The pervasiveness of always-connected mobile devices fostered a multitude of applications that provide contextualized services to users. Many of these services depend on access to significant amounts of user data, some of which is private and sensitive. Although smartphones are usually equipped with permission managers that enable users to allow or deny app’s permission requests, the large number of applications and respective permission settings leads to hundreds of requests per day, thus making a fine-grained control of such settings unfeasible. In this talk, we start by presenting the results of the COP-MODE project field study with 93 users and corresponding responses to over 65000 total permissions requests. As main highlights, our study revealed a strong misalignment between apps’ practices and user expectations, with nearly 50% of the requests unexpected by users, as well as 15% privacy violations, i.e. permissions that would be automatically allowed by current permission managers based on runtime permissions but were explicitly denied by users. Then, resorting to our dataset, we present methods for prediction of privacy preferences, that enable automated privacy protection for smartphone users. In contrast to previous works that require a trusted central entity to train the prediction models, our methods rely on federated learning for prediction of privacy preferences in a distributed manner, thus effectively predicting privacy preferences (F1-score of 0.9) while preserving user privacy even against a centralized server.
João P. Vilela is a professor at the Department of Computer Science of the University of Porto and a senior researcher at INESC TEC and CISUC. He was previously a professor at the Department of Informatics Engineering of the University of Coimbra, after receiving the Ph.D. in Computer Science in 2011 from the University of Porto, Portugal. He was also a visiting researcher at Georgia Tech, working on physical-layer security, and at MIT, working on security for network coding. In recent years, Dr. Vilela has been coordinator and team member of several national, bilateral, and European-funded projects in security and privacy. His main research interests are in security and privacy of computer and communication systems, with applications such as wireless networks, Internet of Things and mobile devices. Specific research topics include wireless physical-layer security, security of next-generation networks, privacy-preserving data mining, location privacy and automated privacy protection.
This event will be conducted in English