Cross-platform privacy leaks in apps

Dr. Biczók Gergely

There are a number of popular platforms available for third-party app development, such as Android, iOS, Facebook, Google Drive and Dropbox. Each platform has its own access control mechanisms and its corresponding privacy issues. While each one is interesting in its own right, a sneaky and data-hungry application provider can potentially combine the personal information gathered by multiple apps over different platforms in order to compile a detailed user profile, without consent from or even knowledge by the user themselves. Furthermore, single sign-on technologies by Facebook or Google may escalate the problem.

The prospective student will first briefly get to know the access control mechanisms of popular app platforms, and map out the potential for sneaky cross-platform data collection. Then, the student will gather permission request data of apps on different platforms, and attempt to find evidence of cross-platform privacy leaks and estimate its likelihood and significance.

Required skills: good command of English
Preferred skills: basic programming skills (e.g., python), familiarity with app platforms
Maximum number of students: 2

[1] Chia, Pern Hui, Yusuke Yamamoto, and N. Asokan. "Is this app safe?: a large scale study on application permissions and risk signals." Proceedings of the 21st international conference on World Wide Web. ACM, 2012.