Annual Computer Security Applications Conference (ACSAC) 2014

Full Program »

MoRePriv: Mobile Os Support For Application Personalization And Privacy

Privacy and personalization of mobile experiences are inher- ently in conflict: better personalization demands knowing more about the user, potentially violating user privacy. A promising approach to mitigate this tension is to migrate personalization to the client, an approach dubbed client-side personalization. This paper advocates for operating system support for client- side personalization and describes XEPP, an operating system service implemented on top of the Windows Phone OS. We argue that personalization support should be as ubiquitous as location support, and should be provided by a unified system within the OS, instead of by individual apps.
We aim to provide a solution that will stoke innovation around mobile personalization. To enable easy application per- sonalization, XEPP approximates users’ interests using per- sonae such as technophile or business executive. Using a number of case studies and crowd-sourced user studies, we illustrate how more complex personalization tasks can be achieved with the help of XEPP.
For privacy protection, XEPP distills sensitive user infor- mation to a coarse-grained profile, which limits the potential damage from information leaks. We see XEPP as a way to increase end-user privacy by enabling client-side computing, thus minimizing the need to share user data with the server. As such, XEPP shepherds the ecosystem towards a better pri- vacy stance by nudging developers away from today’s privacy- violating practices. Furthermore, XEPP can be combined with privacy-enhancing technologies and is complimentary to recent advances in data leak detection.


Drew Davidson    
University of Wisconsin
United States

Matt Fredrikson    
University of Wisconsin
United States

Benjamin Livshits    
Microsoft Research
United States


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC