Grants Database

Grantee:
International Computer Science Institute
Amount Awarded:
$40,000
Project Title:
AppCensus: Mobile App Privacy Analysis at Scale
Fund:
Consumer Privacy Rights Fund, 2018
Website:
Issue:
 
Region:
 
County/Counties:
Our main audiences are mobile device users, regulators, and software developers within the United States; all of these groups are affected by American data privacy regulations such as the Children’s Online Privacy Protection Act (COPPA) and other such rules enforced at the state and federal level. Beyond being used as a tool to enforce federal privacy regulations, we have been in discussion with the California and New York attorneys generals’ offices about our work.

However, our findings are also relevant to end-users worldwide, as we generate privacy reports for software products that have substantial audiences both within the US and outside of it. One area that we hope to explore in the future is compliance with GDPR in the EU.

Project Description:

In prior work to re-engineer Android’s permission system, we built a framework for the dynamic analysis of mobile apps. This approach allows us to examine how apps and libraries use sensitive data sources on the device. By combining this capability with bespoke network monitoring tools, we have the most sophisticated view of when sensitive data is accessed and where it gets sent. AppCensus integrates those tools as an end-to-end testbed offering analytics-as-a-service: we accept a mobile app binary as input, automatically run it in a test environment monitored by our tools, perform a broad exploration via simulated user input, and generate reports of relevant app privacy behaviors. The results of this automated and reproducible analysis can be structured in a database and are made available at our public-facing website, https://appcensus.mobi. We propose enhancements to greatly expand the scale of our monitoring and to help developers ensure their apps respect user privacy.