OVERRIDE

Abstract

Smart phones with increased computation and sensing capabilities have spurred the growth of context-aware apps. In current mobile platforms, these apps have direct access to raw sensor data streams, and can use the sensor data to infer a user's personal context. However, the sharing of raw sensor data poses a privacy risk because a malicious app can easily extract sensitive information about the user. We argue that a user can employ preventative measures to limit the sensitive information disclosed to apps. Current approaches amount to sensor data access control: trusted apps are trusted to not misuse the sensor data, and untrusted apps are simply not allowed access to sensor data. However, such simple static policies are too conservative because there is a sharp decline in the usefulness of untrusted apps. We propose Override: a mobile privacy framework that empowers users to specify context-driven policies to control and limit the information contained in the sensor data streams delivered to apps. Besides context-driven suppression, the framework supports structured perturbation and even synthesis of sensor data streams. We believe that such context-driven policies more closely follow users privacy concerns, while the addition fine-grained and structured privacy-preserving transformations of sensor data allows untrusted apps to remain useful. We describe a candidate architecture of Override and discuss a prototype implementation on the Android platform.