Carnegie Mellon Gives Privacy Grade to Android Apps

  • By Dian Schaffhauser
  • 11/10/14

Google Maps gets an A. The free version of Angry Birds gets a C. And My ABCs by BabyBus gets a D. The letters assigned to each of these Android apps are grades, and while A is great, D means failure — in privacy, that is.

Those grades and a million others were assigned through a scanning application that combines automated techniques with crowdsourcing to capture the behavior of an app and measure the gap that exists between how people expect the app to behave and how it actually behaves. For example, while people expect apps such as Google Maps to use location data from the smartphone, there's little reason for a game like Angry Birds or an educational app such as My ABCs to read phone status and location and gain network access other than to identify users for market and customer analysis and deliver targeted advertising.

That's why a research team at Carnegie Mellon University has launched PrivacyGrade, a Web site that shares privacy summaries that highlight the most unexpected behaviors of an app. The goal is to help smartphone users manage their privacy better and with more thought.

"These apps access information about a user that can be highly sensitive, such as location, contact lists and call logs, yet it often is difficult for the average user to understand how that information is being used or who it might be shared with," said Jason Hong, associate professor in the Human-Computer Interaction Institute, and primary investigator for the project in the Computer Human Interaction: Mobility Privacy Security (CHIMPS) Lab. "Our privacy model measures the gap between people's expectations of an app's behavior and the app's actual behavior.

PrivacyGrade also examines which third-party code libraries make use of the resources culled by the app. If the app accesses location data, the program checks to see if it's used by a library such as Google Maps, suggesting it is simply being used for mapping, or if it is being used by an advertising library, an indication that it will be used for targeted ads.

The application doesn't currently include paid apps, since the presumption is that because the developers receive income from sales, they're less likely to sell user data to other companies. Eventually, the CHIMPS team may add additional apps to the site, for iOS, Windows Mobile and Blackberry, if funding permits.

The work was funded through a National Science Foundation grant, as well as the Army Research Office, NQ Mobile and Google through its faculty award program.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • Copilot Propels Microsoft to Lead Position in Analytics/BI Market

    A new Gartner report on the analytics/business intelligence market places Microsoft in the lead position of the field. The Redmond cloud giant stands apart and alone atop the axes for both the ability to execute and completeness of vision in Gartner's latest "Magic Quadrant for Analytics and Business Intelligence Platforms."

  • a stylized magnifying glass and a neural network pattern with interconnected nodes, symbolizing search and AI processes

    OpenAI Unveils SearchGPT AI-Powered Search Engine

    OpenAI has introduced SearchGPT, a new AI-powered search engine designed to access information from across the internet in real time. The much-anticipated prototype will provide more organized and meaningful search results by summarizing and contextualizing information rather than returning lists of links.

  • UMGC Officially Adopts InScribe's Student Community Platform

    The University of Maryland Global Campus (UMGC), an offshoot of the University System of Maryland that focuses on hybrid and virtual courses for adult and military students, is officially committing to a university-wide rollout of InScribe's student networking platform.