Campus Security

New Site Reviews Privacy and Security of Web and Mobile Apps

• By Dian Schaffhauser
• 04/16/10

A professor in the Stanford University Center for Internet and Society has led an effort to design a Web site to review Web and mobile applications for privacy, security, and openness. WhatApp?, led by Ryan Calo, has enlisted the help of a team of lawyers, computer scientists, and privacy and security experts from Stanford and other institutions to provide reviews of online resources.

Now in beta form, the Web site combines traditional consumer reporting and review tools with wikis and news feeds to help users make better informed choices about the programs they download. The goal is to help guard against computer hacking, identity theft, spam, and phishing.

"People are going online to opine about the security and privacy of apps all the time," Calo said. "But none of that discussion is centralized. What we're trying to say is that if you're doing it already, come and do it here."

The site also reviews Web browsers such as Firefox and Safari, social networks including Twitter and Facebook, and the mobile platforms that run them--Apple's iPhone, Windows Mobile, and Google's Android.

Currently, the site is in the process of completing 227 reviews. Each review includes a five-bar rating system with red, yellow, and green rankings. For example, Twitter receives three yellow bars for privacy, three for security, and two red bars for openness. The rankings are determined by the list of experts, who answer specific questions in each category. That ranking for Twitter's openness is established with three questions:

• How would you rate the license--if any--accompanying this application's source code? (closed to open)
• To what extent can the data from the application be migrated away from the application to an alternative solution? (no extent to large extent)
• To what extent does this application use open standards and data formats? (no extent to large extent)

Of those programs reviewed, only one--Torbutton, a Firefox add-on that controls operation of Internet anonymizer Tor--received five green bars for all categories.

Eventually, WhatApp? will give visitors the chance to register as "expert reviewers" and create public profiles that list their credentials. Calo and his team will verify that new reviewers are who they claim to be, but will leave it to the WhatApp? community to size up the experts and rebut their claims.

The site also allows app developers to sign in and write notes about the privacy and security of their creations. Calo said the reviewers and other site users will help keep those claims honest.

"The entire point is to drive the application market toward better privacy and security practices by rewarding those who do a good job and penalizing those who don't," Calo said. "Privacy is about having control over information that pertains to you. I think we're rapidly losing that control, and this is a way to monitor what's being done with information being collected."

WhatApp? is funded by a grant from the Rose Foundation.