IMDEA Networks completes the TRUST aWARE project, elevating privacy protection in mobile applications
IMDEA Networks/DICYT IMDEA Networks, in collaboration with various partners, has successfully completed the TRUST aWARE project, an innovative initiative that has addressed the growing challenges of privacy and security in consumer-oriented software. This project, which has counted with the outstanding contribution of the Internet Analytics Group (IAG) of the Institute, focused on the issues of access to and use of sensitive personal data by mobile applications, often without users being aware of how their data is used, shared, or protected.
To tackle this problem, IMDEA Networks, in association with UC3M, developed a hybrid analysis technique that combines static and dynamic analysis channels capable of monitoring and analyzing application behavior in real time, identifying potential privacy risks such as leaks of personally identifiable information (PII).
“Additionally, the project has explored the privacy expectations of citizens across Europe and different age groups, developed novel Natural Language Processing (NLP) tools to evaluate the transparency and compliance of consent forms and policies, and provided mechanisms for users to exercise their digital rights. At the same time, scalable content analysis mechanisms were created to detect and rate harmful and inappropriate content, such as adult content distributed through ad networks to minors,” explains Dr. Narseo Vallina, Associate Professor at IMDEA Networks.
All the results, as well as patents and vulnerability patches for major smart product vendors, attest to the pioneering research conducted in this project. “We have also published many datasets and tools as open-source solutions so that they can be adopted by the research community and industry, thus enabling the transfer of knowledge to society,” comments Aniketh Girish, PhD student at IMDEA Networks.
Researchers at IMDEA Networks have played an integral role in the TRUST aWARE project, leading the development of the mobile dynamic analysis channel, including network monitoring, runtime monitoring, SDK detection (a mechanism to identify third party components in the software supply chain), and PII leak tracking.
“The project’s results have influenced the adoption of stricter privacy measures also at Android and IoT vendors, and contributed to improving regulations in this regard. Therefore, they will benefit society by accurately and comprehensively studying security and privacy risks, transparency, and software compliance. By evaluating transparency and compliance, the project enables software-as-a-service auditing for authorities, developers, and certification bodies, helping to mitigate risks at an early stage,” says Girish.
Innovation and future research
TRUST aWARE includes the development of advanced technologies and a novel tool that are being patented (e.g., the SDK detection technique invented by IMDEA Networks). These tools have set new standards for mobile application security and privacy, resulting in numerous high-impact publications, activating patches, and revealing new security issues.
Furthermore, the project has opened new lines of research. These include the analysis of location data and its use in mass surveillance strategies, the characterization of sensitive personal data collected by mobile applications and smart health-related devices, and the investigation of vulnerabilities and privacy risks within the Android browsing ecosystem, known as WebViews.