SMARTER STRATEGIES

Better Protection for Personal Data on Mobile Phones

Rebecca Kutzer-Rice | Date: 04-20-11 | Comments

A new software program helps protect personal data on mobile phones by controlling how information is accessed by the various applications.

Recently on Smarter Technology, we discussed rising security dangers as more workers are accessing sensitive data via mobile devices. In response to such concerns, a team of researchers has created new software to help protect information stored on mobile phones.

Designed by a research team at North Carolina State University (NCSU), the software is built for Android smartphones. Called Taming Information-Stealing Smartphone Applications (TISSA), it helps users better control how information is accessed and which applications can access personal data.

�There are a lot of concerns about potential leaks of personal information from smartphones,� says Dr. Xuxian Jiang, an assistant professor of computer science at NC State. �We have developed software that creates a privacy mode for Android systems, giving users flexible control over what personal information is available to various applications.�

The prototype program, called TISSA, has several different security settings that can be selected for an app on an Android mobile phone. The �bogus� setting, for example, provides false data to an application to better protect a user�s privacy. (Source: NCSU)

TISSA consists of a privacy manager, which allows a user to customize how the smartphone manages personal information. The program lets settings be changed at any time, not just when an application is first installed.

TISSA allows each app to be assigned one of four privacy settings: �trusted,� which does not impose any security restrictions; �anonymized,� which prevents access to detailed personal information; �bogus,� which provides fake personal information to an app; and �empty,� which tells an application that requested information is unavailable.

�These settings may be further specialized for different types of information, such as your contact list or your location,� Jiang said. �The settings can also be specialized for different applications.�

For example, the researchers explained, a weather application might request detailed information about a user�s location. TISSA might provide the app with more generalized data�such as a random place within 10 miles to the user�to help protect privacy.

The team is currently working to commercialize the software for Android users.

The researchers will present their paper, �Taming Information-Stealing Smartphone Applications (on Android),� in June, at the 4th International Conference on Trust and Trustworthy Computing, in Pittsburgh. In addition to Jiang, other researchers include Yajin Zhou, a Ph.D. student at NCSU; Dr. Vincent Freeh, an associate professor of computer science at NCSU; and Dr. Xinwen Zhang of Huawei America Research Center.

The National Science Foundation and NC State�s Secure Open Systems Initiative, which receives funding from the U.S. Army Research Office, supported the software development.