Abstract
The mobile ecosystem is a collection of network operators, application developers, users, law makers, and associated technologies and policies. This collection provides the most prominent personal computing environment of the day. As application designers continue to innovate in this ecosystem, users are becoming more and more tempted to provide service providers access to their personal data. This chapter provides an overview of data collection, data leakage and data interception methods in mobile devices that make the user’s personal data susceptible to unwanted access. This brings forth the issue of privacy of the user whose private data is now open for analysis by unknown individuals, businesses with which the user has no trust relationship, and the prying eyes of monitoring agencies. It is hoped that awareness efforts and novel technologies will help eliminate the issue. We discuss how mobile application developers can follow best practices to control personal data collection, the options that users have to control how applications access their data, and novel privacy preserving architectures for mobile applications. Nonetheless, the challenges ahead of us are overwhelming, and call for another collective endeavor to prevent the mobile device from transforming into the tool that dissolved all notions of privacy in modern society.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
An attack where an eavesdropper intercepts messages between two parties, and relays them either after simple observation or after modification, without detection by either party.
- 3.
- 4.
https://developer.apple.com/library/ios/documentation/iphone/conceptual/iphoneosprogramming guide/AppDesignBasics/AppDesignBasics.html.
References
Baden R, Bender A, Spring N, Bhattacharjee B, Starin B (2009) Persona: an online social network with user-defined privacy. In: Proceedings of the ACM SIGCOMM 2009 conference on data communication, pp 135–146
Bamba B, Liu L, Pesti P, Wang T (2008) Supporting anonymous location queries in mobile environments with privacy grid. In: Proceedings of the 17th international world wide web conference, pp 237–246
Barbaro M, Zeller T (2006) A face is exposed for AOL Searcher No. 4417749. New York Times
Cutillo LA, Molva R, Strufe T (2009) Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun Mag 94–101
Dewri R, Ray I, Ray I, Whitley D (2010) Query m-invariance: preventing query disclosures in continuous location-based services. In: Proceedings of the 11th international conference on mobile data management, pp 95–104
Dewri R, Thurimella R (2013) Can a Phone’s GPS lie intelligently? IEEE Comput Mag 46(2):91–93
Dewri R, Thurimella R (2014) Exploiting service similarity for privacy in location based search queries. IEEE Trans Parallel Distrib Syst 25(2):374–383
Dingledine R, Mathewson N, Syverson P (2004) TOR: the second-generation onion router. In: Proceedings of the 13th USENIX security symposium, p 21
Enck W, Gilbert P, Chun BG, Cox L, Jung J, McDaniel P, Sheth A (2010) TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX symposium on operating systems design and implementation, pp 393–407
Federal Trade Commission: mobile privacy disclosures: building trust through transparency. Technical report. www.ftc.gov/os/2013/02/130201mobileprivacyreport.pdf
Federrath H, Jerichow A, Pfitzmann A: MIXes in mobile communication systems: location management with privacy. In: Proceedings of the 1st international workshop on information hiding, pp 121–135
Fredrikson M, Livshits B (2011) RePriv: re-imagining content personalization and in-browser privacy. In: Proceedings of the 2011 IEEE symposium on security and privacy, pp 131–146
Fuchs A, Chaudhuri A, Foster J (2009) SCanDroid: automated security certification of android applications. Technical report, University of Maryland (2009)
Gedik B, Liu L (2008) Protecting location privacy with personalized k-anonymity: architecture and algorithms. IEEE Trans Mob Comput 7(1):1–18
Golle P (2006) Revisiting the uniqueness of simple demographics in the US population. In: Proceedings of the 5th ACM workshop on privacy in electronic society, pp 77–80
Golle P, Partridge K (2009) On the anonymity of home/work location Pairs. In: Proceedings of the 7th international conference on pervasive computing, pp 390–397
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th conference on computer and communications security, pp 89–98
Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st international conference on mobile systems, applications, and services, pp 31–42
Guha S, Cheng B, Francis P (2011) Privad: practical privacy in online advertising. In: Proceedings of the 8th USENIX conference on networked systems design and implementation, p 13
Hazay C, Lindell Y (2008) efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. Theory Cryptogr 155–175
Hoh B, Gruteser M, Xiong H, Alrabady A (2006) Enhancing security and privacy in traffic-monitoring systems. IEEE Pervasive Comput 5(4):38–46
Jarecki S, Liu X (2010) Fast secure computation of set intersection. In: Proceedings of the 7th conference on security and cryptography for networks, pp 418–435
Kesdogan D, Federrath H, Jerichow A, Pfitzmann A (1996) Location management strategies increasing privacy in mobile communication. In: Proceedings of the 12th IFIP international information security conference, pp 39–48
Krishnamurthy B, Wills CE (2009) Privacy diffusion on the web: a longitudinal perspective. In: Proceedings of the 18th international conference on world wide web, pp 541–550
Krumm J (2007) Inference attacks on location tracks. In: Proceedings of the 5th international conference on pervasive computing, pp 127–143
Kushilevitz E, Ostrovsky R (1997) Replication is not needed: single database, computationally-private information retrieval. In: Proceedings of the 38th annual symposium on foundations of computer science, p 364
Malin B (2006) Re-identification of familial database records. In: AMIA annual symposium proceedings, pp 524–528
Mayer JR, Mitchell JC (2012) Third-party web tracking: policy and technology. In: Proceedings of the 2012 IEEE symposium on security and privacy, pp 413–427
Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets. In: Proceedings of the 2008 IEEE Symposium on security and privacy, pp 111–125
Narayanan A, Shmatikov V (2009) De-Anonymizing social networks. In: Proceedings of the 2009 IEEE symposium on security and privacy, pp 173–187
Narayanan A, Thiagarajan N, Lakhani M, Hamburg M, Boneh D (2011) Location privacy via private proximity testing. In: Proceedings of the network and distributed system security symposium
O’Clair B, Egnor D, Greenfield LE (2011) Scoring local search results based on location prominence. US Patent 8046371 B2
Qiu D, Boneh D, Lo S, Enge P (2009) Robust location tag generation from noisy location data for security applications. In: The Institute of navigation international technical meeting
Reznichenko A, Guha S, Francis P (2011) Auctions in do-not-track compliant internet advertising. In: Proceedings of the 18th ACM conference on computer and communications security, pp 667–676
Shin H, Vaidya J, Atluri V (2011) A profile anonymization model for location based services. J Comput Secur 19(5):795–833
Souppaya M, Scarfone K (2013) Guidelines for managing the security of mobile devices in the enterprise. Technical report 800-124 Rev 1. National Institute of Standards and Technology
Thurm S, Kane YI (2010) Your apps are watching you. What They Know: The Wall Street J
Truste: US 2013 Consumer data privacy study—mobile edition. Technical report, Truste Inc
United States Department of Justice: Retention Periods of Major Cellular Service Providers. https://www.aclu.org/files/pdfs/freespeech/retention_periods_of_major_cellular_service_providers.pdf
Xi Y, Schwiebert L, Shi W (2013) Privacy preserving shortest path routing with an application to navigation. Pervasive Mobile Comput
Acknowledgments
We thank the graduate and undergraduate students of Computer Science at the University of Denver who explored the privacy issues and solutions highlighted here, and helped bring it together in the form of this chapter.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Dewri, R., Thurimella, R. (2015). Privacy in Mobile Devices. In: Zeadally, S., Badra, M. (eds) Privacy in a Digital, Networked World. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-08470-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-08470-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08469-5
Online ISBN: 978-3-319-08470-1
eBook Packages: Computer ScienceComputer Science (R0)