TYDR - Track Your Daily Routine. Android App for Tracking Smartphone Sensor and Usage Data

We present the Android app TYDR (Track Your Daily Routine) which tracks smartphone sensor and usage data and utilizes standardized psychometric personality questionnaires. With the app, we aim at collecting data for researching correlations between the tracked smartphone data and the user's personality in order to predict personality from smartphone data. In this paper, we highlight our approaches in addressing the challenges in developing such an app. We optimize the tracking of sensor data by assessing the trade-off of size of data and battery consumption and granularity of the stored information. Our user interface is designed to incentivize users to install the app and fill out questionnaires. TYDR processes and visualizes the tracked sensor and usage data as well as the results of the personality questionnaires. When developing an app that will be used in psychological studies, requirements posed by ethics commissions / institutional review boards and data protection officials have to be met. We detail our approaches concerning those requirements regarding the anonymized storing of user data, informing the users about the data collection, and enabling an opt-out option. We present our process for anonymized data storing while still being able to identify individual users who successfully completed a psychological study with the app.Comment: Accepted for publication at the 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft '18

Context Data Categories and Privacy Model for Mobile Data Collection Apps

Context-aware applications stemming from diverse fields like mobile health, recommender systems, and mobile commerce potentially benefit from knowing aspects of the user's personality. As filling out personality questionnaires is tedious, we propose the prediction of the user's personality from smartphone sensor and usage data. In order to collect data for researching the relationship between smartphone data and personality, we developed the Android app TYDR (Track Your Daily Routine) which tracks smartphone data and utilizes psychometric personality questionnaires. With TYDR, we track a larger variety of smartphone data than similar existing apps, including metadata on notifications, photos taken, and music played back by the user. For the development of TYDR, we introduce a general context data model consisting of four categories that focus on the user's different types of interactions with the smartphone: physical conditions and activity, device status and usage, core functions usage, and app usage. On top of this, we develop the privacy model PM-MoDaC specifically for apps related to the collection of mobile data, consisting of nine proposed privacy measures. We present the implementation of all of those measures in TYDR. Although the utilization of the user's personality based on the usage of his or her smartphone is a challenging endeavor, it seems to be a promising approach for various types of context-aware mobile applications.Comment: Accepted for publication at the 15th International Conference on Mobile Systems and Pervasive Computing (MobiSPC 2018

Collaborating with Users in Proximity for Decentralized Mobile Recommender Systems

Typically, recommender systems from any domain, be it movies, music, restaurants, etc., are organized in a centralized fashion. The service provider holds all the data, biases in the recommender algorithms are not transparent to the user, and the service providers often create lock-in effects making it inconvenient for the user to switch providers. In this paper, we argue that the user's smartphone already holds a lot of the data that feeds into typical recommender systems for movies, music, or POIs. With the ubiquity of the smartphone and other users in proximity in public places or public transportation, data can be exchanged directly between users in a device-to-device manner. This way, each smartphone can build its own database and calculate its own recommendations. One of the benefits of such a system is that it is not restricted to recommendations for just one user - ad-hoc group recommendations are also possible. While the infrastructure for such a platform already exists - the smartphones already in the palms of the users - there are challenges both with respect to the mobile recommender system platform as well as to its recommender algorithms. In this paper, we present a mobile architecture for the described system - consisting of data collection, data exchange, and recommender system - and highlight its challenges and opportunities.Comment: Accepted for publication at the 2019 IEEE 16th International Conference on Ubiquitous Intelligence and Computing (IEEE UIC 2019

MobRec — Mobile Platform for Decentralized Recommender Systems

Recommender systems recommend new movies, music, restaurants, etc. Typically, service providers organize such systems in a centralized way, holding all the data. Biases in the recommender systems are not transparent to the user and lock-in effects might make it inconvenient for the user to switch providers. In this paper, we present the concept, design, and implementation of MobRec, a mobile platform that decentralizes the data collection, data storage, and recommendation process. MobRec's architecture does not need any backend and solely consists of the users' smartphones, which already contain the users' preferences and ratings. Being in proximity in public places or public transportation, data is exchanged in a device-to-device manner, building local databases that can recommend new items. One of biggest challenges of such a system is the implementation of unobtrusive device-to-device data exchange on off-the-shelf Android devices and iPhones. MobRec facilitates such data exchange, building on Google Nearby Messages with Bluetooth Low Energy. We achieve the successful exchange of data within 3 to 4 minutes, making it suitable for the described scenario. We demonstrate the feasibility of decentralized recommender systems and provide blueprints for the development of seamless multi-platform device-to-device communication.TU Berlin, Open-Access-Mittel – 202

Prospektive Akzeptanz digitaler Anwendungen und spezifischer eHealth-Features bei Menschen mit psychischen Erkrankungen und Behandlern

Hintergrund: Trotz zahlreich verfügbarer „mobile Health“ - Anwendungen, ist deren Bedeutung für die psychiatrisch-psychotherapeutische Versorgung bislang gering. Anwender sehen sich mit einer überwältigenden Vielzahl von Applikationen konfrontiert, während Evidenz für die Effektivität unterschiedlicher Features fehlt. Gemeinsam mit technischer Umsetzbarkeit und Fragen des Datenschutzes, bestimmen Anwendungsbereitschaft und Präferenzen der Patienten die anhaltende Beteiligung und Bedeutung von eHealth in der Psychiatrie und Psychotherapie. Ziel: Evaluation der prospektiven Einstellung von Menschen mit einer psychischen Erkrankung und Behandlern gegenüber eHealth-Anwendungen im Allgemeinen und bezüglich spezifischer Features. Methoden: Schriftliche anonymisierte Befragung von 486 Teilnehmern von Oktober 2017 bis März 2018 mittels papierbasiertem oder per Online-Link versandtem Fragebogen. Datenanalyse: Die Daten wurden mit RStudio analysiert. Sie zeigten keine Normalverteilung und keine Varianzhomogenität. Gruppenunterschiede wurden anhand nicht-parametrischer Tests bei n-unabhängigen Stichproben (Kruskal-Wallis-Test) untersucht, dichotome Antworten mittels Pearson Chi-Quadrat-Test auf Signifikanz und post hoc mittels Chi-Quadrat-Test auf Unabhängigkeit überprüft. Des Weiteren erfolgten Korrelationsanalysen (Spearman) demographischer und verhaltensbezogener Stichprobenmerkmale und Gruppenvergleiche mittels Mann-Whitney-U-Test. Ergebnis: Menschen mit einer psychischen Erkrankung und Behandler zeigten bezüglich der meisten Features sowohl Akzeptanz als auch Ablehnung. Im Allgemeinen überwogen gruppenübergreifend ausgeprägte Besorgnisse bezüglich der Datensicherheit. Aktimetrie wurde von 94 Psychiatern, 52 Psychotherapeuten und 113 Patienten abgelehnt. Noch kritischer schätzten 134 Psychiater, 118 Psychotherapeuten und 146 der Patienten Geotracking ein. Mit 139 der befragten Patienten bevorzugte eine große Mehrheit eine zeitnahe Kontaktaufnahme bei Änderungen ihres Gesundheitszustands. Schlussfolgerung: Insgesamt zeigte sich Evidenz für eine grundlegende Unterstützung von eHealth-Features in der psychiatrisch-psychotherapeutischen Gesundheitsversorgung trotz beträchtlicher Ablehnung einzelner Features. Engere Zusammenarbeit zwischen Forschern, Entwicklern und Klinikern sollte die Anpassung von eHealth-Anwendungen auf Patientenbedürfnisse berücksichtigen. Bessere Aufklärung und Information über Risiken und Möglichkeiten von eHealth-Anwendungen ist bei Menschen mit psychischen Erkrankungen und den Behandlern dringend angezeigt, um eine angemessen informierte, partizipative Entscheidungsfindung über die individuelle Beteiligung zu ermöglichen

“And all the pieces matter...” Hybrid Testing Methods for Android App's Privacy Analysis

Smartphones have become inherent to the every day life of billions of people worldwide, and they are used to perform activities such as gaming, interacting with our peers or working. While extremely useful, smartphone apps also have drawbacks, as they can affect the security and privacy of users. Android devices hold a lot of personal data from users, including their social circles (e.g., contacts), usage patterns (e.g., app usage and visited websites) and their physical location. Like in most software products, Android apps often include third-party code (Software Development Kits or SDKs) to include functionality in the app without the need to develop it in-house. Android apps and third-party components embedded in them are often interested in accessing such data, as the online ecosystem is dominated by data-driven business models and revenue streams like advertising. The research community has developed many methods and techniques for analyzing the privacy and security risks of mobile apps, mostly relying on two techniques: static code analysis and dynamic runtime analysis. Static analysis analyzes the code and other resources of an app to detect potential app behaviors. While this makes static analysis easier to scale, it has other drawbacks such as missing app behaviors when developers obfuscate the app’s code to avoid scrutiny. Furthermore, since static analysis only shows potential app behavior, this needs to be confirmed as it can also report false positives due to dead or legacy code. Dynamic analysis analyzes the apps at runtime to provide actual evidence of their behavior. However, these techniques are harder to scale as they need to be run on an instrumented device to collect runtime data. Similarly, there is a need to stimulate the app, simulating real inputs to examine as many code-paths as possible. While there are some automatic techniques to generate synthetic inputs, they have been shown to be insufficient. In this thesis, we explore the benefits of combining static and dynamic analysis techniques to complement each other and reduce their limitations. While most previous work has often relied on using these techniques in isolation, we combine their strengths in different and novel ways that allow us to further study different privacy issues on the Android ecosystem. Namely, we demonstrate the potential of combining these complementary methods to study three inter-related issues: • A regulatory analysis of parental control apps. We use a novel methodology that relies on easy-to-scale static analysis techniques to pin-point potential privacy issues and violations of current legislation by Android apps and their embedded SDKs. We rely on the results from our static analysis to inform the way in which we manually exercise the apps, maximizing our ability to obtain real evidence of these misbehaviors. We study 46 publicly available apps and find instances of data collection and sharing without consent and insecure network transmissions containing personal data. We also see that these apps fail to properly disclose these practices in their privacy policy. • A security analysis of the unauthorized access to permission-protected data without user consent. We use a novel technique that combines the strengths of static and dynamic analysis, by first comparing the data sent by applications at runtime with the permissions granted to each app in order to find instances of potential unauthorized access to permission protected data. Once we have discovered the apps that are accessing personal data without permission, we statically analyze their code in order to discover covert- and side-channels used by apps and SDKs to circumvent the permission system. This methodology allows us to discover apps using the MAC address as a surrogate for location data, two SDKs using the external storage as a covert-channel to share unique identifiers and an app using picture metadata to gain unauthorized access to location data. • A novel SDK detection methodology that relies on obtaining signals observed both in the app’s code and static resources and during its runtime behavior. Then, we rely on a tree structure together with a confidence based system to accurately detect SDK presence without the need of any a priory knowledge and with the ability to discern whether a given SDK is part of legacy or dead code. We prove that this novel methodology can discover third-party SDKs with more accuracy than state-of-the-art tools both on a set of purpose-built ground-truth apps and on a dataset of 5k publicly available apps. With these three case studies, we are able to highlight the benefits of combining static and dynamic analysis techniques for the study of the privacy and security guarantees and risks of Android apps and third-party SDKs. The use of these techniques in isolation would not have allowed us to deeply investigate these privacy issues, as we would lack the ability to provide real evidence of potential breaches of legislation, to pin-point the specific way in which apps are leveraging cover and side channels to break Android’s permission system or we would be unable to adapt to an ever-changing ecosystem of Android third-party companies.The works presented in this thesis were partially funded within the framework of the following projects and grants: • European Union’s Horizon 2020 Innovation Action program (Grant Agreement No. 786741, SMOOTH Project and Grant Agreement No. 101021377, TRUST AWARE Project). • Spanish Government ODIO NºPID2019-111429RB-C21/PID2019-111429RBC22. • The Spanish Data Protection Agency (AEPD) • AppCensus Inc.This work has been supported by IMDEA Networks InstitutePrograma de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Srdjan Matic.- Secretario: Guillermo Suárez-Tangil.- Vocal: Ben Stoc