Privacy in Mobile Devices

The mobile ecosystem is a collection of network operators, application developers, users, law makers, and associated technologies and policies. This collection provides the most prominent personal computing environment of the day. As application designers continue to innovate in this ecosystem, users are becoming more and more tempted to provide service providers access to their personal data. This chapter provides an overview of data collection, data leakage and data interception methods in mobile devices that make the user’s personal data susceptible to unwanted access. This brings forth the issue of privacy of the user whose private data is now open for analysis by unknown individuals, businesses with which the user has no trust relationship, and the prying eyes of monitoring agencies. It is hoped that awareness efforts and novel technologies will help eliminate the issue. We discuss how mobile application developers can follow best practices to control personal data collection, the options that users have to control how applications access their data, and novel privacy preserving architectures for mobile applications. Nonetheless, the challenges ahead of us are overwhelming, and call for another collective endeavor to prevent the mobile device from transforming into the tool that dissolved all notions of privacy in modern society.

[1]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[2]  Indrajit Ray,et al.  Query m-Invariance: Preventing Query Disclosures in Continuous Location-Based Services , 2010, 2010 Eleventh International Conference on Mobile Data Management.

[3]  Ling Liu,et al.  Supporting anonymous location queries in mobile environments with privacygrid , 2008, WWW.

[4]  Marco Gruteser,et al.  USENIX Association , 1992 .

[5]  Weisong Shi,et al.  Privacy preserving shortest path routing with an application to navigation , 2014, Pervasive Mob. Comput..

[6]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  Hannes Federrath,et al.  Location management strategies increasing privacy in mobile communication , 1996, SEC.

[8]  Balachander Krishnamurthy,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Privacy Diffusion on the Web: A Longitudinal Perspective , 2022 .

[9]  Saikat Guha,et al.  Auctions in do-not-track compliant internet advertising , 2011, CCS '11.

[10]  Yehuda Lindell,et al.  Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries , 2008, TCC.

[11]  Hui Xiong,et al.  Enhancing Security and Privacy in Traffic-Monitoring Systems , 2006, IEEE Pervasive Computing.

[12]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[13]  Xiaomin Liu,et al.  Fast Secure Computation of Set Intersection , 2010, SCN.

[14]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[15]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[16]  Philippe Golle,et al.  Revisiting the uniqueness of simple demographics in the US population , 2006, WPES '06.

[17]  Vijayalakshmi Atluri,et al.  A profile anonymization model for location-based services , 2011, J. Comput. Secur..

[18]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[19]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[20]  Hannes Federrath,et al.  MIXes in Mobile Communication Systems: Location Management with Privacy , 1996, Information Hiding.

[21]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[22]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[23]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[24]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[25]  Bradley Malin,et al.  Re-identification of Familial Database Records , 2006, AMIA.

[26]  Rinku Dewri,et al.  Exploiting Service Similarity for Privacy in Location-Based Search Queries , 2014, IEEE Transactions on Parallel and Distributed Systems.

[27]  Rinku Dewri,et al.  Can a phone's GPS "Lie" intelligently? , 2013, Computer.

[28]  K. Scarfone,et al.  Guidelines for Managing the Security of Mobile Devices in the Enterprise , 2013 .

[29]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[30]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[31]  Benjamin Livshits,et al.  RePriv: Re-imagining Content Personalization and In-browser Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[32]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[33]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.