Towards a more transparent smart device
Smart devices such as smartphones are not only ubiquitous, they’re a critical part of our everyday lives – used for everything from communication to navigation. But to deliver such services, these devices utilise a massive amount of proprietary software that comes from different vendors, each of which offers different levels of transparency and privacy control. As a result, a user may have no idea that their favourite social network app is also tracking their location. “Smartphones mediate a growing share of everyday activity, yet their actions remain difficult for users and independent researchers to inspect,” says Nikolaos Alexopoulos(opens in new window), a researcher at Athens University of Economics and Business(opens in new window) (AUEB). What’s needed are new tools that can give users clearer visibility of how their devices behave – which is exactly what the EU-funded SPUCS(opens in new window) project set out to deliver.
Increasing transparency and control over smart devices
Coordinated by AUEB, the Marie Skłodowska-Curie Actions(opens in new window) (MSCA) supported project developed new software architectures and methods for increasing transparency and control over smart devices. Specifically, the project focused on mobile devices running the Android OS, the most popular operating system in the world. “We pursued this aim by developing and empirically evaluating new methods designed to operate on unmodified, commercially available Android devices,” explains Alexopoulos.
New tool provides enhanced transparency to end users
One of those methods is SliceDroid, a tool for reconstructing application behaviour from kernel traces on unmodified Android devices. The method was validated via an empirical study comparing the security and privacy characteristics of widely used Android messaging applications. “By extracting behavioural information and monitoring the execution of all apps and system components, this innovative method offers enhanced transparency to end users,” adds Alexopoulos. An open-source implementation is available on Github(opens in new window).
BBS signatures offer greater privacy
Researchers also studied several candidate credential schemes for digital identity wallets – research that identified the BBS signature scheme(opens in new window) as a plausible option, even on constrained devices. “Our results showed that BBS signatures can offer increased privacy to end users of mobile devices while incurring a modest overhead, even in wearable-class devices, such as smartwatches,” notes Alexopoulos. In addition to its research, the project established a new IT security course at AUEB.
An important first step towards more transparency
The work done by the SPUCS project represents an important first step towards creating smart devices capable of operating more transparently. “We hope that the directions explored during the project will be taken up and built upon by others, and that the working relationships and educational activities initiated through the MSCA fellowship will continue to bear fruit over time,” concludes Alexopoulos.
