Trustworthy Platforms & Systems

PrivySeal

A privacy enhancing app store.

~ Project Website

Data privacy is a growing concern in today’s world, where private information is being increasingly exposed to third-party apps. For instance, take the vast number of people using cloud-based apps like Google Drive, Dropbox, Box, Amazon Drive, MediaFire, and Microsoft OneDrive. Most of these cloud storage options have developed their own suit of apps to augment the user experience. However, when you use such apps, you unwittingly share more of your personal data than needed to meet your requirements. To mitigate that risk, researchers at EPFL’s Distributed Information Systems Laboratory (LSIR) have developed a privacy enhancing app store called PrivySeal.

The researchers behind PrivySeal are Hamza Harkous and Bojan Karlaš, who are working under the supervision of Dr. Rameez Rahman and Prof. Karl Aberer. It is a CloudSpaces project funded by the European Commission.

The tool was developed after an arduous process of analyzing the risk factors arising from using third-party apps on cloud storage systems. Thus, the researchers studied a set of 100 featured apps compatible with Google Drive, and discovered that 64 of them requested unnecessary permissions from the user, and as many as 76 apps needed full access to the user’s Google Drive. Clearly, such over-privileged apps pose a major risk to data integrity.

To circumvent this danger, the researchers experimented with various permission models and app interfaces, and then developed PrivySeal as a privacy assistant for installing cloud apps. After signing in, users can browse the list of apps, zero-in on the ones they want to use, and then use PrivySeal’s interface (based on data-driven indicators like Far-reaching Insights) to ascertain whether the selected app is over-privileged. They can also search for a specific app, or sort apps that are least privileged.

The user experience so far has shown PrivySeal to be extremely potent in reducing the risk of unnecessary data being collected by cloud-based apps. Not surprisingly, PrivySeal already has 1700 users, and the number is growing by the day.

Further reading:

https://infoscience.epfl.ch/record/218003/files/PrivySeal_PETS_2016.pdf?version=2
https://privyseal.epfl.ch/#