Celebrating Data Privacy, Every Day
On Data Privacy Day, INI security students weighed in on the debate over app data and shared some advice on "owning your privacy" online.
By Jessica Shirley
& Deana Lorenzo
Media InquiriesData Privacy Day – observed on January 28 – is a global effort to build awareness about the importance of respecting privacy, safeguarding data and enabling trust.
At the Information Networking Institute (INI), a team of students and alumni collaborated with INI Professor Hanan Hibshi on a project focused on app privacy. Their findings offer timely and valuable insight into what users can do to “own” their online presence and secure their personal data.
"During this research internship at the INI, I had the chance to work with Dr. Hanan Hibshi and collaborate with a great team of graduate students," said Maryam Aldairi, a Ph.D. student in Informatics and Networked Systems at the University of Pittsburgh. "This experience has provided me with multiple opportunities to explore critical research topics and expand my horizon to conduct new research methods."
For the INI students, this project provided real-world context to the subjects they learned in class. "A valuable result of this research is my increased knowledge of security in practice," said Marjan Salamati-Pour, an M.S. in Information Security (MSIS) alumna. "Many of my classes have had us read research papers to explain general concepts, but my research experience gave me an in-depth focus."
For bicoastal information security student Arjun Brar, the project was a chance to explore a different aspect of privacy. "My focus so far has been on the technical side of security - how to exploit the applications - and this project has allowed me to take a step back from the technical aspect and zoom out from 'what are they doing' to 'why are they doing this?'," he said.
The Big Data Debate: What's going on with WhatsApp?
In early January 2020, users of the popular messaging app WhatsApp received a user policy update that spurred a new wave of debate over app usage and data privacy. The update listed new terms of use that raised concerns about sensitive profile information being shared with WhatsApp’s parent company, Facebook.
“What changed is the privacy policy,” explained Professor Hibshi. “Now a user must either agree to sharing data, or leave the app.”
What do these new terms mean for WhatsApp users? "Their data and private conversations will not be shared with Facebook," said Aldairi. "However, data can be used to harvest more information for the purpose of Facebook using this data to improve its products or ads."
This is not the first time Facebook’s access to user data has been the subject of public scrutiny. “[Data sharing] is possible through multiple ways,” said Hibshi. While end-to-end encryption on WhatsApp means protection of data-in-transit (moving in the network), she explained, it does not address data-at-rest—meaning data stored on the device itself.
"This does not mean that users shouldn't be concerned while trading their data online," said Aldairi. "Instead, they should consider the possibility of their data being used, now or in the future, before using an app or online service."
According to a Pew Research Center study, 79% of U.S. adults report being concerned about the way their data is being used by companies.
“Who has access to your information should be a decision that you make, rather than a decision that companies make for you,” said Brar. “The difficult part comes in getting the information you need to make that decision.”
He noted that Apple has rolled out major privacy changes with iOS 14, including the launch of new privacy labels in the App Store. Users can now see how iOS apps collect and use data in three categories: “data used to track you,” “data linked to you,” and “data not linked to you.”
“I think that the WhatsApp case received public attention specifically because of the new changes rolled out in iOS 14,” he added. “With information on what is collected readily available on the App Store, it's easy to compare apps to other alternatives.”
"Who has access to your information should be a decision that you make, rather than a decision that companies make for you."
What Does This Mean for Businesses?
The WhatsApp debate demonstrates the need for transparency and trust-building when it comes to user privacy issues.
“Concern about privacy is a major trend that will continue to grow as users evaluate whether their data might be unsafe or leaked when using apps,” said bicoastal mobility student Kuixi Song. “I think this will push the companies to make more clear, transparent statements and terms and conditions to assure users, as well as refrain from abusing users’ data.”
How to “Own Your Privacy”
Pay Attention to Privacy Policy Updates
“App users should pay attention to new policy updates and not accept them right away. I understand many do not include user-friendly language but in an ideal world, I believe the users should look at high-level details and seek out news sources about how it impacts their privacy.” - Akanksha Bubber, MSIS Alumna
Understand the Terms & Conditions
“Users should scrutinize the Terms & Conditions in each app, and follow the news about updates on these apps. You never know whether the companies are doing something you don’t expect if you don’t read these documents, and you may ‘agree’ to something that you actually don’t.” - Kuixi Song, MSIT-MOB Student
Stay Ahead of the Curve
"Given the changing information and the constantly shifting landscape of applications, websites like tosdr.org can help you remain up-to-date on Terms of Service for the applications and websites you use.” - Arjun Brar, MSIT-IS Student
Manage Your Privacy Settings
“I recommend users carefully choose the apps they download, the information they give out, and try to be more conscious of what data is being collected for the apps they do use. For example, the permissions you give an app in settings can be reviewed periodically and set by the user to their comfort level.” - Marjan Salamati-Pour, MSIS Alumna