Mobile users hold people's sensitive information such as passwords, locations, and health information. Users are permitted to control the use of some of this information by configuring their privacy settings in the apps they use. These settings, however, are often difficult to locate and understand, even in popular apps such as Facebook. Moreover, the settings are often set to share user data by default, exposing personal data without users' explicit consent. The goal of the project is to develop an automatic tool to identify the security and privacy settings embedded in mobile apps, to identify usability and security problems in using the settings and controlling privacy, and to develop a single, centralized method of presenting and enforcing user settings such that users do not need to hunt for settings and controls to protect their privacy. The outcome of the research will improve the security and privacy of mobile consumers.
To accomplish the goal, the project combines techniques from program analysis, human-computer interaction, and machine learning. The investigation will include empirical studies to understand users' perspectives on existing security and privacy settings, and test the specific usability problems with currently available settings. The research will also develop a method for identifying and extracting security and privacy settings through natural language processing and program analysis. Using these insights, the research will enable a usable centralized interface for people to configure their security and privacy settings. This work will provide insights for building usable security and privacy settings for mobile platforms, as well as for emerging platforms in the Internet of Things. This project will engage a diverse group of undergraduate and graduate students to develop their interest and expertise in cybersecurity, privacy, and methods for user control.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
