Home > Research > Publications & Outputs > A framework for privacy aware design in future ...

Electronic data

  • 2019mukisaphd

    Final published version, 7.06 MB, PDF document

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Text available via DOI:

View graph of relations

A framework for privacy aware design in future mobile applications

Research output: ThesisDoctoral Thesis

Published

Standard

A framework for privacy aware design in future mobile applications. / Kibirige Mukisa, Sarah.
Lancaster University, 2019. 222 p.

Research output: ThesisDoctoral Thesis

Harvard

APA

Vancouver

Kibirige Mukisa S. A framework for privacy aware design in future mobile applications. Lancaster University, 2019. 222 p. doi: 10.17635/lancaster/thesis/1059

Author

Bibtex

@phdthesis{13b06ea1dac843cc934b7c53ba01f08f,
title = "A framework for privacy aware design in future mobile applications",
abstract = "Mobile communications and applications play an important role in connecting people ubiquitously across different domain spaces due to their portable nature and easy accessibility. Mobile applications have drastically changed the way businesses are run by bringing them closer to their customers. Businesses today are connected to cloud based-tools, which makes it easier to start and run a business. Furthermore, mobile applications have changed the way we communicate with each other in our daily lives. They have increasingly beendeployed by companies to help with, among other things, the management of business efficiency, ease in accessing information, simplifying communication and the provision of user-friendly applications. The number of mobile devices is increasing exponentially, it is estimated that 1.5 billion devices are available to the public worldwide. In addition, there is a multitude of operating systems running on these devices, all running on different architectures and configurations. The diversity of the different versions of applicationsthat need to be constantly updated as they become outdated makes mobile applications highly susceptible to security and privacy flaws. Until recently, privacy has not been the main centre of interest within the design of mobile applications. Although, a number of privacy preserving solutions have been developed to improve privacy, existing research solutions adopt static design models which are not suitable for mobile applications. There is a significant gap between having common practices for designing and implementingprivacy-preserving methods due to the cross-disciplinary nature of mobile applications. Most importantly, personal data are constantly collected and shared with unknown recipients. This is a challenging problem as users are not aware of how their data is used and shared without their consent. Furthermore, existing privacy policies are not stringently implemented during application development. Application designers do not comply with regulations envisaged by data protection regulation bodies. To investigate the problem domain, this thesis takes a bottom-up approach and contributes by analyzing currentmobile applications to determine the integration of privacy mechanisms and privacy policies at the application level. We should however note that, the focus of this work contributes to the knowledge related to designing of holistic privacy preserving mobile applications and not the implementation aspect. Furthermore, this thesis introduces a novel privacy trade-off analysis framework that enables the design of privacy-aware applications. A privacy trade-off analysis generates a design solution that best suits an application's privacy goals and requirements. To demonstrate the privacy-aware framework, TRANK, two prototypes in the eHealth domain and the V2X Telematics domain, that integrate privacy-preserving technologies in modern mobile applications have been implemented and tested. Our implementation takes into consideration the trade-off between privacy, functionality and performance to provide a better privacy-awareapplication. The resulting system enables users to choose which data are to be collected about them. In this way, users can easily opt in and out of the application without having to give up all their personally identifiable information whenever they choose to, thus, enhance their overall privacy preservation. To the best of our knowledge our framework and the results in this thesis out perform the existing state of-the-art privacy preserving solutions. The privacy-enhancing technologies employed and the privacy-by-design mechanisms introduced at the initial stages of development thus, aid the improvement ofprivacy in mobile applications.",
author = "{Kibirige Mukisa}, Sarah",
year = "2019",
month = jul,
day = "30",
doi = "10.17635/lancaster/thesis/1059",
language = "English",
publisher = "Lancaster University",
school = "Lancaster University",

}

RIS

TY - BOOK

T1 - A framework for privacy aware design in future mobile applications

AU - Kibirige Mukisa, Sarah

PY - 2019/7/30

Y1 - 2019/7/30

N2 - Mobile communications and applications play an important role in connecting people ubiquitously across different domain spaces due to their portable nature and easy accessibility. Mobile applications have drastically changed the way businesses are run by bringing them closer to their customers. Businesses today are connected to cloud based-tools, which makes it easier to start and run a business. Furthermore, mobile applications have changed the way we communicate with each other in our daily lives. They have increasingly beendeployed by companies to help with, among other things, the management of business efficiency, ease in accessing information, simplifying communication and the provision of user-friendly applications. The number of mobile devices is increasing exponentially, it is estimated that 1.5 billion devices are available to the public worldwide. In addition, there is a multitude of operating systems running on these devices, all running on different architectures and configurations. The diversity of the different versions of applicationsthat need to be constantly updated as they become outdated makes mobile applications highly susceptible to security and privacy flaws. Until recently, privacy has not been the main centre of interest within the design of mobile applications. Although, a number of privacy preserving solutions have been developed to improve privacy, existing research solutions adopt static design models which are not suitable for mobile applications. There is a significant gap between having common practices for designing and implementingprivacy-preserving methods due to the cross-disciplinary nature of mobile applications. Most importantly, personal data are constantly collected and shared with unknown recipients. This is a challenging problem as users are not aware of how their data is used and shared without their consent. Furthermore, existing privacy policies are not stringently implemented during application development. Application designers do not comply with regulations envisaged by data protection regulation bodies. To investigate the problem domain, this thesis takes a bottom-up approach and contributes by analyzing currentmobile applications to determine the integration of privacy mechanisms and privacy policies at the application level. We should however note that, the focus of this work contributes to the knowledge related to designing of holistic privacy preserving mobile applications and not the implementation aspect. Furthermore, this thesis introduces a novel privacy trade-off analysis framework that enables the design of privacy-aware applications. A privacy trade-off analysis generates a design solution that best suits an application's privacy goals and requirements. To demonstrate the privacy-aware framework, TRANK, two prototypes in the eHealth domain and the V2X Telematics domain, that integrate privacy-preserving technologies in modern mobile applications have been implemented and tested. Our implementation takes into consideration the trade-off between privacy, functionality and performance to provide a better privacy-awareapplication. The resulting system enables users to choose which data are to be collected about them. In this way, users can easily opt in and out of the application without having to give up all their personally identifiable information whenever they choose to, thus, enhance their overall privacy preservation. To the best of our knowledge our framework and the results in this thesis out perform the existing state of-the-art privacy preserving solutions. The privacy-enhancing technologies employed and the privacy-by-design mechanisms introduced at the initial stages of development thus, aid the improvement ofprivacy in mobile applications.

AB - Mobile communications and applications play an important role in connecting people ubiquitously across different domain spaces due to their portable nature and easy accessibility. Mobile applications have drastically changed the way businesses are run by bringing them closer to their customers. Businesses today are connected to cloud based-tools, which makes it easier to start and run a business. Furthermore, mobile applications have changed the way we communicate with each other in our daily lives. They have increasingly beendeployed by companies to help with, among other things, the management of business efficiency, ease in accessing information, simplifying communication and the provision of user-friendly applications. The number of mobile devices is increasing exponentially, it is estimated that 1.5 billion devices are available to the public worldwide. In addition, there is a multitude of operating systems running on these devices, all running on different architectures and configurations. The diversity of the different versions of applicationsthat need to be constantly updated as they become outdated makes mobile applications highly susceptible to security and privacy flaws. Until recently, privacy has not been the main centre of interest within the design of mobile applications. Although, a number of privacy preserving solutions have been developed to improve privacy, existing research solutions adopt static design models which are not suitable for mobile applications. There is a significant gap between having common practices for designing and implementingprivacy-preserving methods due to the cross-disciplinary nature of mobile applications. Most importantly, personal data are constantly collected and shared with unknown recipients. This is a challenging problem as users are not aware of how their data is used and shared without their consent. Furthermore, existing privacy policies are not stringently implemented during application development. Application designers do not comply with regulations envisaged by data protection regulation bodies. To investigate the problem domain, this thesis takes a bottom-up approach and contributes by analyzing currentmobile applications to determine the integration of privacy mechanisms and privacy policies at the application level. We should however note that, the focus of this work contributes to the knowledge related to designing of holistic privacy preserving mobile applications and not the implementation aspect. Furthermore, this thesis introduces a novel privacy trade-off analysis framework that enables the design of privacy-aware applications. A privacy trade-off analysis generates a design solution that best suits an application's privacy goals and requirements. To demonstrate the privacy-aware framework, TRANK, two prototypes in the eHealth domain and the V2X Telematics domain, that integrate privacy-preserving technologies in modern mobile applications have been implemented and tested. Our implementation takes into consideration the trade-off between privacy, functionality and performance to provide a better privacy-awareapplication. The resulting system enables users to choose which data are to be collected about them. In this way, users can easily opt in and out of the application without having to give up all their personally identifiable information whenever they choose to, thus, enhance their overall privacy preservation. To the best of our knowledge our framework and the results in this thesis out perform the existing state of-the-art privacy preserving solutions. The privacy-enhancing technologies employed and the privacy-by-design mechanisms introduced at the initial stages of development thus, aid the improvement ofprivacy in mobile applications.

U2 - 10.17635/lancaster/thesis/1059

DO - 10.17635/lancaster/thesis/1059

M3 - Doctoral Thesis

PB - Lancaster University

ER -