11 November 2016

Can Smartphones and Privacy Coexist? Assessing Technologies and Regulations Protecting Personal Data on Android and iOS Devices



0.5 MB 

Technical Details » 

Research Questions 
What is the state of privacy with smartphones? What are the gaps and opportunities in addressing privacy and regulation in regard to smartphones? 

What are the privacy offerings on devices running Apple's iOS and Google's Android operating system? 

How does the users' use of smartphones affect privacy preferences? 

What are the different layers involved in hardware, apps, and networks that inform smartphone privacy (e.g., operating system manufacturer, app developer)? 

What technical and regulatory protections are available to protect privacy? 

As smartphones become more ubiquitous around the globe, policymakers inevitably have to grapple with issues related to the security and privacy of these devices. To aid in this understanding, in 2015, the Defense Advanced Research Projects Agency (DARPA) commissioned a team of researchers from the Massachusetts Institute of Technology (MIT) Lincoln Laboratory and the RAND Corporation to assess smartphone users' privacy from both technical and regulatory perspectives. This report documents the team's approach and findings. On the technical side, it describes a literature review and experiments performed by MIT Lincoln Laboratory investigating the state of privacy of the two major smartphone platforms in 2015: Google's Android and Apple's iOS. On the regulatory side, this report describes a review by RAND of major federal regulatory mechanisms for protecting privacy in the United States and provides a tool to understand both privacy regulation and technology.

While privacy-preserving technology is improving, users' privacy concerns have not been fully addressed by the technology itself. Appropriate regulatory protections also play a role in protecting smartphone users' privacy. Currently, many gaps exist between regulation and technology: The two are not adequately paired to provide the desired protections. We believe that many of these gaps can be identified using a tool that the project team developed for policymakers. By combining technical and regulatory components associated with smartphone privacy, this matrix-based tool will help policymakers guide directions for future research and assess the impact of technical and regulatory solutions that have been or will be implemented.

Key Findings

Google Android and Apple iOS Platforms Differ Fundamentally but Are Converging 
The differing platforms have led to fundamental differences between privacy protections and guarantees on iOS and Android devices. 
The permissions models controlling what data can be collected by apps are converging in significant ways. 
Android and iOS are adopting increased encryption to secure the data that is collected. 
Policymakers Have Several Options to Protect Privacy 
Some options put the onus on the user to recognize and prove that harm has occurred and to identify the perpetrator. 
This can be difficult in privacy encroachments in the digital ecosystem, where harm may be intangible or where it can be difficult to identify who is responsible for the privacy invasion. 
A comprehensive policy overhaul relating to privacy is unlikely to occur in the United States in the short term. 
Recommendation

We propose a tool based on the data lifecycle and Fair Information Practices that allows policymakers to analyze gaps and strengths in smartphone privacy protections during each phase in the life cycle of smartphone data.

No comments: