The goal of our work is to (a) capture people's expectations and surprises in using mobile apps in a scalable manner, and to (b) summarize these perceptions in a simple format to help people make better trust decisions. Our main idea is analyzing privacy in the form of people's expectations about what an app will and won't do, focusing on where an app breaks people's expectations. We are building an App Scanner that combines automated scanning techniques with crowdsourcing. Automated scanning captures the behavior of an app, while crowdsourcing is used to interpret how expected and acceptable this behavior is. This information is used as the basis for building a better privacy summary for apps. We have organized an interdisciplinary team with expertise in mobile computing, computer security, systems, and human-computer interaction.
Success in this work will include results in: (a) the design and implementation of an App Scanner that combines automated techniques with crowdsourcing techniques for analyzing and interpreting privacy-related behaviors of mobile apps; (b) a series of evaluations of this app scanner, showing effectiveness, accuracy, and scalability; (c) the design and evaluation of better privacy summaries, which prioritize and highlight the most unexpected behaviors of an app; and (d) demonstration of a new conceptualization of privacy, namely privacy as expectations. Success will also help end-users, corporate and government employees manage their privacy better than can be done today.