Methodologies for assessing the privacy risks and transparency of mobile applications
Companies offering mobile platforms, applications or services often use profitable business models based on mass scale data collection and advertising. However, while many countries are developing strict regulatory frameworks such as the GDPR in the EU, many incidents that occured in the last decade like the Cambridge Analytica scandal have demonstrated the many and concerning societal risks of a data-driven industry.
In this talk, we will explore and discuss the origin and nature of various privacy threats faced by users of mobile platforms using empirical evidence. We will present and discuss real-world cases in which user-installed as well as pre-installed applications (and third-party SDKs embedded in them) exploit fundamental limitations of the access control mechanisms implemented in Android (including side-channels to circumvent the permission controls) to access personal data without user consent and awareness.
We will conclude with a discussion of the socio-technical challenges and implications of privacy-intrusive practices in the digital industry, and how the societal implications of this research area have opened new funding and tech transfer opportunities as well as collaborations with public agencies such as DPAs.
About the speaker
Narseo Vallina-Rodriguez is an Associate Research Professor at IMDEA Networks (tenured) and a Ramon y Cajal Fellow. Narseo is a co-founder of AppCensus, a startup dedicated to the development of technology to audit the regulatory compliance of software systems.
Narseo obtained his Ph.D in Computer Science at the University of Cambridge in 2014. His research interests fall in the area of network measurements, privacy, security, and consumer protection. Narseo has received prestigious industry grants and awards (Google Faculty Research Awards, DataTransparencyLab Grant, and Qualcomm Innovation Fellowship) and his research has been awarded with best paper awards at the 2020 IEEE Symposium on Security and Privacy (S&P), USENIX Security’19, ACM IMC’18, and ACM CoNEXT'14, among others.
His work in the mobile security and privacy domain has influenced policy changes and security improvements in the Android platform, particularly regarding privacy risks of children applications and the Android permission model in Android 10.
Particularly, his research on the privacy and security risks of pre-installed Android applications has received the recognition of European Data Protection Agencies as reflected by the AEPD Emilio Aced Award and the CNIL-INRIA Privacy Protection Award, both in 2020, and the Caspar Bowden for Outstanding Research in Privacy Enhancing Technologies in 2020. International media outlets like The Washington Post, The New York Times, The Guardian, Financial Times, Wired, ArsTechnica, and El Pais have covered my research findings.
Next story on 14 April, 1-2 pm: Getting MSCA IF project "MCAPEFA" at the University of Trento by Marko Barjaktarovic, University of Trento.