider FTC fund 6.1, 6.2, 6.3 research
• Expand NSF funding – Both education and research (centers)
• Developers – Consider NIST holding developer conferences
to work out best practices for privacy– Longer term: fund scholarships for privacy
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
22
Reflections on Privacy
• Operating Systems / App Markets– Nearly every app distributed via markets– Ex. Make devs more aware of 3rd party issues– Ex. Better tools to help average developer– Not clear if much government can do here
other than embarrassing Google, Apple
• Businesses– Slap wrist of most egregious to set tone– Need to be careful not to squelch innovation
• Ex. Facebook Newsfeed initially unpopular– Clearer rules for advertisers
©2
01
4 C
arn
eg
ie M
ello
n U
niv
ers
ity :
23
Thanks!
More info at cmuchimps.orgor email [email protected]
Special thanks to:• Army Research Office• NSF
• Google• CMU Cylab
• Shah Amini• Song Luan• Yuvraj Agarwal
• Jialiu Lin• Norman Sadeh