Cross Cutting Thrusts: Usable Privacy and Security
Scope: Many smartphone apps have unusual behaviors. The goal of this work is to understand the gap between people's expectations of an app's behaviors and it's actual behaviors. For example, most people don't expect Angry Birds to use location data, but in reality it does. However, most people do expect Google Maps to use location data, and it does. In previous work, we showed that crowdsourcing was effective in finding the gaps in people's expectations. In our ongoing work, we are looking at how to scale up our analysis to hundreds of thousands of smartphone apps. In particular, we are combining static analysis with crowdsourcing to build predictive models of people's privacy concerns of an app.
Outcomes: Cloud service for doing static analysis on apps Predictive models of people's privacy concerns A web site showcasing our results