Chiachih Wu,Yajin Zhou,Kunal Patel,Zhenkai Liang,Xuxian Jiang

DOI: https://doi.org/10.14722/ndss.2014.23164

2014-01-01

Abstract:Recent years have experienced explosive growth of smartphone sales. Inevitably, the rise in the popularity of smartphones also makes them an attractive target for attacks. In light of these threats, current mobile platform providers have developed various server-side vetting processes to block malicious applications (“apps”). While helpful, they are still far from ideal in achieving their goals. To make matters worse, the presence of alternative (less-regulated) mobile marketplaces also opens up new attack vectors, which necessitate client-side solutions (e.g., mobile anti-virus software) to run on mobile devices. However, existing client-side solutions still exhibit limitations in their capability or deployability. In this paper, we present AirBag, a lightweight OS-level virtualization approach to enhance the popular Android platform and boost our defense capability against mobile malware infection. Assuming a trusted smartphone OS kernel and the fact that untrusted apps will be eventually installed onto users’ phones, AirBag is designed to isolate and prevent them from infecting our normal systems (e.g., corrupting the phone firmware) or stealthily leaking private information. More specifically, by dynamically creating an isolated runtime environment with its own dedicated namespace and virtualized system resources, AirBag not only allows for transparent execution of untrusted apps, but also effectively mediates their access to various system resources or phone functionalities (e.g., SMSs or phone calls). We have implemented a proof-of-concept prototype on three representative mobile devices, i.e., Google Nexus One, Nexus 7, and Samsung Galaxy S III. The evaluation results with a number of untrusted apps, including real-world mobile malware, demonstrate its practicality and effectiveness.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1109/noms.2016.7502850

2016-01-01

Abstract:Mobile apps continue to consume increasing amounts of sensitive data, such as banking credentials and classified documents. At the same time, the number of smartphone thefts is increasing at a rapid speed. As a result, there is an imperative need to protect sensitive data on lost or stolen mobile devices. In this work, we develop a practical solution to protect sensitive data on mobile devices. Our solution enables adaptive protection by pro-actively stepping up or stepping down data security based on perceived contextual risk of the device. We realize our solution for the Android platform in the form of a system called AppShell. AppShell does not require root privilege, nor need any modification to the underlying framework, and hence is a ready-to-deploy solution. It supports both in-memory and on-disk data protection by transparently encrypting the data, and discarding the encryption key, when required, for enhanced protection. We implement a working prototype of AppShell and evaluate it against several popular Android apps. Our results show that AppShell can successfully protect sensitive data in the lost devices with a reasonable performance overhead.

Sanorita Dey,Nirupam Roy,Wenyuan Xu,Romit Roy Choudhury,Srihari Nelakuditi

DOI: https://doi.org/10.14722/ndss.2014.23059

2014-01-01

Abstract:As mobile begins to overtake the fixed Internet access, ad networks have aggressively sought methods to track users on their mobile devices. While existing countermeasures and regulation focus on thwarting cookies and various device IDs, this paper submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users. We believe that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus. The differences in responses are subtle enough that they do not affect most of the higher level functions computed on them. Nonetheless, upon close inspection, these fingerprints emerge with consistency, and can even be somewhat independent of the stimulus that generates them. Measurements and classification on 80 standalone accelerometer chips, 25 Android phones, and 2 tablets, show precision and recall upward of 96%, along with good robustness to realworld conditions. Utilizing accelerometer fingerprints, a crowdsourcing application running in the cloud could segregate sensor data for each device, making it easy to track a user over space and time. Such attacks are almost trivial to launch, while simple solutions may not be adequate to counteract them.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Hosam Alamleh,Michael Gogarty,David Ruddell,Ali Abdullah S. AlQahtani

2024-01-25

Abstract:This study presents an in-depth analysis of the security landscape in Bluetooth Low Energy (BLE) tracking systems, with a particular emphasis on Apple AirTags and Samsung SmartTags, including their cryptographic frameworks. Our investigation traverses a wide spectrum of attack vectors such as physical tampering, firmware exploitation, signal spoofing, eavesdropping, jamming, app security flaws, Bluetooth security weaknesses, location spoofing, threats to owner devices, and cloud-related vulnerabilities. Moreover, we delve into the security implications of the cryptographic methods utilized in these systems. Our findings reveal that while BLE trackers like AirTags and SmartTags offer substantial utility, they also pose significant security risks. Notably, Apple's approach, which prioritizes user privacy by removing intermediaries, inadvertently leads to device authentication challenges, evidenced by successful AirTag spoofing instances. Conversely, Samsung SmartTags, designed to thwart beacon spoofing, raise critical concerns about cloud security and user privacy. Our analysis also highlights the constraints faced by these devices due to their design focus on battery life conservation, particularly the absence of secure boot processes, which leaves them susceptible to OS modification and a range of potential attacks. The paper concludes with insights into the anticipated evolution of these tracking systems. We predict that future enhancements will likely focus on bolstering security features, especially as these devices become increasingly integrated into the broader IoT ecosystem and face evolving privacy regulations. This shift is imperative to address the intricate balance between functionality and security in next-generation BLE tracking systems.

Cryptography and Security

Kieron Ivy Turk,Alice Hutchings

DOI: https://doi.org/10.48550/arXiv.2312.07157

2023-12-12

Abstract:Personal item tracking devices are popular for locating lost items such as keys, wallets, and suitcases. Originally created to help users find personal items quickly, these devices are now being abused by stalkers and domestic abusers to track their victims' location over time. Some device manufacturers created `anti-stalking features' in response, and later improved on them after criticism that they were insufficient. We analyse the effectiveness of the anti-stalking features with five brands of tracking devices through a gamified naturalistic quasi-experiment in collaboration with the Assassins' Guild student society. Despite participants knowing they might be tracked, and being incentivised to detect and remove the tracker, the anti-stalking features were not useful and were rarely used. We also identify additional issues with feature availability, usability, and effectiveness. These failures combined imply a need to greatly improve the presence of anti-stalking features to prevent trackers being abused.

Cryptography and Security

Mira Weller,Jiska Classen,Fabian Ullrich,Denis Waßmann,Erik Tews

DOI: https://doi.org/10.48550/arXiv.2005.08208

2020-05-17

Cryptography and Security

Abstract:A Bluetooth finder is a small battery-powered device that can be attached to important items such as bags, keychains, or bikes. The finder maintains a Bluetooth connection with the user's phone, and the user is notified immediately on connection loss. We provide the first comprehensive security and privacy analysis of current commercial Bluetooth finders. Our analysis reveals several significant security vulnerabilities in those products concerning mobile applications and the corresponding backend services in the cloud. We also show that all analyzed cloud-based products leak more private data than required for their respective cloud services. Overall, there is a big market for Bluetooth finders, but none of the existing products is privacy-friendly. We close this gap by designing and implementing PrivateFind, which ensures locations of the user are never leaked to third parties. It is designed to run on similar hardware as existing finders, allowing vendors to update their systems using PrivateFind.

Zhuolong Yu,Liusheng Huang,Hansong Guo,Hongli Xu

DOI: https://doi.org/10.1007/978-3-319-47650-6_36

2016-01-01

Abstract:Losing smartphones is a troublesome thing as smartphones are playing an important role in our daily lives. As smartwatches become popular, we argue that smartwatches can play a role in smartphone antitheft design. In this paper, we propose i-Shield, a real-time antitheft system that leverages accelerometers and gyroscopes of smartphones and smartwatches to prevent smartphone being stolen. As opposed to existing solutions which are based on Bluetooth, NFC, or GPS tracking, i-Shield follows a practical manner to achieve the goal of real-time antitheft for smartphones. i-Shield recognizes taken-out events of smartphones using a supervised classifier, and applies a dynamic time warping (DTW) scheme to recognize whether the events are caused by users themselves. We conduct a series of experiments on iPhone6 and iPhone4s, and the evaluation results show that our system can achieve 97.4% true positive rate of recognizing taken-out actions, and classify taken-out actions with mis-classification rate of 1.12%.

Konrad Kollnig,Anastasia Shuba,Max Van Kleek,Reuben Binns,Nigel Shadbolt

DOI: https://doi.org/10.1145/3531146.3533116

2022-05-07

Abstract:Tracking is a highly privacy-invasive data collection practice that has been ubiquitous in mobile apps for many years due to its role in supporting advertising-based revenue models. In response, Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels, which disclose what kinds of data each app processes. So far, the impact of these changes on individual privacy and control has not been well understood. This paper addresses this gap by analysing two versions of 1,759 iOS apps from the UK App Store: one version from before iOS 14 and one that has been updated to comply with the new rules. We find that Apple's new policies, as promised, prevent the collection of the Identifier for Advertisers (IDFA), an identifier for cross-app tracking. Smaller data brokers that engage in invasive data practices will now face higher challenges in tracking users - a positive development for privacy. However, the number of tracking libraries has roughly stayed the same in the studied apps. Many apps still collect device information that can be used to track users at a group level (cohort tracking) or identify individuals probabilistically (fingerprinting). We find real-world evidence of apps computing and agreeing on a fingerprinting-derived identifier through the use of server-side code, thereby violating Apple's policies. We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring. We also find that the new Privacy Nutrition Labels are sometimes inaccurate and misleading. Overall, our findings suggest that, while tracking individual users is more difficult now, the changes reinforce existing market power of gatekeeper companies with access to large troves of first-party data and motivate a countermovement.

Cryptography and Security,Computers and Society

Lars Baumgärtner,Alexandra Dmitrienko,Bernd Freisleben,Alexander Gruler,Jonas Höchst,Joshua Kühlberg,Mira Mezini,Richard Mitev,Markus Miettinen,Anel Muhamedagic,Thien Duc Nguyen,Alvar Penning,Dermot Frederik Pustelnik,Filipp Roos,Ahmad-Reza Sadeghi,Michael Schwarz,Christian Uhl

DOI: https://doi.org/10.48550/arXiv.2006.05914

2020-11-06

Abstract:Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts with the potential of affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can easily be used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). The goal of our work is to perform a reality check towards possibly providing empirical real-world evidence for these two privacy and security risks. We hope that our findings provide valuable input for developing secure and privacy-preserving digital contact tracing systems.

Cryptography and Security,Computers and Society

Hansong Guo,Liusheng Huang,He Huang,Zehao Sun,Jiade Peng,Zhuolong Yu,Zhenyu Zhu,Hongli Xu,Hengchang Liu

DOI: https://doi.org/10.1109/uic-atc-scalcom-cbdcom-iop.2015.54

2015-01-01

Abstract:In recent years, the number of reports about people assaulted in China and all over the world is significantly increasing, and most of the victims in these assault cases are females, who often lack enough strength to revolt when facing dangerous situations. At the same time smartphones are becoming more and more ubiquitous and being utilized in many fields of our daily lives nowadays, so we argue that smartphones should also play a more important role in the field of personal security. In this paper, we propose a novel system called Guardian Angel for personal security against assaults synthetically leveraging accelerometers, GPS, microphones and vibration motors, which have already been equipped on most off-the-shelf smartphones. As opposed to existing solutions, Guardian Angel follows a more practical, more energy-efficient and more intelligent manner. When confronted with danger, users can ask for assistance by knocking on their smartphones. Guardian Angel recognizes these knock actions with the help of a supervised classifier constructed from thirteen different features. To reduce energy consumption and system overheads ulteriorly, Guardian Angel mines safe locations automatically from GPS positions of users' daily lives utilizing a DBSCAN(Density-Based Spatial Clustering of Applications with Noise)-based algorithm and enters a dormant state when in safe locations. We conduct a series of experiments on Google Nexus 5 smartphones, and evaluation results demonstrate that Guardian Angel achieves 92.8% true positive rate and 0.0% false positive rate about recognizing users' requests and making responses correspondingly.

Oleg Geier,Dominik Herrmann

DOI: https://doi.org/10.48550/arXiv.2104.06167

2021-04-13

Computers and Society

Abstract:In this paper we present a platform which is usable by novice users without domain knowledge of experts. The platform consisting of an iOS app to monitor network traffic and a website to evaluate the results. Monitoring takes place on-device; no external server is required. Users can record and share network activity, compare evaluation results, and create rankings on apps and app-groups. The results are used to detect new trackers, point out misconduct in privacy practices, or automate comparisons on app-attributes like price, region, and category. To demonstrate potential use cases, we compare 75 apps before and after the iOS 14 release and show that we can detect trends in app-specific behavior change over time, for example, by privacy changes in the OS. Our results indicate a slight decrease in tracking but also an increase in contacted domains. We identify seven new trackers which are not present in current tracking lists such as EasyList. The games category is particularly prone to tracking (53% of the traffic) and contacts on average 36.2 domains with 59.3 requests per minute.

Amadou Moctar Kane

DOI: https://doi.org/10.48550/arXiv.2004.00108

2020-04-01

Abstract:The recent introduction of Find My app by Apple will open a large window of opportunities for whistleblowers. Based on a short range Bluetooth signals, an EC P-224 encryption, and an end-to-end encrypted manner using iCloud Keychain, Find My app is probably the first application broadcasting a large number of anonymous public key on this scale. Hence, this new Apple's application may introduce a revolution in secret communication, if we divert it from its primordial use and transform it into a powerful tool to put in the hands of whistleblowers. By using Find My app and an entity authentication protocol based on artificial intelligence, our goal is to make mass surveillance and kleptographic backdoors ineffective in the lifting of the whistleblower's anonymity. However, in some case, Find my app may also be a powerful tool in the hands of dictatorships governments in their fight against whistleblowers and political adversaries. Thus, the aim of this paper is to show with simple examples, how these two previous situation can happen.

Cryptography and Security

Hui Xu,Yangfan Zhou,Cuiyun Gao,Yu Kang,Michael R. Lyu

DOI: https://doi.org/10.1109/issre.2015.7381828

2015-01-01

Abstract:A new security problem on smartphones is the wide spread of spyware nested in apps, which occasionally and silently collects user's private data in the background. The state-of-the-art work for privacy leakage detection is dynamic taint analysis, which, however, suffers usability issues because it requires flashing a customized system image to track the taint propagation and consequently incurs great overhead. Through a real-world privacy leakage case study, we observe that the spyware behaviors share some common features during execution, which may further indicate a correlation between the data flow of privacy leakage and some specific features of program execution traces. In this work, we examine such a hypothesis using the newly proposed SpyAware framework, together with a customized TaintDroid as the ground truth. SpyAware includes a profiler to automatically profile app executions in binder calls and system calls, a feature extractor to extract feature vectors from execution traces, and a classifier to train and predict spyware executions based on the feature vectors. We conduct an evaluation experiment with 100 popular apps downloaded from Google Play. Experimental results show that our approach can achieve promising performance with 67.4% accuracy in detecting device id spyware executions and 78.4% in recognizing location spyware executions.

Lauren R. Pace,LaSean A. Salmon,Christopher J. Bowen,Ibrahim Baggili,Golden G. Richard

DOI: https://doi.org/10.1016/j.fsidi.2023.301559

2023-07-01

Abstract:The rise in popularity of personal Bluetooth trackers has incited a need for forensic analysis tools that aid law enforcement in artifact recovery. With 40 million Tile devices reportedly sold at the time of writing, Tile trackers are one of the most popular personal Bluetooth trackers. This growth has not been without consequence, as reports of Bluetooth trackers being used for malicious activities have also escalated. Our work presents a forensic analysis of the Tile ecosystem and the Tile application on iOS, Android, and Windows. This analysis revealed valuable forensic artifacts that contained a diverse set of sensitive user data, including SQLite databases, XML files, cache files, and event logs. This data included information such as geolocation coordinates from the previous 30 days. As part of our analysis process, we developed an open-source tool capable of parsing these forensic artifacts from the Tile application: Tile Artifact Parser (TAP). TAP parses SQLite databases and virtual memory files, mapping geolocation coordinates and linking them according to timestamps. The ability to quickly and efficiently parse and map these location points provides valuable information in an investigation. TAP also aids investigators by detecting potentially spoofed data and flagging it. The robustness of TAP was tested to ensure its effectiveness and behavior in cases of incomplete or missing data.

computer science, information systems, interdisciplinary applications

Soteris Demetriou,Nan Zhang,Yeonjoon Lee,Xiaofeng Wang,Carl Gunter,Xiaoyong Zhou,Michael Grace

DOI: https://doi.org/10.48550/arXiv.1703.01537

2017-03-04

Cryptography and Security

Abstract:A new development of smart-home systems is to use mobile apps to control IoT devices across a Home Area Network (HAN). Those systems tend to rely on the Wi-Fi router to authenticate other devices; as verified in our study, IoT vendors tend to trust all devices connected to the HAN. This treatment exposes them to the attack from malicious apps, particularly those running on authorized phones, which the router does not have information to control, as confirmed in our measurement study. Mitigating this threat cannot solely rely on IoT manufacturers, which may need to change the hardware on the devices to support encryption, increasing the cost of the device, or software developers who we need to trust to implement security correctly. In this work, we present a new technique to control the communication between the IoT devices and their apps in a unified, backward-compatible way. Our approach, called Hanguard, does not require any changes to the IoT devices themselves, the IoT apps or the OS of the participating phones. Hanguard achieves a fine-grained, per-app protection through bridging the OS-level situation awareness and the router-level per-flow control: each phone runs a non-system userspace Monitor app to identify the party that attempts to access the protected IoT device and inform the router through a control plane of its access decision; the router enforces the decision on the data plane after verifying whether the phone should be allowed to talk to the device. Hanguard uses a role-based access control (RBAC) schema which leverages type enforcement (TE) and multi-category security (MCS) primitives to define highly flexible access control rules. We implemented our design over both Android and iOS (>95% of mobile OS market share) and a popular router. Our study shows that Hanguard is both efficient and effective in practice.

Konrad Kollnig,Anastasia Shuba,Reuben Binns,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.2478/popets-2022-0033

2022-03-03

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children’s category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children’s location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children’s apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.

Jiacheng Shang,Si Chen,Jie Wu,Shu Yin

DOI: https://doi.org/10.1109/tmc.2020.3007740

IF: 6.075

2022-02-01

IEEE Transactions on Mobile Computing

Abstract:Augmented reality (AR) applications that overlay the perception of the real world with digitally generated information are on the cusp of commercial viability. AR has appeared in several commercial platforms like Microsoft HoloLens and smartphones. They extend the user experience beyond two dimensions and supplement the normal 3D world of a user. A typical location-based multi-player AR application works through a three-step process, wherein the system collects sensory data from the real world, identifies objects based on their context, and finally, renders information on top of senses of a user. However, because these AR applications frequently exchange data with users, they have exposed new individual and public safety issues. In this paper, we develop ARSpy, a user location tracking system solely based on network traffic information of the user, and we test it on location-based multi-player AR applications. We demonstrate the effectiveness and efficiency of the proposed scheme via real-world experiments on 12 volunteers and show that we could obtain the geolocation of any target with high accuracy. We also propose three mitigation methods to mitigate these side channel attacks. Our results reveal a potential security threat in current location-based multi-player AR applications and serve as a critical security reminder to a vast number of AR users.

computer science, information systems,telecommunications

Paul-Olivier Dehaye,Joel Reardon

DOI: https://doi.org/10.1145/3411497.3420219

2020-09-14

Abstract:Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks. We further present a novel attack, which we call a biosurveillance attack, which allows the attacker to monitor the exposure risk of a smartphone user who installs their app or SDK but who does not use any contact tracing system and may falsely believe that they have opted out of the system. Through traffic auditing with an instrumented testbed, we characterize precisely the behaviour of one such SDK that we found in a handful of apps---but installed on more than one hundred million mobile devices. Its behaviour is functionally indistinguishable from a re-identification or biosurveillance attack and capable of executing a false positive attack with minimal effort. We also discuss how easily an attacker could acquire a position conducive to such attacks, by leveraging the lax logic for granting permissions to apps in the Android framework: any app with some geolocation permission could acquire the necessary Bluetooth permission through an upgrade, without any additional user prompt. Finally we discuss motives for conducting such attacks.

Cryptography and Security

Konrad Kollnig,Anastasia Shuba,Reuben Binns,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.2478/popets-2022-0033

2021-12-20

Abstract:While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children's category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children's location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children's apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.

Cryptography and Security,Computers and Society