New Site Reviews Privacy and Security of Web and Mobile Apps

A professor in the Stanford University Center for Internet and Society has led an effort to design a Web site to review Web and mobile applications for privacy, security, and openness. WhatApp?, led by Ryan Calo, has enlisted the help of a team of lawyers, computer scientists, and privacy and security experts from Stanford and other institutions to provide reviews of online resources.

Now in beta form, the Web site combines traditional consumer reporting and review tools with wikis and news feeds to help users make better informed choices about the programs they download. The goal is to help guard against computer hacking, identity theft, spam, and phishing.

"People are going online to opine about the security and privacy of apps all the time," Calo said. "But none of that discussion is centralized. What we're trying to say is that if you're doing it already, come and do it here."

The site also reviews Web browsers such as Firefox and Safari, social networks including Twitter and Facebook, and the mobile platforms that run them--Apple's iPhone, Windows Mobile, and Google's Android.

Currently, the site is in the process of completing 227 reviews. Each review includes a five-bar rating system with red, yellow, and green rankings. For example, Twitter receives three yellow bars for privacy, three for security, and two red bars for openness. The rankings are determined by the list of experts, who answer specific questions in each category. That ranking for Twitter's openness is established with three questions:

  • How would you rate the license--if any--accompanying this application's source code? (closed to open)
  • To what extent can the data from the application be migrated away from the application to an alternative solution? (no extent to large extent)
  • To what extent does this application use open standards and data formats? (no extent to large extent)

Of those programs reviewed, only one--Torbutton, a Firefox add-on that controls operation of Internet anonymizer Tor--received five green bars for all categories.

Eventually, WhatApp? will give visitors the chance to register as "expert reviewers" and create public profiles that list their credentials. Calo and his team will verify that new reviewers are who they claim to be, but will leave it to the WhatApp? community to size up the experts and rebut their claims.

The site also allows app developers to sign in and write notes about the privacy and security of their creations. Calo said the reviewers and other site users will help keep those claims honest.

"The entire point is to drive the application market toward better privacy and security practices by rewarding those who do a good job and penalizing those who don't," Calo said. "Privacy is about having control over information that pertains to you. I think we're rapidly losing that control, and this is a way to monitor what's being done with information being collected."

WhatApp? is funded by a grant from the Rose Foundation.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • glowing AI brain composed of geometric lines and nodes, encased within a protective shield of circuit patterns

    NIST's U.S. AI Safety Institute Announces Research Collaboration with Anthropic and OpenAI

    The U.S. AI Safety Institute, part of the National Institute of Standards and Technology (NIST), has formalized agreements with AI companies Anthropic and OpenAI to collaborate on AI safety research, testing, and evaluation.

  • a glowing gaming controller, a digital tree structure, and an open book

    Report: Use of Game Engines Expands Beyond Gaming

    Game development technology is increasingly being utilized beyond its traditional gaming roots, according to the recently released annual "State of Game Development" report from development and DevOps solutions provider Perforce Software.

  • translucent lock composed of interconnected nodes and circuits at the center

    Cloud Security Alliance: Best Practices for Securing AI Systems

    The Cloud Security Alliance (CSA), a not-for-profit organization whose mission statement is defining and raising awareness of best practices to help ensure a secure cloud computing environment, has released a new report offering guidance on securing systems that leverage large language models (LLMs) to address business challenges.