Privacy streams helps developers create privacy friendly apps

smartphone
Credit: CC0 Public Domain

A smartphone app that uses the raw feed from the device's microphone or accesses its contact list can raise red flags for a user concerned about privacy. In many cases, however, the app doesn't need all the details that users find most sensitive.

Researchers at Carnegie Mellon and Peking universities have addressed this dilemma by creating a service, PrivacyStreams, that enables app developers to access the smartphone data they need for app functionality while assuring users that their private information isn't being sold to an online marketer or otherwise revealed.

A sleep-monitoring app, for instance, might need to access the smartphone's microphone, but only to register loudness, not to monitor conversations. An could simply sample the microphone feed every minute or so, use software in the PrivacyStreams library to transform the raw data to loudness and then send just the loudness data back to the smartphone for use by the app.

"We're creating a new way of doing programming that makes it easier for the and also enhances privacy," said Jason Hong, associate professor of computer science in Carnegie Mellon's Human-Computer Interaction Institute (HCII). "And while PrivacyStreams is geared to mobile apps, I think we can apply the same idea to the internet of things, or to accessing historical data."

The researchers will present their findings at Ubicomp 2017, the ACM International Joint Conference on Pervasive and Ubiquitous Computing, Sept. 13-15 in Maui, Hawaii.

"We're assuming that most app developers aren't malicious and that they don't want to violate anyone's privacy. Safeguarding privacy just isn't always the thing that's uppermost in their minds," said Yuvraj Agarwal, assistant professor of computer science in CMU's Institute for Software Research. "So if the developer wants to do the right thing, how do we help them? By saving them time."

The PrivacyStreams library includes a number of programs that can transform personal data into a desired output. A weather app, for instance, might need to access a smartphone's location, but the output would only need to identify a city, a neighborhood or other locality for a forecast. "Instead of developers having to figure out all of this code themselves, we give it to them," Hong said.

Developers also have the opportunity to describe what the data is being used for, which can help users decide whether to install the app or provide permission to access certain data, said Yao Guo, associate professor of computer science at Peking University. Because PrivacyStreams is set up as a pipeline—raw data streams to the service, then is transformed and transmitted back to the app that requested it—the process can be audited to ensure that the data is used as described, he added.

If the library proves popular with developers, the researchers say it may someday be possible for PrivacyStreams to certify that apps using the service are using sensitive information responsibly, providing additional guidance to users considering downloading an app.


Explore further

It's automatic: CMU smartphone app manages your privacy preferences

Provided by Carnegie Mellon University
Citation: Privacy streams helps developers create privacy friendly apps (2017, September 13) retrieved 19 October 2018 from https://techxplore.com/news/2017-09-privacy-streams-friendly-apps.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
14 shares

Feedback to editors

User comments

Sep 25, 2017
How about we just target hackers with their own medicine? Punishment that fits the crime. Expose their data info, blacklist them, punish their families, friends and love ones to break ther soul and will to fight. If they want to keep hacking, the people around them can suffer. Also, it will cut social bonds off from them further isolating hackers.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more