Towards Transparent Information on Individual Cloud Service Usage

Cloud computing allows developers of mobile apps to overcome limited computing, storage, and power resources of modern smartphones. Besides these huge advantages, the hidden utilization of cloud services by mobile apps leads to severe privacy concerns. To overcome these concerns and allow users and companies to properly assess the risks of hidden cloud usage, it is necessary to provide transparency over the cloud services utilized by smartphone apps. In this paper, we present our ongoing work on TRINICS to provide transparent information on individual cloud service usage. To this end, we analyze network traffic of smartphone apps with the goal to detect and uncover cloud usage. We present the resulting statistics on cloud usage to the user and put these numbers into context through anonymous comparison with users' peer groups (i.e., users with similar sociodemographic background and interests). By doing so, we enable users to make an informed decision on suitable means for sufficient self data protection for their future use of apps and cloud services.

[1]  H. Simon,et al.  Bounded Rationality and Organizational Learning , 1991 .

[2]  Benjamin Livshits,et al.  Reflection Analysis for Java , 2005, APLAS.

[3]  R. Thaler,et al.  Nudge: Improving Decisions About Health, Wealth, and Happiness , 2008 .

[4]  Alessandro Acquisti,et al.  Nudging Privacy: The Behavioral Economics of Personal Information , 2009, IEEE Security & Privacy.

[5]  Alexandre Padilla Review of Richard H. Thaler and Cass R. Sunstein, Nudge: Improving decisions about health, wealth, and happiness , 2009 .

[6]  Christian Stüble,et al.  Towards a Trusted Mobile Desktop , 2010, TRUST.

[7]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[8]  Gerd Gigerenzer,et al.  Heuristic decision making. , 2011, Annual review of psychology.

[9]  Srdjan Capkun,et al.  Home is safer than the cloud!: privacy concerns for consumer cloud storage , 2011, SOUPS.

[10]  Konstantin Beznosov,et al.  Understanding Users' Requirements for Data Protection in Smartphones , 2012, 2012 IEEE 28th International Conference on Data Engineering Workshops.

[11]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[12]  Primavera De Filippi,et al.  Cloud Computing: Centralization and Data Sovereignty , 2012, Eur. J. Law Technol..

[13]  Klaus Wehrle,et al.  A Cloud design for user-controlled storage and processing of sensor data , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[14]  Aiko Pras,et al.  Inside dropbox: understanding personal cloud storage services , 2012, Internet Measurement Conference.

[15]  Marco Mellia,et al.  DNS to the rescue: discerning content and services in a tangled web , 2012, IMC '12.

[16]  Klaus Wehrle,et al.  The Cloud Needs Cross-Layer Data Handling Annotations , 2013, 2013 IEEE Security and Privacy Workshops.

[17]  Klaus Wehrle,et al.  Towards Data Handling Requirements-Aware Cloud Computing , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[18]  Marco Mellia,et al.  Exploring the cloud from passive measurements: The Amazon AWS case , 2013, 2013 Proceedings IEEE INFOCOM.

[19]  K. E. Silva Europe’s fragmented approach towards cyber security , 2013 .

[20]  Christopher Krügel,et al.  Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications , 2014, NDSS.

[21]  Klaus Wehrle,et al.  User-Driven Privacy Enforcement for Cloud-Based Services in the Internet of Things , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[22]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[23]  Irina Shklovski,et al.  Leakiness and creepiness in app space: perceptions of privacy and mobile app use , 2014, CHI.

[24]  Klaus Wehrle,et al.  Comparison-Based Privacy: Nudging Privacy in Social Media (Position Paper) , 2015, DPM/QASA@ESORICS.

[25]  Klaus Wehrle,et al.  CoinParty: Secure Multi-Party Mixing of Bitcoins , 2015, CODASPY.

[26]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[27]  Narseo Vallina-Rodriguez,et al.  Haystack: In Situ Mobile Traffic Analysis in User Space , 2015, ArXiv.

[28]  Minas Gjoka,et al.  AntMonitor: A System for Monitoring from Mobile Devices , 2015, C2BD@SIGCOMM.

[29]  Urs Hengartner,et al.  PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices , 2015, SPSM@CCS.

[30]  Klaus Wehrle,et al.  CPPL: Compact Privacy Policy Language , 2016, WPES@CCS.

[31]  Klaus Wehrle,et al.  A comprehensive approach to privacy in the cloud-based Internet of Things , 2016, Future Gener. Comput. Syst..

[32]  Arnaud Legout,et al.  ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic , 2015, MobiSys.

[33]  Klaus Wehrle,et al.  Moving Privacy-Sensitive Services from Public Clouds to Decentralized Private Clouds , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).