5 research outputs found
Negotiation as an interaction mechanism for deciding app permissions
On the Android platform, apps make use of personal data as part of their business model, trading location, contacts, photos and more for app use. Few people are particularly aware of the permission settings or make changes to them. We hypothesize that both the difficulty in checking permission settings for all apps on a device, along with the lack of flexibility in deciding what happens to one's data, makes the perceived cost to protect one's privacy too high. In this paper, we present the preliminary results of a study that explores what happens when permission settings are more discretional at install time. We present the results of a pilot experiment, in which we ask users to negotiate which data they are happy to share, and we show that this results in higher user satisfaction than the typical take-it-or-leave-it setting. Our preliminary findings suggest negotiating consent is a powerful interaction mechanism that engages users and can enable them to strike a balance between privacy and pricing concerns
Sensing as a service (S2aaS): buying and selling IoT data
The Internet of Things (IoT) envisions the creation of an environment where everyday objects (e.g. microwaves, fridges, cars, coffee machines, etc.) are connected to the internet and make users' lives more convenient. It will also lead users to consume resources more efficiently
Smart Home Personal Assistants: A Security and Privacy Review
Smart Home Personal Assistants (SPA) are an emerging innovation that is
changing the way in which home users interact with the technology. However,
there are a number of elements that expose these systems to various risks: i)
the open nature of the voice channel they use, ii) the complexity of their
architecture, iii) the AI features they rely on, and iv) their use of a
wide-range of underlying technologies. This paper presents an in-depth review
of the security and privacy issues in SPA, categorizing the most important
attack vectors and their countermeasures. Based on this, we discuss open
research challenges that can help steer the community to tackle and address
current security and privacy issues in SPA. One of our key findings is that
even though the attack surface of SPA is conspicuously broad and there has been
a significant amount of recent research efforts in this area, research has so
far focused on a small part of the attack surface, particularly on issues
related to the interaction between the user and the SPA devices. We also point
out that further research is needed to tackle issues related to authorization,
speech recognition or profiling, to name a few. To the best of our knowledge,
this is the first article to conduct such a comprehensive review and
characterization of the security and privacy issues and countermeasures of SPA.Comment: Accepted for publication in ACM Computing Survey