Abstract

In this paper we present the design and implementation of ProtectMyPrivacy (PMP), a system for iOS devices to detect access to private data and protect users by substituting anonymized data in its place if users decide. We developed a novel crowdsourced recommendation engine driven by users who contribute their protection decisions, which provides app specific privacy recommendations. PMP has been in use for over nine months by 90,621 real users, and we present a detailed evaluation based on the data we collected for 225,685 unique apps. We show that access to the device identifer (48.4{\%} of apps), location (13.2{\%} of apps), address book (6.2{\%} of apps) and music library (1.6{\%} of apps) is indeed widespread in iOS. We show that based on the protection decisions contributed by our users we can recommend protection settings for over 97.1{\%} of the 10,000 most popular apps. We show the effectiveness of our recommendation engine with users accepting 67.1{\%} of all recommendations provide to them, thereby helping them make informed privacy choices. Finally, we show that as few as 1{\%} of our users, classified as experts, make enough decisions to drive our crowdsourced privacy recommendation engine.

Bibtex

@inproceedings{Agarwal2013,
    author = "Agarwal, Yuvraj and Hall, Malcolm",
    pages = "97--109",
    year = "2013",
    booktitle = "MobiSys 2013 - Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services",
    title = "ProtectMyPrivacy: Detecting and mitigating privacy leaks on iOS devices using crowdsourcing",
    doi = "10.1145/2462456.2464460"
}

Plain Text

Yuvraj Agarwal and Malcolm Hall. Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing. In MobiSys 2013 - Proceedings of the 11th Annual International Conference on Mobile Systems, Applications, and Services, 97–109. 2013. doi:10.1145/2462456.2464460.