Topic: IoT Privacy (MA)
Title: (Mis)Match of Privacy Consent in Speech Recognition
Forecasts predict that the number of digital voice assistants will exceed the world’s population with more than 8 billion devices by 2024. Whether at our homes, in our cars, or on our smartphones, voice-based systems are on their way becoming a ubiquitous technology that constantly captures and analyzes their surrounding environment.
Legal regulations such as GDPR that defines the processing and storing of personal information from individuals who live in the European Union are a significant gain to prevent private information but it also has to be made sure that these are complied. While there is a large body of research on the vulnerability of automatic speech recognition (ASR) against attacks such as adversarial examples, much work remains to be done when it comes to interpreting and understanding the compliance of privacy consents as specified by the GDPR guidelines. In particular, we still need an extensive investigation into how private user data is handled by ASR systems, and whether they abide by the the GDPR guidelines.
Related work:
- Share First, Ask Later (or Never?) Studying Violations of GDPR’s Explicit Consent in Android Apps
- On the (un)reliability of privacy policies in android apps
- Measuring the effectiveness of privacy policies for voice assistant applications
Topic: Mobile Privacy (BA/MA)
Title: Application of search-based techniques for user data privacy guarantees in mobile apps.
Related work:
Internet of Things (overview)
If you are interested in IoT-related topics, below is a list of relevant papers you can take a look at.
- Finding Software Bugs in Embedded Devices
- FirmAE: Towards Large-Scale Emulation of IoT Firmware for Dynamic Analysis
- Snipuzz: Black-box Fuzzing of IoT Firmware via Message Snippet Inference
- Diane: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices
- ARM-AFL: Coverage-Guided Fuzzing Framework for ARM-Based IoT Devices
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing
- ChirpOTLE: a framework for practical LoRaWAN security evaluation
- Z-Fuzzer: device-agnostic fuzzing of Zigbee protocol implementation
Malware analysis (overview)
If you are interested in malware-related topics, below is a list of relevant papers you can take a look at.
- The Droid is in the Details: Environment-aware Evasion of Android Sandboxes
- Evasive malware via identifier implanting
- Malware dynamic analysis evasion techniques: A survey
- Longitudinal Study of the Prevalence of Malware Evasive Techniques
- Scarecrow: Deactivating Evasive Malware via Its Own Evasive Logic
Mobile Privacy (overview)
If you are interested in privacy-related topics, below is a list of relevant papers you can take a look at.
- Hidden in plain sight: Obfuscated strings threatening your privacy
- Real-time analysis of privacy-(un) aware IoT applications
- Honeysuckle: Annotation-guided code generation of in-app privacy notices
- Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps
- Understanding worldwide private information collection on android
- Investigating user privacy in android ad libraries