People to People (P2P) Privacy in Mobile Devices

Abstract

We are living in a digital world where people use their mobile devices to not only store their Personally Identifiable Information (PII) but also the PII of other people like friends, relatives and colleagues. Unlike the past where the governments and businesses alone were the custodians of PII, today people themselves are also the new custodians of PII. This has resulted in a new privacy breach scenario, which we call as People to People (P2P) privacy breaches, where people disseminate the PII of other people without (i) their consent and (ii) any notification to them. P2P privacy breaches have been facilitated by the ubiquitous internet and popular instant messaging applications like WhatsApp, Facebook Messenger. We conducted an online survey with 1810 participants to understand the privacy perceptions of the users related to PII. Survey data analysis shows that 68.9 % people have already indulged in a P2P privacy breach recently while 95.86 % people have chosen to be informed if their PII is shared by others. Thus, we establish that P2P privacy breach is a real concern and needs to be addressed. Analysis also shows that contact numbers and email ID, usually stored in contact cards in mobile devices, are the most shared PII categories followed by personal photographs and addresses. In this work we determine the risk associated with the contact card sharing from the mobile devices. We demonstrate the extent of privacy breach by modelling the contact card information diffusion in a directed random graph. To address this problem, we propose a collaborative P2P privacy model which detects all instances of contact card sharing from mobile devices and generates notifications for the data subjects. The notification also includes the P2P privacy breach severity.