Safeguarding Privacy on Mobile Devices

Posted on Wednesday, March 16th, 2022

Woman sitting in a coffee shop purchasing something with your credit card on her phone
Mobile cyberattacks increased by over 350 per cent in 2021. Before installing apps on your mobile devise make sure you read the fine print to know what information you are giving away.

Mobile devices can collect and share data on everything we do.

We take mobile devices everywhere. But not everyone is aware that our smartphones have sensors that collect all kinds of data, including our location, health and search history. Because our mobile devices are connected to the internet, they offer companies a unique opportunity to collect these data from us in real time—an approach called “crowdsensing.” Crowdsensing can be participatory, when we voluntarily participate in contributing information such as a survey; or opportunistic, implicitly providing our consent when we agree to the terms and conditions on applications such as Google Maps.

With crowdsensing, there is an inherent risk that our personal information can be identified by the company or third parties. That risk is increased when companies select users for crowdsensing based on multiple selection criteria such as location, reliability (could you complete a task correctly) and credit scores (how often you complete a task correctly). Thus, cybersecurity researchers are focused on finding ways to protect mobile users’ personal data privacy when it comes to participatory or opportunistic data collection.

Crowdsensing security

A team of researchers, including University of Guelph Computer Science Professor Dr. Xiaodong Lin, has developed a solution to protect mobile device users’ privacy. Recently awarded the 2020 Best Paper Award for IEEE Transactions on Mobile Computing from the IEEE Computer Society, their novel work is called the strong privacy-preserving mobile crowdsensing program or “SPOON.” SPOON uses encryption mechanisms to ensure that mobile device user data is anonymized before being shared with service providers, thereby preventing privacy breaches while enabling continued data collection. SPOON allows the company to set the geographic location of mobile users to select from and are then given a randomized selection of mobile users ranked according to past crowdsensing participation (credit scores), enabling the company to develop secure and efficient crowdsensing.

Lin’s SPOON helps protect personal data in three ways: First, it enables service providers to identify users for crowdsensing without revealing their exact geographic location. Second, SPOON helps prove users’ reliability for completing a given task without requiring their personal information. Third, it proves users’ trustworthiness without exposing their credit scores.

Keeping personal information safe and secure

We all benefit from sharing our mobile information. Service providers use the information to offer us personalized services, such as real-time traffic updates, emergency weather alerts, and public services such as environmental monitoring. Lin and the research team have developed a solution that enables these companies to continue leveraging our data while keeping our personal information safe and secure.

“We have demonstrated the advantages of [SPOON] on security and efficiency,” says Lin. “It enables service providers to build secure and efficient mobile crowdsensing services that support accurate task allocation and trust management for customers.”

This work was supported by The Natural Sciences and Engineering Research Council of Canada (NSERC).

Picture of Xiaodong Lin

Xiaodong Lin is a Professor in the School of Computer Science.

Ni J, Zhang K, Xia Q, Lin X, Shen X. Enabling Strong Privacy Preservation and Accurate Task Allocation for Mobile Crowdsensing. IEEE Transactions on Mobile Computing. 2020. doi: 10.1109/TMC.2019.2908638

News Archive