Dr. Brian Krupp is an Assistant Professor in the Mathematics and Computer Science Department at Baldwin Wallace University in Berea, Ohio, where he serves as the faculty adviser of the Mobile, Privacy, and Security (MOPS) research group.
Safeguarding Personal Data on our Phones
The smartphone applications we use every day often present legitimate use cases for accessing the personal data our devices carry. However, these use cases may only tell part of the story of what apps do with our data–and there is currently no way to ensure they are being truthful.
Currently, a smartphone user’s personal data is at constant risk of being misused. While mobile operating systems provide basic security and privacy controls, they are insufficient, leaving consumers unaware of how applications use the permissions they originally granted.
For example, a weather application requests access to your location to give you a forecast, which is a legitimate use. However, behind the scenes and unknown to the user, it will also send that location information to advertiser servers.
My research focuses on developing tools that notify consumers who go online about the hidden misuse of their personal data without requiring a modification to their phone. We have built a new computer program that tracks how apps leak data and it also lets a user limit what type of data an app can access from their phone.
My colleagues and I are also working now to design a study that will build awareness about the depth and breadth of the misuse for everyday users, to see if greater awareness changes behavior.
If data that consumers share unknowingly falls into the wrong hands, malicious users can know intimate details of our lives and our daily patterns. Mobile OS producers need to provide consumers with more awareness and more control. After all, if a product is free, the data you share unknowingly is often the real product.