Negotiation as an interaction mechanism for deciding app permissions

On the Android platform, apps make use of personal data as part of their business model, trading location, contacts, photos and more for app use. Few people are particularly aware of the permission settings or make changes to them. We hypothesize that both the difficulty in checking permission settings for all apps on a device, along with the lack of flexibility in deciding what happens to one's data, makes the perceived cost to protect one's privacy too high. In this paper, we present the preliminary results of a study that explores what happens when permission settings are more discretional at install time. We present the results of a pilot experiment, in which we ask users to negotiate which data they are happy to share, and we show that this results in higher user satisfaction than the typical take-it-or-leave-it setting. Our preliminary findings suggest negotiating consent is a powerful interaction mechanism that engages users and can enable them to strike a balance between privacy and pricing concerns

Sensing as a service (S2aaS): buying and selling IoT data

The Internet of Things (IoT) envisions the creation of an environment where everyday objects (e.g. microwaves, fridges, cars, coffee machines, etc.) are connected to the internet and make users' lives more convenient. It will also lead users to consume resources more efficiently

Smart Home Personal Assistants: A Security and Privacy Review

Smart Home Personal Assistants (SPA) are an emerging innovation that is changing the way in which home users interact with the technology. However, there are a number of elements that expose these systems to various risks: i) the open nature of the voice channel they use, ii) the complexity of their architecture, iii) the AI features they rely on, and iv) their use of a wide-range of underlying technologies. This paper presents an in-depth review of the security and privacy issues in SPA, categorizing the most important attack vectors and their countermeasures. Based on this, we discuss open research challenges that can help steer the community to tackle and address current security and privacy issues in SPA. One of our key findings is that even though the attack surface of SPA is conspicuously broad and there has been a significant amount of recent research efforts in this area, research has so far focused on a small part of the attack surface, particularly on issues related to the interaction between the user and the SPA devices. We also point out that further research is needed to tackle issues related to authorization, speech recognition or profiling, to name a few. To the best of our knowledge, this is the first article to conduct such a comprehensive review and characterization of the security and privacy issues and countermeasures of SPA.Comment: Accepted for publication in ACM Computing Survey