Abstract
Smartphone usage and the associated app market eco-system are expanding rapidly. Smartphone apps, usually developed by third parties, drive the innovation in the app market eco-system by coming up with various services that allow smartphone users to exploit the full functionalities of their smartphones and the modern internet.
Apps can be either free or paid and the adoption of free apps is much greater than paid apps. Majority of the free apps and some of the paid apps collect users’ personal information for various purposes such as providing targeted advertisements, identifying the audience of the app, and monetising the personal information in a different domain. Collection of personal data from smartphones is far more critical than data collection from conventional devices such as desktop computers or laptops due to multiple reasons. First, the state-of-the-art smartphones are equipped with large number of sensors such as GPS, camera, microphone, accelerometer, and biometric modules that can provide rich information about the user of the smartphone. Second, smartphones currently act as a communications and scheduling hubs for the users by storing their SMS, MMS, emails, calendar entries, and contact lists etc. Third, smartphones contains rich information about user behaviour such as web browsing, web searching, app usage, call details and mobility information etc. As of now there is no convenient way for smartphone users to quantify what information has been shared with whom and most importantly even the user knows there are privacy risks there is nothing they can do for it.
This thesis, first performs an empirical study on the level of tracking happening in smartphones and exposes various “inference attacks” the smartphones users are subject to, by mining various data collected by the smartphone apps. Second, it proposes mechanisms to detect various problematic apps in the app markets. Third, it introduces and evaluates a novel app recommendation system referred to as “PrivMetrics” that rates the apps according to the their personal information access and provide recommendations to the users on how to improve their privacy level.