(A) multi-level and dynamic privacy control scheme for utility-privacy tradeoffs in mobile computing

Abstract

Malicious mobile applications exploit users’ private information that is not directly related to the provision of services that the users want to access. In current mobile computing environments, it is hard for users to detect whether an application commits privacy infringement once they have given permissions to the application. To solve the privacy infringement problem, according to the privacy calculus theory, users’ privacy decisions on disclosing their private information need to be done by making a tradeoff between utility and privacy. However, existing mobile platforms do not allow users to do such tradeoffs in a fine-grained manner. Most of the existing mobile platforms allow users to make only binary decisions on providing their private information to mobile applications. Therefore, it is usually difficult for mobile users to make use of effective privacy controls by considering both the necessity of an application and the types and quality of private information to be provided to the application under dynamic usage scenarios. In addition, users often use inconsistent privacy controls because their privacy decisions are highly affected by cognitive and behavioral biases in mobile computing environments. These limitations of the binary and static approach are known as the privacy paradox and boundary turbulence phenomena. Therefore, for a highly dynamic mobile computing environment, it is necessary to allow users to perform effective privacy controls by making utility-privacy tradeoffs in an effective manner with using multi-level and dynamic privacy controls rather than using binary and static privacy controls. There have been some researches done to allow users to use multi-level privacy controls by writing a privacy-control policy before accessing a mobile application. In addition, there have been other researches done to allow users to make privacy controls at the point of accessing a service from a mobile application. However, the users can only use the binary privacy controls in these approaches. Moreover, it is usually difficult for users to directly configure a mobile platform and to manage consistent multi-level and dynamic privacy-control policies with considering the situations of using mobile applications. Therefore, to realize the multi-level and dynamic privacy-control approach for mobile computing environments, it is necessary to assist users to make consistent and personalized privacy controls according to the context of using a mobile application without changing the configurations of a mobile platform. In this dissertation, we firstly investigate the effects of using dynamic and multi-level privacy controls. Then, we define a Quality of Private Information (QoPI) model to represent various types and quality levels of users’ private information required by mobile applications. Using the QoPI model, we can also represent contextual properties that might affect the selection of the types and quality of private information in dynamic mobile computing situations. Users’ common privacy-control patterns can be characterized, represented, and managed by using this model. Secondly, we propose a prediction method to predict users’ QoPI levels by learning users’ privacy-control patterns. The prediction method is developed by using the reinforcement learning method, and continuously learns users’ privacy control patterns with considering users’ situations and contexts of accessing mobile applications. This prediction method can assist users to achieve context-aware and personalized privacy controls while reducing the overhead of making multi-level privacy controls every time when they use mobile applications. Thirdly, we design and implement a privacy-control architecture that supports the QoPI model for the Android platform. The QoPI-enabled privacy-control system allows users to apply dynamic and multi-level privacy controls to existing mobile applications without modifying the Android platform. We evaluated the effectiveness of using the QoPI model by analyzing the data that we collected from Android users while allowing them to consider practical mobile computing situations. The analysis results show that the users actively utilized the multi-level and dynamic privacy controls supported by using the QoPI model, and their privacy-control patterns could be effectively collected and predicted based on this model. In addition, we checked the feasibility and effectiveness of applying the QoPI-enabled privacy-control system by deploying the implemented multi-level privacy-control system to mobile devices of Android users, and collecting data for two weeks. The result shows that the QoPI-enabled privacy-control system works well on various situations for the Android users. In the post-interview, users responded that the QoPI-enabled privacy controls helped them to protect their privacy in an effective manner. However, they also responded that it was quite cumbersome for them to make a multi-level privacy control each time they use a mobile application. We also evaluated the privacy-control prediction method by using the data that we collected during the user study, and found that the proposed prediction method can predict users’ privacy controls in an accurate manner (97.84% accuracy). The result also shows that the proposed prediction method is effective to reduce users’ overhead of making privacy controls by 91% comparing to the case of using the manual privacy controls.