A smartphone app that uses the raw feed from the device's microphone or accesses its contact list can raise red flags for a user concerned about privacy. In many cases, however, the app doesn't need all the details that users find most sensitive.
Researchers at Carnegie Mellon and Peking universities have addressed this dilemma by creating a service, PrivacyStreams, that enables app developers to access the smartphone data they need for app functionality while assuring users that their private information isn't being sold to an online marketer or otherwise revealed.
A sleep-monitoring app, for instance, might need to access the smartphone's microphone, but only to register loudness, not to monitor conversations. An app developer could simply sample the microphone feed every minute or so, use software in the PrivacyStreams library to transform the raw data to loudness and then send just the loudness data back to the smartphone for use by the app.
"We're creating a new way of doing programming that makes it easier for the developer and also enhances privacy," said Jason Hong, associate professor of computer science in Carnegie Mellon's Human-Computer Interaction Institute (HCII). "And while PrivacyStreams is geared to mobile apps, I think we can apply the same idea to the internet of things, or to accessing historical data."
The researchers will present their findings at Ubicomp 2017, the ACM International Joint Conference on Pervasive and Ubiquitous Computing, Sept. 13-15 in Maui, Hawaii.
"We're assuming that most app developers aren't malicious and that they don't want to violate anyone's privacy. Safeguarding privacy just isn't always the thing that's uppermost in their minds," said Yuvraj Agarwal, assistant professor of computer science in CMU's Institute for Software Research. "So if the developer wants to do the right thing, how do we help them? By saving them time."
The PrivacyStreams library includes a number of programs that can transform personal data into a desired output. A weather app, for instance, might need to access a smartphone's location, but the output would only need to identify a city, a neighborhood or other locality for a forecast. "Instead of developers having to figure out all of this code themselves, we give it to them," Hong said.
Developers also have the opportunity to describe what the data is being used for, which can help users decide whether to install the app or provide permission to access certain data, said Yao Guo, associate professor of computer science at Peking University. Because PrivacyStreams is set up as a pipeline—raw data streams to the service, then is transformed and transmitted back to the app that requested it—the process can be audited to ensure that the data is used as described, he added.
If the library proves popular with developers, the researchers say it may someday be possible for PrivacyStreams to certify that apps using the service are using sensitive information responsibly, providing additional guidance to users considering downloading an app.