Privacy-Enhancing Technologies for Smartphone Apps (AppPETs)

Motivation

Smartphones have become a useful and constant companion for a large part of our society. Numerous apps add convenience to everyday life and open whole new ranges of applications. Yet, many apps are only truly useful when users submit their personal data, which is then processed on the developer’s servers. For example, online calendars and address books entail an inherent privacy risk when their contents are synced between users’ devices. Even for sensitive health data, developers often use third-party cloud services bound to different legislations to store data. The users’ private information is oftentimes inadequately secured: While data is transmitted over an encrypted connection, it is stored in plaintext on the cloud service provider’s premises. Users are left without control over their data and must blindly trust, that their private information is not abused or sold to other parties. Users need more transparency in this regard.

Project Goals

In AppPETs, a privacy infrastructure is designed and implemented that allows developers to easily integrate privacy-preserving technologies into their smartphone apps to create demonstrably secure applications that protect their users’ privacy. The goal is to provide users with a privacy infrastructure that makes the protection of their private data transparent to them. Two major components will be provided to accomplish this: first, a privacy library, which enables the fast and uncomplicated development of privacy-preserving apps. Second, privacy services, an infrastructure which can be used to securely store and use private data. Beyond that, researchers will examine which business models are favored by app users and developers, how data abuse can be detected and prevented, and which requirements need to be met to successfully establish the AppPETs concept on the market.