Personalized privacy app manages smartphone permission settings

Trouble managing privacy settings? There's an app for that

privacy assistant app
Credit: Personalized Privacy Assistant Project

I'm sure I'm not the only person who's accepted the privacy terms of an app on my phone without fully reading the conditions in their entirety. Sure, it's bad practice, but everyone in security knows that in a battle between convenience and privacy, convenience will usually come out on top.

That's why Norm Sadeh, professor in the School of Computer Science at Carnegie Mellon’s School of Computer Science and the director of CMU’s Mobile Commerce Laboratory, has (with a team at CMU) created a personalized privacy app in an effort to help consumers protect their data.

Released in early February, the Privacy Assistant app is available to users of the Android rooted phone through the Google Play store. When people blindly hit “accept,” they don't often understand that hidden in the small print throughout those 15 pages is the permission for the app to have total access to their private information.

Through their smartphone, users are quickly glossing over critical privacy decisions about how much data each of their apps can share. Ironically, this widely shared practice of clicking 'accept' actually leads user to a less private device.

The privacy assistant app can learn the user's preferences using machine learning, said Sadeh, so it can quickly recommend the most appropriate settings, such as with which app to share the user's location or which app has access to private information.

"Our research has shown that people accepted almost 80 percent of the recommendations made by the privacy assistant," Sadeh said. People use lots of apps on their smartphones, and they grant the phone access to information from their location, to their contact lists and calendars, even their texting functionality because they don't read the terms and conditions.

The average user has so many apps that they end up with a number of settings that they have to -- in principle at least -- try to configure. Sadeh and his team set out to solve this problem.

"Most people don’t have settings that correspond to their desires. Our app takes advantage of findings from our research over the last few years," Sadeh said.

By asking a few questions to determine exactly what users are comfortable sharing, the app organizes users in model groups so that it can activate the desired settings. "It’s a privacy assistant. Users install it on their phone and it looks at the apps that are running," Sadeh said.

The system then recommends a number of those settings, though it doesn’t interact with the other apps, Sadeh said. Rather, it looks at the apps on the phone to identify what permissions users need to choose.

"We are asking them between three to five questions, the machine learning enables a sorting of users into different profiles based on the research, so it's using predictive power in terms of organizing security settings," Sadeh said.

After considering the various options that they could have used, Sadeh and his team decided, "The right way to go was showing recommendations to the user. The user doesn’t have to agree to everything we recommend. With this model, it’s a good compromise where the burden on the user is minimal."

As of right now, the app only works for rooted Android phones, which represents about 25 percent of the market, according to Sadeh. "We’ve been talking to many carriers who have the power to make the app available on non-rooted phones. We are having several of those conversations right now," Sadeh said. 

Voice your opinion over on Facebook.

Cybersecurity market research: Top 15 statistics for 2017