Mobile Contextual Privacy

Principal Investigator(s): 
Serge Egelman

This project is rethinking how smartphones grant third-party applications access to sensitive user data. Currently, mobile platforms ask the user for permission the first time an application attempts to access certain data types; when access is granted, the user is never asked to make this decision again, even if the context in which subsequent data requests occur are substantially different from the context of the first request. For example, no distinction is made between using location data for location-based features and user tracking. ICSI researchers are rethinking permission models to support a notion of "contextual integrity." That is, users should only be confronted with permission decisions when data is requested in inappropriate contexts. The challenge is in inferring what constitutes an "inappropriate" context. To solve this problem, the researchers are performing user studies to better understand users' expectations, privacy preferences, and needs, as well as applying machine learning techniques to predict the varying contexts in which data is requested.

Funding provided by DHS/AFRL.