Scientists have developed a software that enables app developers to access the smartphone data they need for app functionality while assuring users that their private information is not being sold or misused. A sleep-monitoring app, for instance, might need to access the smartphone’s microphone, but only to register loudness, not to monitor conversations, researchers said.
An app developer could simply sample the microphone feed every minute or so, use PrivacyStreams software to transform the raw data to loudness and then send just the loudness data back to the smartphone for use by the app, they said. “We are creating a new way of doing programming that makes it easier for the developer and also enhances privacy,” said Jason Hong, associate professor at Carnegie Mellon University (CMU) in the US. “And while PrivacyStreams is geared to mobile apps, I think we can apply the same idea to the internet of things, or to accessing historical data,” said Hong.
“We are assuming that most app developers are not malicious and that they do not want to violate anyone’s privacy. Safeguarding privacy just is not always the thing that is uppermost in their minds,” said Yuvraj Agarwal, assistant professor at CMU. “So if the developer wants to do the right thing, how do we help them? By saving them time,” said Agarwal.
The PrivacyStreams library includes a number of programmes that can transform personal data into a desired output. A weather app, for instance, might need to access a smartphone’s location, but the output would only need to identify a city, a neighbourhood or other locality for a forecast. “Instead of developers having to figure out all of this code themselves, we give it to them,” Hong said.
Developers also have the opportunity to describe what the data is being used for, which can help users decide whether to install the app or provide permission to access certain data, said Yao Guo, associate professor at Peking University in China. Since PrivacyStreams is set up as a pipeline – raw data streams to the service, then is transformed and transmitted back to the app that requested it – the process can be audited to ensure that the data is used as described, he added.