LOCATION PRIVACY PROTECTION FOR SMARTPHONE USERS PAPER BY:

LOCATION PRIVACY PROTECTION FOR SMARTPHONE USERS PAPER BY:

LOCATION PRIVACY PROTECTION FOR SMARTPHONE USERS PAPER BY: KASSEM FAWAZ AND KANG G SHIN PRESENTED BY: NATASHA DELAHUNT Who has a smartphone?

Who uses apps regularly? Who has a smartphone? Who pays attention

to what the app needs access to? Who has a smartphone? Who uses apps regularly?

Have you ever stopped installing an app because you didnt want it to have access to certain parts of your phone?

Who has a smartphone? Who uses apps regularly? Who pays attention to what the app needs access to? Why? What does it

matter? Who has a smartphone? Who uses apps regularly? Who pays attention to what the app needs access to?

Have you ever stopped installing an app because you didnt want it to have access to certain parts of your phone? Things To Think About!

Do you use all your apps regularly? Pay attention to what the app needs access to!

Stop installing an app if you dont want it to have access to something. Abstract

Abstract Users location privacy has become a major concern Abstract Design, implement and evaluate LP-Guardian

Novel comprehensive framework for location privacy protection for Android users LP-Guardian Novel comprehensive framework for location privacy protection for

Android users Addresses tracking, profiling and identification threats Results show that it effectively thwarts privacy threats Motivation

Motivation Surveyed 180 Smartphone users 70 through Social Networks 110 through Amazon Mechanical Turk

Motivation 78% believe that apps accessing their location can pose privacy threats 85% reported that they care about who accesses their location information

Motivation 52% stated no problem in supplying apps with imprecise location information to protect their privacy location 18% objected to supply apps with imprecise

location information Motivation 77% included the term privacy as a factor affecting their choice in installing a privacy protection mechanism

Motivation Existing mechanisms suffer sever shortcomings Effectiveness Efficiency Practicality

Design Philosophy Design Philosophy 1. The app only accesses location when the user expects it to do so Design Philosophy

2. The app only accesses location with a granularity sufficient to produce the location-based functionality. Design Philosophy 3. An anonymous app cant identify the user based on his

frequently visited places. Design Philosophy 4. A single app alone poses no significant profiling threats based on the collected location information.

Design Philosophy 5. An app cant track the user all the time even when tracking is required to perform functionality. Design Philosophy 6. Privacy protection fits

within the existing mobile ecosystem. Design Philosophy 7. Privacy protection comes at a minimal cost in usability and app functionality.

Related Work Related Work Theoretical Approaches Practical Approaches

Related Work Theoretical Approaches Approaches evaluated on traces, but werent implemented or tested on mobile platforms with actual apps

Some mechanisms hinge on unrealistic assumptions Practical Approaches Related Work

Theoretical Approaches Practical Approaches Approaches evaluated on traces, but werent implemented or tested on

mobile platforms with actual apps MockDroid

PlaceMask Some mechanisms hinge on unrealistic assumptions TaintDroid

Threat Model Threat Model Design

Design High Level Overview Diagram highlights the main operations performed whenever a new location sample is to be delivered to

an app High Level Overview Design Location Sources Location APIs are not the only way apps can access

location Information Scanning nearby WiFi access points (Aps) and cellular towers might help locate the user. Design Foreground vs Background

Android recognizes 4 app states 1. Running in the foreground 2. *Running in the background 3. *Perceptible to the user 4. Stopped or Killed by the system Tracking threats are more pronounced in apps accessing location in the background or when running as a

persistent service Design A&A Libraries Advertising and Analytics libraries Most free apps pack A&A libraries to generate revenue by displaying targeted ads to the user running the

app. A&A libraries can aggregate location traces from multiple apps. Design A&A Libraries Challenge: how to separate between

location requests coming from the A&A and those coming from the core app Design Identification Protection As LP-Guardian coarsens location

accessed in the background, accurate location access is limited to the foreground. Foreground sessions are short, sporadic and occur mostly within the same place. Design

Identification Protection = { 1 , 2 , 3 , } Design Identification Protection Design

Identification Protection Design Identification Protection

Number of times the app observes the user in a block Probability of histogram belonging to a user in a database For every new app session, this expression is evaluated

Design Profiling Protection LP-Guardian addresses location profiling threats by putting the user in control. Design Profiling Protection

Users IP address may reveal place Especially if Internet is accessed from a public hotspot. TOR can be used to anonymize the users IP address and protect his location. Design

Synthetic Route Fitness apps Track the exercising activity of the users. Provide feedback on the path and distance covered during an exercise session. Monitor users location in the

background for elongated periods of time. Design Synthetic Route LP-Guardian Anonymizes the location for these apps

Feeds the fitness app a synthetic route that has the same length of the actual route. Design Navigation Apps Most challenging Require elongated location access

periods with high precision. LP-Guardian doesnt handle this case. Offer some remedies Design Navigation Apps Offline navigation App may leak location info when it

comes online Run in private mode App is disbarred from connecting to internet Stored data is wiped after session App would not have access to realtime traffic information Architecture

Architecture Location Interceptor

Rule Manager Place/City Detector Location Anonymizer Implementation Implementation

Core Implementation User Interface Implementation Core Implementation Android provides 2 mechanisms with which

they can access the users location 1. Older Location Manager Service 2. Newer Google Play Services Implementation

User Interface Bootstrapping Per-place/session controls Properties of the prompts Implementation User Interface Bootstrapping

Per-place/session controls Properties of the prompts Implementation User Interface Bootstrapping Per-place/session controls Properties of the prompts

Implementation User Interface Bootstrapping Per-place/session controls Properties of the prompts 1. Safety 2. Frugality

3. Visibility 4. Non-repetitiveness Evaluation Evaluation Performance Installed, ran and verified 40

representative location-accessing apps Google Galaxy Nexus, Samsung Galaxy S3, and Samsung Galaxy S4 running Android 4.3.1 Evaluation Privacy

Datasets Identification Protection Tracking Evaluation User Study Geo-search Yelp, etc Social Networking Facebook, etc

Messaging/Chatting Whatsapp, etc Sports/fitness tracking Runkeeper, etc Gaming Angry Birds, etc Weather Weather Bug, et Conclusion & Future work

Conclusion & Future work LP-Guardian is: Practical Effective Efficient Conclusion & Future work

LP-Guardian is: Practical Effective Efficient Pursue Deployment challenges

More diverse user study Any Questions? The End

Recently Viewed Presentations

  • Romantic Poetry - Weebly

    Romantic Poetry - Weebly

    are among the most widely read of his poems, some of the best known in Romantic poetry, and have been compared to the poetry of Shakespeare. His prediction was right: as he was dying of tuberculosis, his reviews did indeed...
  • 16 Appraising Partial Interests  Condominiums  Planned unit developments

    16 Appraising Partial Interests Condominiums Planned unit developments

    Leased Fee and Leasehold Valuations. Leased fee interest. Value of leased fee interest is found by applying annuity factor to NOI to find present worth of net income, then applying reversion factor to estimated land value, and adding the two...
  • 600.325/425 Declarative Methods

    600.325/425 Declarative Methods

    600.325/425 Declarative Methods - J. Eisner * ... then either w was in memory at time t-1 (load) or (better) x, y were also in registers at time t (compute) If w is in memory at time t but not...
  • Endangered Species

    Endangered Species

    Endangered Species The rare scareā€¦ An endangered species is a population of organisms which is at risk of becoming extinct because it is either few in numbers, threatened by changing environmental or predation parameters, deforestation, or lack of food or...
  • Tropical Rainforest - St. Johns County School District

    Tropical Rainforest - St. Johns County School District

    There are more than 50 million different kinds of insects in tropical rainforests. Almost 50 different species of ant were found on one tree in Peru. A tropical rainforest has more kinds of trees than any other area in the...
  • Experiments in X-Ray Physics Lulu Liu Partner: Pablo

    Experiments in X-Ray Physics Lulu Liu Partner: Pablo

    Experiments in X-Ray Physics Lulu Liu Partner: Pablo Solis Junior Lab 8.13 Lab 1 October 22nd, 2007 Discovery of X-Rays Wilhelm Roentgen (1895) High Energy Photons and Matter Production Bremsstrahlung Radiation (Continuum) Atomic and Nuclear Processes (Radioactive Decay) Why X-Ray...
  • Microscopic Techniques to Troubleshoot Activated Sludge ...

    Microscopic Techniques to Troubleshoot Activated Sludge ...

    Filamentous bulking is the number one cause of effluent noncompliance in U.S Bulking sludge is defined as one that settles and compacts slowly. An operational definition often used is a sludge with a (SVI) of >150 ml/g Filaments and Bulking...
  • NSLS-II Shielding Workshop R. Casey Critical Devices March

    NSLS-II Shielding Workshop R. Casey Critical Devices March

    The system shall be design so that the most common failure modes result in a "safe" condition and any single failure shall not result in loss of protection." "The probability for the interlock system to fail shall be extremely remote...