Drew Davidson and Benjamin Livshits
3 May 2012
This paper advocates for operating system support for personalization and describes MoRePriv, an operating system service implemented on top of the Windows Phone operating system. The approach presented in this paper combines the frequently conflicting goals of privacy and content personalization on mobile devices. We argue that personalization support should be as ubiquitous as location support, and should be provided by the OS instead of apps. To enable easy application personalization or skinning, MoRePriv approximates user's interests using personas such as technophile or business executive.
We demonstrate how always-on user interest mining can effectively and accurately infer user interests in a mobile operating system by parsing and classifying multiple streams of (sensitive) information about the user within the OS, such as their email, SMS, Facebook stream, and network communications. For privacy protection, this sensitive information is distilled to a coarse-grained pro- file, without being exposed to apps, which limits the potential for information leaks. We show that MoRePriv enables simple, but effective OS-wide universal personalization: for example, long drop-down lists in application UIs are automatically sorted to better fit the order of user's likely preferences. However, the real power of MoRePriv comes from exposing a personalization API to apps. Using a number of cases studies, we illustrate how more complex personalization and app skinning tasks can be achieved with the help of MoRePriv. We also argue for better OS support for ad libraries, advocating that a more privacy-aware design is possible for mobile advertising, combined with insight into user's preferences and tastes gained with MoRePriv. This approach combines the capabilities of today's powerful ad libraries with privacy concerns of the application, while reducing application permissions and enabling more powerful monetiza- tion models. Our experiments show that we are able to reduce app permissions in about 73% of apps that use ad libraries. The ad library study also shows that removing user tracking capabilities while providing persona information creates a useful compromise in practice.
Matthew Fredrikson and Ben Livshits. RePriv: Re-Envisioning In-Browser Privacy, IEEE Computer Society, 23 May 2011.