Abstract
To personalize modern mobile services (e.g., advertisement, navigation, healthcare) for individual users, mobile apps continuously collect and analyze sensor data. By sharing their sensor data collections, app providers can improve the quality of mobile services. However, the data privacy of both app providers and users must be protected against data leakage attacks. To address this problem, we present differentially privatized on-device sharing of sensor data, a framework through which app providers can safely collaborate with each other to personalize their mobile services. As a trusted intermediary, the framework aggregates the sensor data contributed by individual apps, accepting statistical queries against the combined datasets. A novel adaptive privacy-preserving scheme: 1) balances utility and privacy by computing and adding the required amount of noise to the query results; 2) incentivizes app providers to keep contributing data; 3) secures all data processing by integrating a Trusted Execution Environment. Our evaluation demonstrates the framework’s efficiency, utility, and safety: all queries complete in <10 ms; the data sharing collaborations satisfy participants’ dissimilar privacy/utility requirements; mobile services are effectively personalized, while preserving the data privacy of both app providers and users.
Y. Liu and B. D. Cruz—This work done in the Software Innovations Lab at Virginia Tech.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Android mobile platform takes \(\approx \)85% of the global mobile market [21].
- 2.
An app provider can have multiple apps, while an app has one provider only. For ease of exposition, we assume a one-to-one correspondence between a provider and an app, so we can use the terms “app provider” and “app” interchangeably.
- 3.
Each data type has its own combined dataset.
- 4.
Hereafter, individual refers to an app provider, and private information refers to the sensor data collected by a provider.
- 5.
A common practice for studying various performance trade-offs on the Android platform [6].
- 6.
A portable framework for code to run on any standardized TEEs.
- 7.
The Yeti is a metaphor that describes any real-world user with a similar behavioral profile in this application scenario.
- 8.
queries “how many times does value ‘m’ appear in the combined dataset?”.
- 9.
As a rule of thumb of practical statistical analysis, the minimum sample size is typically between 20 and 30 [30].
References
CVE-2016-6540 (2016). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6540
Acquisti, A., Taylor, C., Wagman, L.: The economics of privacy. J. Econ. Lit. 54(2), 442–92 (2016)
Almuhimedi, H., et al.: Your location has been shared 5,398 times! a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796 (2015)
Anderson, C., Andersson, M.P.: Long tail (2004)
Apple Inc.: App groups entitlement (2017). https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_application-groups
Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A denial of service attack on android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_2
Asokan, N., et al.: CrowdShare: secure mobile resource sharing. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 432–440. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_27
Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third party tracking in the mobile ecosystem. In: Proceedings of the 10th ACM Conference on Web Science, pp. 23–31 (2018)
Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)
Dwork, C.: Differential privacy: a survey of results. In: Agrawal, M., Du, D., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79228-4_1
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14
Gaboardi, M., Honaker, J., King, G., Nissim, K., Ullman, J., Vadhan, S.: PSI: a private data sharing interface. arXiv:1609.04340 (2016)
GlobalPlatform: GlobalPlatform, TEE system architecture, technical report (2011). www.globalplatform.org/specificationsdevice.asp
Google: Android studio - select the minimum API level (2018). https://developer.android.com/studio/projects/create-project
Google: Distribution dashboard (2018). https://developer.android.com/about/dashboards
Google: Connect to the network (2019). https://developer.android.com/training/basics/network-ops/connecting
Google Play Store: Noroot firewall (2019). https://play.google.com/store/apps/details?id=app.greyshirts.firewall&hl=en
Han, S., Philipose, M.: The case for onloading continuous high-datarate perception to the phone. In: Presented as Part of the 14th Workshop on Hot Topics in Operating Systems (2013)
Hendrycks, D., Mazeika, M., Dietterich, T.G.: Deep anomaly detection with outlier exposure. arXiv preprint arXiv:1812.04606 (2018)
Huberman, B.A., Franklin, M., Hogg, T.: Enhancing privacy and trust in electronic communities. In: Proceedings of the 1st ACM Conference on Electronic Commerce, pp. 78–86. ACM (1999)
IDC: Smartphone OS market share (2017). https://www.idc.com/promo/smartphone-market-share/os
Kiss, Á., Liu, J., Schneider, T., Asokan, N., Pinkas, B.: Private set intersection for unequal set sizes with mobile applications. Proc. Priv. Enhancing Technol. 2017(4), 177–197 (2017)
KQED Science: Scientists looked at DNA supposedly from a Yeti and here’s what they found, December 2017. https://goo.gl/uDvypP
Lee, J., Clifton, C.: How much is enough? Choosing \(\varepsilon \) for differential privacy. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 325–340. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_22
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y., et al.: Fairplay-secure two-party computation system. In: USENIX Security Symposium (2004)
McGillion, B., Dettenborn, T., Nyman, T., Asokan, N.: Open-TEE-an open virtual trusted execution environment. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 400–407. IEEE (2015)
McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, pp. 19–30. ACM (2009)
Miller, A., Hicks, M., Katz, J., Shi, E.: Authenticated data structures, generically. In: ACM SIGPLAN Notices, vol. 49, pp. 411–423. ACM (2014)
Miller, R.B.: Response time in man-computer conversational transactions. In: Proceedings of the December 9–11, 1968, Fall Joint Computer Conference, Part I, pp. 267–277. ACM (1968)
Minitab: Proceed with the analysis if the sample is large enough (2020). https://support.minitab.com/en-us/minitab/19/help-and-how-to/statistics/basic-statistics/supporting-topics/normality/what-to-do-with-nonnormal-data/
MOCACARE: Blood pressure monitor (2020). https://www.mocacare.com/mocacuff/
Mohan, P., Thakurta, A., Shi, E., Song, D., Culler, D.: GUPT: privacy preserving data analysis made easy. In: Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data, pp. 349–360. ACM (2012)
Mohassel, P., Franklin, M.: Efficiency tradeoffs for malicious two-party computation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 458–473. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_30
Nguyen, N.: A lot of apps sell your data. here’s what you can do about it (2018). https://www.buzzfeednews.com/article/nicolenguyen/how-apps-take-your-data-and-sell-it-without-you-even
Omron: Omron wearable blood pressure monitor (2020). https://omronhealthcare.com/products/heartguide-wearable-blood-pressure-monitor-bp8000m/
O’Sullivan, D.: Cloud leak: how a Verizon partner exposed millions of customer accounts (2017). https://www.upguard.com/breaches/verizon-cloud-leak
Pang, G., Cao, L., Chen, L., Liu, H.: Unsupervised feature selection for outlier detection by modelling hierarchical value-feature couplings. In: 2016 IEEE 16th International Conference on Data Mining (ICDM), pp. 410–419. IEEE (2016)
Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical report (2014)
Roy, I., Setty, S.T.V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for MapReduce. In: Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, NSDI 2010, p. 20. USENIX Association, Berkeley (2010). http://dl.acm.org/citation.cfm?id=1855711.1855731
Singer, N.: New data rules could empower patients but undermine their privacy (2020). https://www.nytimes.com/2020/03/09/technology/medical-app-patients-data-privacy.html
Statt, N.: Some major android apps are still sending data directly to Facebook (2019). https://www.theverge.com/2019/3/5/18252397/facebook-android-apps-sending-data-user-privacy-developer-tools-violation
F. Marketing Team: How much money can you earn with an app in 2019 (2019). https://fueled.com/blog/much-money-can-earn-app/
The New Daily: Federal government to force tech giants to reveal user data (2018). https://thenewdaily.com.au/news/national/2018/08/14/tech-surveillance-laws/
Vallina-Rodriguez, N., et al.: When David helps goliath: the case for 3G onloading. In: Proceedings of the 11th ACM Workshop on Hot Topics in Networks, pp. 85–90. ACM (2012)
VARONIS: 2018 VARONIS global data risk report (2018). https://www.varonis.com/2018-data-risk-report/
Vu, X.S., Jiang, L.: Self-adaptive privacy concern detection for user-generated content. arXiv preprint arXiv:1806.07221 (2018)
Wendt, N., Julien, C.: PACO: a system-level abstraction for on-loading contextual data to mobile devices. IEEE Trans. Mob. Comput. 17(9), 2127–2140 (2018)
Acknowledgements
The authors thank the anonymous reviewers, whose insightful comments helped improve this paper. NSF supported this research through the grant #1717065.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Liu, Y., Cruz, B.D., Tilevich, E. (2022). Privacy-Preserving Sharing of Mobile Sensor Data. In: Deng, S., Zomaya, A., Li, N. (eds) Mobile Computing, Applications, and Services. MobiCASE 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 434. Springer, Cham. https://doi.org/10.1007/978-3-030-99203-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-99203-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99202-6
Online ISBN: 978-3-030-99203-3
eBook Packages: Computer ScienceComputer Science (R0)