Mobile App X-Ray

Mobile App X-Ray

A considerable amount of smartphone apps and web applications leak personal information to a variety of destinations and for a variety of purposes. Some of these purposes are critical for providing the service, whilst others include advertising and analytics.

Yet, most users are unaware which data is being collected about them, or by whom the data ends up being used. This causes a number of problems, including anxiety about potential misuse of data, and inability to reason about whether particular apps or services are "safe" to use in accordance with one's privacy preferences.

The Mobile App X-Ray project aims to help end-users make better informed privacy decisions by making the hidden information flows within and behind social machines visible, in particular for smartphone and web applications. We have developed several ways to measure hidden information disclosure activities, including dynamic (intercepting network traffic) and static methods (static analysis of disassembled compiled binaries).

We have also designed visual interfaces to represent this information to users and explore their privacy concerns and information management needs. Previous work in this project included analysis of third-party trackers associated with the top 5,000 Android app and top 5,000 websites.

Current efforts in the 'Ethical Data Initiative' scales up this work and aims to automated analysis of hundreds of thousands of apps from Google's app store and will provide a website and developer API that make this information publicly accessible.

Publications
Binns, R., Lyngs U., Van Kleek M., Zhao J., Libert T., & Shadbolt N. (2018).  Third Party Tracking in the Mobile Ecosystem. Proceedings of the 10th International ACM Web Science Conference 2018.
Van Kleek, M., Binns R., Zhao J., Slack A., Lee S., Ottewell D., et al. (2018).  X-Ray Refine: Supporting the Exploration and Refinement of Information Exposure Resulting from Smartphone Apps. Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems.
Van Kleek, M., Zhao J., Binns R., Slack A., & Lee S. (2017).  X-Ray Refine.
Binns, R., Van Kleek M., & Zhao J. (2017).  PROWISH.
Van Kleek, M., Liccardi I., Binns R., Zhao J., Weitzner D., & Shadbolt N. (2017).  Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps. Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. 5208–5220.
Van Kleek, M., Zhao J., Binns R., Francis A., Slack A., Ottewell D., et al. (2017).  X-Ray Archiver.
Zhao, J., Van Kleek M., & Binns R. (2016).  X-Ray DCI.