MobileAppScrutinator: A Simple yet Efficient Dynamic Analysis Approach for Detecting Privacy Leaks across Mobile OSs

Smartphones, the devices we carry everywhere with us, are being heavily tracked and have undoubtedly become a major threat to our privacy. As "tracking the trackers" has become a necessity, various static and dynamic analysis tools have been developed in the past. However, today, we still lack suitable tools to detect, measure and compare the ongoing tracking across mobile OSs. To this end, we propose MobileAppScrutinator, based on a simple yet efficient dynamic analysis approach, that works on both Android and iOS (the two most popular OSs today). To demonstrate the current trend in tracking, we select 140 most representative Apps available on both Android and iOS AppStores and test them with MobileAppScrutinator. In fact, choosing the same set of apps on both Android and iOS also enables us to compare the ongoing tracking on these two OSs. Finally, we also discuss the effectiveness of privacy safeguards available on Android and iOS. We show that neither Android nor iOS privacy safeguards in their present state are completely satisfying

Dataveillance and the False-Positive Paradox

In recent times, we are witnessing an increasing concern by governments and intelligence agencies to deploy mass-surveillance systems that help them fight terrorism. In this paper, we conduct a formal analysis of the overall cost of such surveillance systems. Our analysis starts with a fairly-known result in statistics, namely, the false-positive paradox. We propose a quantitative measure of the total cost of a monitoring program, and study a detection system that is designed to minimize it, subject to a constraint in the number of terrorists the agency wishes to capture. In the absence of real, accurate behavioral models, we perform our analysis on the basis of several simple but insightful examples. With these examples, we illustrate the different parameters involved in the design of the detection system, and provide some indicative and representative figures of the cost of the monitoring program

Differentially Private Mixture of Generative Neural Networks

Generative models are used in a wide range of applications building on large amounts of contextually rich information. Due to possible privacy violations of the individuals whose data is used to train these models, however, publishing or sharing generative models is not always viable. In this paper, we present a novel technique for privately releasing generative models and entire high-dimensional datasets produced by these models. We model the generator distribution of the training data with a mixture of $k$ generative neural networks. These are trained together and collectively learn the generator distribution of a dataset. Data is divided into $k$ clusters, using a novel differentially private kernel $k$-means, then each cluster is given to separate generative neural networks, such as Restricted Boltzmann Machines or Variational Autoencoders, which are trained only on their own cluster using differentially private gradient descent. We evaluate our approach using the MNIST dataset, as well as call detail records and transit datasets, showing that it produces realistic synthetic samples, which can also be used to accurately compute arbitrary number of counting queries.Comment: A shorter version of this paper appeared at the 17th IEEE International Conference on Data Mining (ICDM 2017). This is the full version, published in IEEE Transactions on Knowledge and Data Engineering (TKDE

From Dataveillance to Datapulation : The Dark Side of Targeted Persuasive Technologies

Online services, devices or secret services are constantly collecting data and meta-data from their users. This data collection is mostly used to target users, customized their services or monitor them. This surveillance by the data, sometimes referred to as Dataveillance, is omnipresent and generates a lot of attention [6]. However nowadays, data and technologies are not only used to monitor people, they are also used to motivate, influence or shape their opinions or decisions online. The better understanding of users' behaviors combined with the capacity of building accurate psychological profiles create the opportunities to develop techniques to influence users online, by shaping their behavior. These technologies can encourage positive norms, such as fighting terrorist or racists propaganda online, or can be used to motivate users to drive more safely or economically, to eat healthier or to exercise more 1. In this case, they are often referred to as "Persuasive technologies or profiling" by psychologists, designers or behavioral economists [11,3]. However, these "persuasive technologies" have also a dark side. They can constitute efficient and targeted informational weapons to deceive or manipulate users' opinions or behaviors maliciously, via fakes news, information disorder, psychological or media manipulation techniques [27]. We define, in the paper, the concept of Datapulation, manipulation by the data. Datapulation consists of "mediated" personalized manipulation techniques, based on information, created primarily to change the attitudes and behaviors of users, for malicious intends or intends that go against users' own interests. Datapulation can be used by commercial companies to increase profit [7,4] or by political parties to influence elections [15,8]. We argue that Datapulation can be dangerous for privacy, human rights and democracy, and deserves more attention by policy makers and researchers. The main goal of this paper is to define the concept of Datapulation, by formalizing how data can be used to manipulate our decisions. We believe this is an important step in order to address it properly

Hash-Based Dynamic Source Routing (HB-DSR)

This paper presents and evaluates Hash-Based DSR, an extension of the DSR protocol. This protocol reduces the per-packet control overhead of DSR by compressing the source-route with a Bloom filter. Simulations on large networks show that HB-DSR increases the network capacity by a factor of up to 15. HB-DSR is an attractive alternative to DSR for large ad-hoc networks. Another important property of HB-DSR is that, as opposed to DSR, its performan- ce is similar for IPv4 and IPv6. While IPv6 large addresses is a show-stopper for DSR, we show by simulations that HB-DSR performs as well for both IP versions. This is important contribution considering the growing interest of the wireless network community for IPv6

A Hierarchical Mobile IPv6 Proposal

The IETF Mobile IPv6 protocol has been developped to manage global (macro) mobility. It is not adapted to local (micro) mobility since it does not support any kind of hierarchy. This report presents a hierarchical protocol, built on top of Mobile IPv6, that separates local mobility (within a site) from global mobility (across sites)management. Local handoffs are managed locally and transparently to a mobile node'correspondent hosts while global mobility is managed with Mobile IPv6. Our scheme is flexible (several levels can be used), scalable, interwork- s with Mobile IPv6 and can be deployed gradually

How to convert any ID-based Signature Schemes into a Group Signature Scheme

This paper describes how any Identity Based Signature schemes can be used to implement a Group Signature scheme. The performance of the generated Group Signature scheme is similar to the performance of the underlying ID-based Signature scheme. This makes our proposal very attractive since most of existing group signature schemes that have been proposed so far are grossly inefficient. In contrast, ID-based signature schemes can be very efficient especially if they use elliptic curves and pairing