MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs

Smartphones, the devices we carry everywhere with us, are being heavily tracked and have undoubtedly become a major threat to our privacy. As "tracking the trackers" has become a necessity, various static and dynamic analysis tools have been developed in the past. However, today, we still lack suitable tools to detect, measure and compare the ongoing tracking across mobile OSs. To this end, we propose MobileAppScrutinator, based on a simple yet efficient dynamic analysis approach, that works on both Android and iOS (the two most popular OSs today). To demonstrate the current trend in tracking, we select 140 most representative Apps available on both Android and iOS AppStores and test them with MobileAppScrutinator. In fact, choosing the same set of apps on both Android and iOS also enables us to compare the ongoing tracking on these two OSs. Finally, we also discuss the effectiveness of privacy safeguards available on Android and iOS. We show that neither Android nor iOS privacy safeguards in their present state are completely satisfying

Advocacy NGOs, advocacy strategies and new participatory spaces : the case on Thai advocacy NGOs and the Xayaburi Dam Project

Since 2006, plans for eleven hydropower dams on the Lower Mekong River’s mainstream have been revived. The expansion of mainstream dams on the Lower Mekong Basin (LMB) has posed new challenges on Thai advocacy NGOs. Thai advocacy NGOs have long experiences in anti-dam movement since 1980s. Their focus is on the opposition of the hydropower dam constructed in Thailand; rather than on mainstream dams built in the LMB countries which are outside Thailand border. Currently, the Xayaburi dam project, the first dam of eleven mainstream dams proposed for the LMB, has been built in Laos. The Xayaburi dam project becomes the new test for Thai advocacy NGOs who have increasingly played active roles in the dam opposition within the new context of expansion of mainstream dams on the LMB. Therefore, this thesis aims to examine advocacy strategies used by Thai advocacy NGOs to create new opportunities for Thai dam-affected villagers to participate in the decision-making process of the Xayaburi dam project. The study also intends to understand the effects of advocacy strategies used by Thai advocacy NGOs to create new opportunities for the participation of Thai dam-affected villagers in the decision-making process of the Xayaburi dam project.The research findings indicate that Thai advocacy NGOs use both insider and outsider strategies, albeit in different degrees, to create new opportunities for the participation of Thai dam-affected villagers in the decision-making process of the Xayaburi dam project. By using both insider and outsider strategies, the new opportunities for participation are opened up in which they lead to the creation of new participatory spaces. The spaces can be divided as new invited spaces and new popular spaces. Thai advocacy NGOs can use advocacy strategies to overcome the unequal power relations and create new participatory spaces for participation Therefore, this thesis argues that Thai advocacy NGOs have potentials to be advocates for public participation even though they have to operate their work within the constraining context of unequal power relations. This study aims to advance the study of advocacy NGOs and public participation. The research findings can improve the potentials of Thai advocacy NGOs as advocates for public participation within the new context of the rapid expansion of hydropower dam development in the LMB

Security Framework for Decentralized Shared Calendars

International audienceWe propose a security framework for Decentralized Shared Calendar. The proposed security framework provides confidentiality to replicated shared calendar events and secures the commu- nication between users. It is designed in such a way that DeSCal preserves all of its characteristic features like fault-tolerance, crash recovery, availability and dynamic access control. It has been implemented on iPhone OS.Nous proposons un protocole de sécurité pour des agendas partagés dont la gestion de données est complètement décentralisée. Dans ce protocole, nous assurons à la fois (i) la confidentialité du contenu répliqué et (ii) la sécurité de communication entre les utilisateurs. Comme nous utilisons une réplication complête de données, notre protocole préserve toutes les caractéristiques d'une telle réplication, à savoir : la tolérance aux pannes et la reprise après panne. Pour valider notre solution, nous avons implémenté un prototype sur des mobiles tournant sous le système iPhone OS

Traçage en ligne : démystification et contrôle

It is no surprise, given smartphones convenience and utility, to see their wide adoption worldwide. Smartphones are naturally gathering a lot of personal information as the user communicates, browses the web and runs various Apps. They are equipped with GPS, NFC and digital camera facilities and therefore smartphones generate new personal information as they are used. Since they are almost always connected to the Internet, and are barely turned off, they can potentially reveal a lot of information about the activities of their owners. The close arrival of smart-­‐watches and smart-­‐glasses will just increase the amount of personal information available and the privacy leakage risks. This subject is closely related to the Mobilitics project that is currently conducted by Inria/Privatics and CNIL, the French data protection authority [1][2][3]. Therefore, the candidate will benefit from the investigations that are on progress in this context, in order to understand the situation and the trends. The candidate will also benefit from all the logging and analysis tools we developed for the iOS and Android Mobile OSes, as well as the experienced gained on the subject. Another question is the arrival of HTML5 based Mobile OSes, like Firefox OS: it clearly opens new directions as it "uses completely open standards and there’s no proprietary software or technology involved" (Andreas Gal, Mozilla). But what are the implications from a Mobile OS privacy point of view? That's an important topic to analyze. Beyond understanding the situation, the candidate will also explore several directions in order to improve the privacy control of mobile devices. First of all, a privacy-­‐by-­‐design approach, when feasible, is an excellent way to tackle the problem. For instance the current trend is to rely more and more on cloud-­‐based services, either directly (e.g., via Dropbox, Instagram, Social Networks, or similar services), or indirectly (e.g., when a backup of the contact, calendar, accounts databases is needed). But pushing data on cloud-­‐based systems, somewhere on the Internet, is in total contradiction with our privacy considerations. Therefore, an idea is to analyze and experiment with personal cloud services (e.g., ownCLoud, diaspora) that are fully managed by the user. Here the goal is to understand the possibilities, the opportunities, and the usability of such systems, either as a replacement or in association with commercial cloud services. Another direction is to carry out behavioral analyses. Indeed, in order to precisely control the privacy aspects, at one extreme, the user may have to deeply interact with the device (e.g., through pop-ups each time a potential privacy leak is identified), which negatively impacts the usability of the device. At the other extreme, the privacy control may be oversimplified, in the hope not to interfere too much with the user, as is the case with the Android static authorizations or the one-­‐time pop-­‐ups of iOS6. This is not appropriate either, since using private information once is not comparable to using it every minute. A better approach could be to perform, with the help of a machine learning system for instance, a dynamic analysis of the Mobile OS or App behavior from a privacy perspective and to interfere with the user only when it is deemed appropriate. This could enable a good tradeoff between privacy control and usability, with user actions only when meaningful. How far such a behavioral analysis can go and what are the limitations of the approach (e.g., either from a CPU/battery drain perspective, or in front of programming tricks to escape the analysis) are open questions. Tainting techniques applied to Mobile OSes (e.g., Taint-­Droid) can be used as a basic bloc to build a behavioral analysis tool, but they have limited accuracy are unable to analyze native code and have poor performances.Il n'est pas surprenant , compte tenu de smartphones commodité et l'utilité, pour voir leur adoption à grande échelle dans le monde entier . Les smartphones sont naturellement rassemblent un grand nombre de renseignements personnels que l'utilisateur communique , navigue sur le Web et fonctionne diverses applications . Ils sont équipés de GPS , NFC et les installations d'appareils photo numériques et les smartphones génèrent donc de nouvelles informations personnelles telles qu'elles sont utilisées . Comme ils sont presque toujours connectés à Internet , et sont à peine éteints, ils peuvent potentiellement révéler beaucoup d'informations sur les activités de leurs propriétaires. L'arrivée à proximité de la puce - montres et intelligents - lunettes va juste augmenter la quantité de renseignements personnels disponibles et les risques de fuite de confidentialité . Ce sujet est étroitement lié au projet Mobilitics qui est actuellement menée par l'Inria / Privatics et CNIL , l'autorité française de protection des données [ 1] [2 ] [3] . Par conséquent , le candidat bénéficiera des enquêtes qui sont en cours dans ce contexte, afin de comprendre la situation et les tendances. Le candidat devra également bénéficier de tous les outils de diagraphie et l'analyse que nous avons développées pour l'iOS et Android OS mobiles , ainsi que l' expérience acquise sur le sujet. Une autre question est l'arrivée de HTML5 base de systèmes d'exploitation mobiles , comme Firefox OS: il ouvre clairement de nouvelles directives qu'elle " utilise des normes ouvertes complètement et il n'y a pas de logiciel propriétaire ou technologie impliquée " ( Andreas Gal, Mozilla) . Mais quelles sont les implications d'un point de vie privée OS mobile de vue? C'est un sujet important à analyser. Au-delà de la compréhension de la situation , le candidat devra aussi explorer plusieurs directions afin d' améliorer le contrôle des appareils mobiles de la vie privée . Tout d'abord, une vie privée - par - approche de conception , lorsque cela est possible , est une excellente façon d'aborder le problème . Par exemple, la tendance actuelle est de plus en plus compter sur un nuage - Services basés , soit directement (par exemple , via Dropbox, Instagram , les réseaux sociaux ou services similaires ) , ou indirectement (par exemple , lorsqu'une sauvegarde du contact , calendrier, bases de données des comptes sont nécessaires ) . Mais en poussant des données sur les nuages ​​- systèmes basés , quelque part sur Internet , est en totale contradiction avec nos considérations de confidentialité. Par conséquent, l'idée est d'analyser et d'expérimenter avec les services de cloud personnel (par exemple , owncloud , diaspora ) qui sont entièrement gérés par l'utilisateur. Ici, le but est de comprendre les possibilités, les opportunités et la facilité d'utilisation de ces systèmes , que ce soit en remplacement ou en association avec les services de cloud commerciales. Une autre direction est d' effectuer des analyses comportementales . En effet, afin de contrôler précisément les aspects de la vie privée , à un extrême , l'utilisateur peut avoir à interagir fortement avec l'appareil (par exemple , par le biais des pop-ups chaque fois une fuite potentielle de la vie privée est identifié ) , qui a un impact négatif sur la facilité d'utilisation de l'appareil . À l'autre extrême , le contrôle de la vie privée peut être simplifiée à l'extrême , dans l'espoir de ne pas trop interférer avec l'utilisateur, comme c'est le cas avec les autorisations statiques Android ou celui - Temps pop - up de iOS6 . Ce n'est pas non plus approprié , puisque l'utilisation de renseignements personnels une fois n'est pas comparable à l'utiliser chaque minute

The Examination of the Effects of Land Use Development on the Balance of Mass Transit Ridership

The balance of the origin–destination (O-D) ridership distribution is an essential characteristic of a sustainable transit system. However, the existing ridership patterns of transit system in many cities are still off-balance, leading to the inefficient utilization of available capacity. As a result, only one direction is overcrowded whereas the other is not. Many literatures suggest that the transit ridership distribution is generally affected by land use around stations due to the different rates of generated and attracted passengers during each period of time. Therefore, the objective of this study is to verify the effects of land use development according to the Transit Oriented Development (TOD) principle on the balance of the O-D ridership along the transit route, as measured by the discrepancies between the numbers of onboard passengers in stations along a single train line. This study has applied the modified Fluid Analogy Method to reflect the travel behavior of mass transit trip distribution. The results show that, to balance the O-D ridership along a linear and stand-alone transit route, the residential areas should be located near the terminal stations with the sub-residential areas in the interval to shorten the distance of home-based trips. The business areas should be densely situated in the middle of mass transit route, while the retail areas should be located dispersedly all along the route. This study has further applied a proposed model with a case study of MRT Blue Line in Thailand to verify the assumption that the location of the mixed-use project along MRT transit route has impacts on the balance of its ridership. This implication can be a guideline for integrating the mixed-use project development and the land use planning to achieve the sustainable transport in the overall perspective

Innovative Logistics Management under Uncertainty using Markov Model

This paper proposes an innovative uncertainty management using a stochastic model to formulate logistics network starting from order processing, purchasing, inventory management, transportation, and reverse logistics activities. As this activity chain fits well with Markov process, we exploit the very principle to represent not only the transition among various activities, but also the inherent uncertainty that has plagued logistics activities across the board. The logistics network model is thus designed to support logistics management by retrieving and analyzing logistics performance in a timely and cost effective manner. The application of information technology entails this network to become a Markovian information model that is stochastically predictable and flexibly manageable. A case study is presented to highlight the significance of the model. Keywords: Logistics network; Markov process; Risk management; Uncertainty management

Socio-Cultural Factors in Transdisciplinary Research in Arabic Language and Literature

The aim of this paper is to look into factors in transdisciplinary Research in Arabic Language and Literature. The scientific and technological knowledge needed for understanding of these transformations is distributed over a broad spectrum of disciplines and professions committed to incommensurable values, different theoretical concepts and conflicting methodological orientation. Therefore, a strong demand for integrated knowledge has arisen with the aim of improving both explanatory power and usefulness for problem solving. Employing a distinction between three structural levels of discourse a methodological framework for sustainability oriented research is sketched. This paper looks at how transdisciplinary research, which combines knowledge from different scientific disciplines with that of public and private sector stakeholders and citizens, can be used to address complex societal challenges. This includes developing effective response in acute crises, such as the covid-19 pandemic, as well as longer-term solutions for sustainability development. In a series of 28 caste studies, report, it identifies the key obstacles of effectively implementing transdisciplinary research many of these are embedded in the way that research systems are structured and managed and they are amenable to policy intervention. Examples of how various actors, including finding agencies and universalities are adapting to better accommodate the requirements of transdisciplinary research are included in the report and related policy actions are ascribed for these actor

Social Media Perception Affecting the Business of PTT Public Company Limited

The social media perception affecting the business of PTT Public Company Limited (PTT) aims for three purposes. Firstly, to study customers’ behavior via social media’s perception. Secondly, to study interaction between social media and customers. Finally, to study the impact of any information channels via social media that affects to user of products, related services, and company’s images. Social media has been played a vital role rapidly in communication and transferring a huge of information in the manner of videos and contents widespread, which persuade many companies to promote their company via social media to acquire customers’ attentions even related services including the public relation for the company’s image. PTT has adjusted to a new era of social media comply with organizational communication plan. However, social media has affects both positive and negative impact at the same time. The company is rumored a negative issue in society and triggered by social media such as FB’s page “Pay back PTT†is a web page for whom anti PTT. The company must handle these impact of negative information that can transfer to the customer of company in term of goods and service or any attitude that affect to company’s image after receiving any information that derived from social media. Therefore, it is necessary to manage social media contents to create two ways of understanding about any issues and also prevent social media disaster from company’s communication in term of attitude, image and decision making process to consume goods and service. This study is to provide recommended policy for PTT to improve their communication process and enhance trust for customer and investor in the future