Join our IOPD Privacy Engineering & Technology Education Discussion (PETed) Series! The format of the webinar will be a recorded 10-minute introduction followed by a 40-minute informal discussion and interaction with members of the IOPD. The goal will be a discussion on how to solve a specific privacy problem or privacy related resource topic and the latest implementation techniques for some of the biggest challenges like synthetic data, zero-knowledge proofs, homomorphic encryption, and translucent databases.
The participants will be asked to bring questions related to the topic. Come back the fourth Thursday of every month for a new discussion, new speaker, and new insights on the most cutting-edge privacy challenges!
Date & Time:
April 25, 2024 @ 12:00 PM EDT / 5:00 PM CET
Topic:
From Permission Usage to Compliance Analysis: Lessons Learned Analyzing Android Apps for 10 years
Synopsis:
We have been analyzing Android apps for regulatory requirements for eight years. We have analyzed Android apps for COPPA, CCPA, and Health Compliance (HIPAA, HBNR, and FTC Act). In this talk, I present the lessons learned after analyzing thousands of apps, the technical challenges we face while analyzing Android apps, patterns of non-compliance issues we uncovered, and the likely root causes of non-compliance. The talk will touch upon challenges posed by third-party code in complying with regulatory requirements, the importance of privacy assessment, and how the technical realm has changed over time for privacy assessments.
Problem Statement:
What are the risks posed by the use of third-party code in the mobile ecosystem? How can you identify those risks before they become a regulatory headache?
Related PETs (Privacy-Enhancing Technologies):
- Accountability
- Code Transparency
- Permission Usage
- Privacy Assessment
- Dynamic Analysis
Pre-Discussion Resources:
- https://petsymposium.org/popets/2018/popets-2018-0021.php
- https://www.usenix.org/system/files/sec19-reardon.pdf
- https://petsymposium.org/popets/2023/popets-2023-0072.php
- https://conpro23.ieee-security.org/papers/samarin-conpro23.pdf
- https://www.ieee-security.org/TC/SPW2021/ConPro/papers/samarin-conpro21.pdf
- https://www.ieee-security.org/TC/SPW2019/ConPro/papers/okoyomon-conpro19.pdf
- https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-wijesekera.pdf
- https://petsymposium.org/popets/2022/popets-2022-0108.pdf
- https://petsymposium.org/popets/2020/popets-2020-0050.pdf
- https://www.issa.org/event/taking-responsibility-for-someone-elses-code-studying-the-privacy-behaviors-of-mobile-apps-at-scale/
Speaker:
Primal Wijesekera
Primal Wijesekera is a research scientist in the Usable Security and Privacy Research Group at ICSI and holds an EECS appointment at the University of California, Berkeley. His research exposes current privacy and security vulnerabilities and provides systematic solutions to meet consumers’ privacy expectations. He has extensive experience in mobile app analysis for privacy and security violations and implementing privacy protections for Android. He has published in top-tier security venues (IEEE S&P, USENIX Security) and usable security and privacy venues (ACM CHI, SOUPS, PETS). He received his Ph.D. from the University of British Columbia, although he carried out his Ph.D. research at UC Berkeley. His research on privacy on mobile platforms has received the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies, the USENIX Security Distinguished Paper Award, the AEPD Emilio Aced Personal Data Protection Research Award, and the CNIL-INRIA Privacy Award. He is a PI/Co-PI on multiple NSF Projects. He has also helped federal regulators in sensitive privacy investigations. He has also held an engineering position at Microsoft.
Moderator:
Janelle Hsia
Janelle Hsia is the President and Founder of Privacy SWAN Consulting working as a trainer, consultant, and trusted advisor for strategic and tactical decision-making. While she is focused on the field of privacy and data protection, Janelle Hsia is not a lawyer and brings a diverse background with strong leadership, technical, and business skills spanning 20 years in the areas of project management, IT, privacy, security, data governance, and process improvement. Janelle Hsia is also Co-Founder and Vice-President of the Institute of Operational Privacy Design.
The IOPD Privacy Engineering & Technology Education Discussion (PETed) Series is a members-only event. Join as an Ambassador before the 1st of each month to get invited to this month’s event! Please reach out to a current member to be invited as a guest. If you are already a member, subscribe to our PETed Mailing List for announcements and monthly invitations!