Requirements and operational guidelines for secure and sustainable digital phenotyping:Design and development study

Background: Digital phenotyping, the measurement of human behavioral phenotypes using personal devices, is rapidly gaining popularity. Novel initiatives, ranging from software prototypes to user-ready research platforms, are innovating the field of biomedical research and health care apps. One example is the BEHAPP project, which offers a fully managed digital phenotyping platform as a service. The innovative potential of digital phenotyping strategies resides among others in their capacity to objectively capture measurable and quantitative components of human behavior, such as diurnal rhythm, movement patterns, and communication, in a real-world setting. The rapid development of this field underscores the importance of reliability and safety of the platforms on which these novel tools are operated. Large-scale studies and regulated research spaces (eg, the pharmaceutical industry) have strict requirements for the software-based solutions they use. Security and sustainability are key to ensuring continuity and trust. However, the majority of behavioral monitoring initiatives have not originated primarily in these regulated research spaces, which may be why these components have been somewhat overlooked, impeding the further development and implementation of such platforms in a secure and sustainable way.Objective: This study aims to provide a primer on the requirements and operational guidelines for the development and operation of a secure behavioral monitoring platform.Methods: We draw from disciplines such as privacy law, information, and computer science to identify a set of requirements and operational guidelines focused on security and sustainability. Taken together, the requirements and guidelines form the foundation of the design and implementation of the BEHAPP behavioral monitoring platform.Results: We present the base BEHAPP data collection and analysis flow and explain how the various concepts from security and sustainability are addressed in the design.Conclusions: Digital phenotyping initiatives are steadily maturing. This study helps the field and surrounding stakeholders to reflect upon and progress toward secure and sustainable operation of digital phenotyping–driven research

“And all the pieces matter...” Hybrid Testing Methods for Android App's Privacy Analysis

Smartphones have become inherent to the every day life of billions of people worldwide, and they are used to perform activities such as gaming, interacting with our peers or working. While extremely useful, smartphone apps also have drawbacks, as they can affect the security and privacy of users. Android devices hold a lot of personal data from users, including their social circles (e.g., contacts), usage patterns (e.g., app usage and visited websites) and their physical location. Like in most software products, Android apps often include third-party code (Software Development Kits or SDKs) to include functionality in the app without the need to develop it in-house. Android apps and third-party components embedded in them are often interested in accessing such data, as the online ecosystem is dominated by data-driven business models and revenue streams like advertising. The research community has developed many methods and techniques for analyzing the privacy and security risks of mobile apps, mostly relying on two techniques: static code analysis and dynamic runtime analysis. Static analysis analyzes the code and other resources of an app to detect potential app behaviors. While this makes static analysis easier to scale, it has other drawbacks such as missing app behaviors when developers obfuscate the app’s code to avoid scrutiny. Furthermore, since static analysis only shows potential app behavior, this needs to be confirmed as it can also report false positives due to dead or legacy code. Dynamic analysis analyzes the apps at runtime to provide actual evidence of their behavior. However, these techniques are harder to scale as they need to be run on an instrumented device to collect runtime data. Similarly, there is a need to stimulate the app, simulating real inputs to examine as many code-paths as possible. While there are some automatic techniques to generate synthetic inputs, they have been shown to be insufficient. In this thesis, we explore the benefits of combining static and dynamic analysis techniques to complement each other and reduce their limitations. While most previous work has often relied on using these techniques in isolation, we combine their strengths in different and novel ways that allow us to further study different privacy issues on the Android ecosystem. Namely, we demonstrate the potential of combining these complementary methods to study three inter-related issues: • A regulatory analysis of parental control apps. We use a novel methodology that relies on easy-to-scale static analysis techniques to pin-point potential privacy issues and violations of current legislation by Android apps and their embedded SDKs. We rely on the results from our static analysis to inform the way in which we manually exercise the apps, maximizing our ability to obtain real evidence of these misbehaviors. We study 46 publicly available apps and find instances of data collection and sharing without consent and insecure network transmissions containing personal data. We also see that these apps fail to properly disclose these practices in their privacy policy. • A security analysis of the unauthorized access to permission-protected data without user consent. We use a novel technique that combines the strengths of static and dynamic analysis, by first comparing the data sent by applications at runtime with the permissions granted to each app in order to find instances of potential unauthorized access to permission protected data. Once we have discovered the apps that are accessing personal data without permission, we statically analyze their code in order to discover covert- and side-channels used by apps and SDKs to circumvent the permission system. This methodology allows us to discover apps using the MAC address as a surrogate for location data, two SDKs using the external storage as a covert-channel to share unique identifiers and an app using picture metadata to gain unauthorized access to location data. • A novel SDK detection methodology that relies on obtaining signals observed both in the app’s code and static resources and during its runtime behavior. Then, we rely on a tree structure together with a confidence based system to accurately detect SDK presence without the need of any a priory knowledge and with the ability to discern whether a given SDK is part of legacy or dead code. We prove that this novel methodology can discover third-party SDKs with more accuracy than state-of-the-art tools both on a set of purpose-built ground-truth apps and on a dataset of 5k publicly available apps. With these three case studies, we are able to highlight the benefits of combining static and dynamic analysis techniques for the study of the privacy and security guarantees and risks of Android apps and third-party SDKs. The use of these techniques in isolation would not have allowed us to deeply investigate these privacy issues, as we would lack the ability to provide real evidence of potential breaches of legislation, to pin-point the specific way in which apps are leveraging cover and side channels to break Android’s permission system or we would be unable to adapt to an ever-changing ecosystem of Android third-party companies.The works presented in this thesis were partially funded within the framework of the following projects and grants: • European Union’s Horizon 2020 Innovation Action program (Grant Agreement No. 786741, SMOOTH Project and Grant Agreement No. 101021377, TRUST AWARE Project). • Spanish Government ODIO NºPID2019-111429RB-C21/PID2019-111429RBC22. • The Spanish Data Protection Agency (AEPD) • AppCensus Inc.This work has been supported by IMDEA Networks InstitutePrograma de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Srdjan Matic.- Secretario: Guillermo Suárez-Tangil.- Vocal: Ben Stoc

Climate Change, Dead Zones, and Massive Problems in the Administrative State: A Guide for Whittling Away

Mandates that agencies solve massive problems such as sprawl and climate change roll easily out of the halls of legislatures, but as a practical matter what can any one agency do about them? Serious policy challenges such as these have dimensions far beyond the capacity of any single agency to manage effectively. Rather, as the Supreme Court recently observed in Massachusetts v. Environmental Protection Agency, agencies, like legislatures, do not generally resolve massive problems in one fell swoop, but instead whittle away over time, refining their approach as circumstances change and they develop a more nuanced understanding of how best to proceed. Whether sprawl, climate change, or other daunting challenges, agencies are increasingly being told to address massive problems but without obvious tools or strategies to do so. In this Article we explore what it means for agencies to whittle away at massive problems. Administrative law scholarship has assumed that massive problems are similar to one another, focusing instead on issues of jurisdiction and instrument choice - who should whittle and which knife they should use. In Part I we argue that the nature of the problem - the stick to be whittled - deserves equal attention. Some problems, because of the presence of certain types of cumulative effects from multiple sources, are significantly more difficult for agencies to manage. In Part II, using examples from the fields of environmental and land use law, we develop a model to identify the different attributes of cumulative effects that drive massive problems and how these can distort or undermine policy responses. In Part III we explore the three different strategies currently used in administrative law to manage massive problems, showing each to be deficient. In Part IV we draw from recent scholarship on Dynamic Federalism, New Governance, and Transgovernmental Network theories to propose an effective strategy for agencies to whittle away at massive problems through loosely-linked weak ties networks of federal, state, and local agencies. Part V illustrates how this can work in practice, using a case study of water pollution in the Gulf of Mexico. We explore both how such multi-scalar, multi-agency coordination networks function and the challenges they pose for administrative law. The Court\u27s observation is quite correct - agencies, even when working together, can only whittle away at massive problems. This article takes the next step, creating models that explain the challenges posed by different types of massive problems and proposing strategies for engaging in more effective multi-agency coordination

Environmental assessment: Hartz young stand management project

318 pp. T.17S, R.4E, Section 31; T.17S, R.5E, Section 31; T.18S. R.4E, Sections 1-6, 8-15, 22-24, 26, and 27; T.18S, R.5E, Sections 3-11, 14-23, and 16-30. Captured April 25, 2007.Proposes to harvest timber on approximately 706 acres, including commercial thinning on 622 acres and regeneration harvest on 84 acres, with commercial harvest volume estimated at 11.6 million board feet. Includes construction of 2,050 feet of temporary roads, 7.8 miles of road closures, and approximately 29.3 miles of road maintenance to allow better access to harvest areas and to reduce impact to resources