privacygrade and social cybersecurity, talk at ftc july 2015
TRANSCRIPT
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
1
PrivacyGrade andSocial Cybersecurity
Jason Hong
Federal Trade CommissionJuly 9, 2015
ComputerHumanInteraction:MobilityPrivacySecurity
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
2
Talk Overview
• PrivacyGrade– Analyzing the privacy of 1M
smartphone apps
• Social Cybersecurity– Using social psych to influence
people’s cybersecurity behaviors
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
3
What Are Your Apps Really Doing?
Shares your location,gender, unique phone ID,phone# with advertisers
Uploads your entire contact list to their server(including phone #s)
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
4
Many Smartphone Apps Have “Unusual” Permissions
Location Data Unique device ID
Location Data Network Access
Unique device ID
Location Data Microphone
Unique device ID
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
5
What Do Developers Know about Privacy?
• Interviews with 13 app developers• Surveys with 228 app developers
• What tools? Knowledge? Incentives?• Points of leverage?
Balebako et al, The Privacy and Security Behaviors of Smartphone App Developers. USEC 2014.
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
6
Summary of FindingsThird-party Libraries Problematic
• Use ads and analytics to monetize
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
7
Summary of FindingsThird-party Libraries Problematic
• Use ads and analytics to monetize• Hard to understand their behaviors
– A few didn’t know they were using libraries (inconsistent answers)
– Some didn’t know they collected data– “If either Facebook or Flurry had a
privacy policy that was short and concise and condensed into real English rather than legalese, we definitely would have read it.”
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
8
Summary of FindingsDevs Don’t Know What to Do
• Low awareness of existing privacy guidelines– Often just ask others around them
• Low perceived value of privacy policies– Mostly protection from lawsuits– “I haven’t even read [our privacy
policy]. I mean, it’s just legal stuff that’s required, so I just put in there.”
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
9
PrivacyGrade.org• Improve transparency• Assign privacy grades to
all 1M+ Android apps
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
10
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
11
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
12
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
13
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
14
Expectations vs Reality
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
15
Privacy as Expectations
Use crowdsourcing to compare what people expect an app to do vs what an app actually does
App Behavior(What an app actually does)
User Expectations(What people think
the app does)
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
16
How PrivacyGrade Works
• Long tail distribution of libraries• We focused on top 400 libraries
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
17
How PrivacyGrade Works
• We crowdsourced people’s expectations of core set of 837 apps– Ex. “How comfortable are you with
Drag Racing using your location for ads?”
• Created a model to predict people’s likely privacy concerns
• Applied model to 1M Android apps
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
18
Overall Stats on PrivacyGradeApril 2015
• No sensitive permissions used means A+
• Other gradesset at quartilesof grade range
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
19
Changes in Grades Over TimeOctober 2014 to April 2015
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
20
Changes in Grades Over TimeMost Grades Remained the Same
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
21
Changes in Grades Over TimeA Fair Number of Apps Improved
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
22
Changes in Grades Over TimeLots of Apps Deleted
• Not sure why deleted yet– Some apps were re-uploaded
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
23
Impact of this Research
• Popular Press– NYTimes, CNN, BBC, CBS, more
• Government– Earlier work helped lead to FTC fines– Scared some Congressional staffers
• Google• Developers
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
24
Social Cybersecurity
• New work looking at changing people’s awareness, knowledge, and motivation to be secure
• Tool for FTC and companies to use to improve privacy and security
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
25
Social Proof
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
26
• Baseline effectiveness is 35%
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
27
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
28
• “showing each user pictures of friends who said they had already voted, generated 340,000 additional votes nationwide”
• “they also discovered that about 4 percent of those who claimed they had voted were not telling the truth”
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
29
Adoption of Cybersecurity Features is Very Low
• Typically single digits– Two-factor authentication– Login notifications on Facebook– Trusted contacts on Facebook
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
30
Insight from Interviews Observability of Adoption Low
• One person stopped in coffee shop and asked about the Android 9-dot:
“We were just sitting in a coffee shop and I wanted to show somebody something and [they said], ‘My phone does not have that,’ and I was like, ‘I believe it probably does.’”
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
31
Diffusion of Innovations
• Five major factorsfor successful innovations:– Relative Advantage– Trialability– Complexity– Compatibility– Observability
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
32
Social Proof + Making Cybersecurity Observable
• Variants– Control– Over # / %– Only # / %– Raw # / %– Some
Das, S., A. Kramer, L. Dabbish, J.I. Hong. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. CCS 2014.
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
33
Method
• Controlled, randomized study with 50k active Facebook users– 8 conditions, so N=6250
• Part of annual security awareness campaign Facebook was going to run anyway
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
34
Results of Experiment
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
35
Summary
• PrivacyGrade– Analyzing the privacy of 1M apps
• Social Cybersecurity– Social proof + observability to improve
cybersecurity behaviors
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
36
Thanks!
Collaborators:
Special thanks to:• Army Research Office• National Science Foundation• Alfred P. Sloan Foundation
• Google• CMU Cylab• NQ Mobile
• Shah Amini• Kevin Ku• Jialiu Lin
• Song Luan• Bharadwaj Ramachandran• Norman Sadeh
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
37
How PrivacyGrade Works
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
38
Limitations of Current Approach• PrivacyGrade works for most apps
– But popular apps, lots of custom code– Also can’t analyze backend
• Only free apps– Limitations on downloading paid apps
• Assume most libraries have one purpose– True for vast majority– More analytics + advertising combos
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
39
Talk Overview
• Interviews and surveys of app developers
• PrivacyGrade.org• Using text mining to infer
privacy-related app behaviors• Reflections on privacy ecosystem
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
40
Reflections on PrivacyConsider entire ecosystem
• End-users– Most research has focused here– But puts too much burden– Really hard to improve awareness,
knowledge, and motivation
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
41
Reflections on PrivacyConsider entire ecosystem
• End-users• Developers• Third-party developers• Markets• OS• Third-party advocates
– Ex. FTC, Consumer Reports
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
42
Reflections on PrivacyHelping Developers• Point of greatest leverage• Examples:
– Better understanding of 3rd party libs– Better design patterns for privacy– Better APIs
• “Home” or “work” vs precise location
– Better reusable components• Databases and ACID properties
• Make the path of least resistance privacy sensitive
©2
01
5 C
arn
egie
Mello
n U
niv
ers
ity :
43
Mobile App
• Scans apps youhave on phone, gets grades from our site
• Just need to add it toGoogle Play store