Datenschutzfreundliche Smartphone-Anwendungen ohne Kompromisse (AppPETs)
Motivation
Smartphones and numerous apps support the majority of us in
With the sensitization for IT security also by app developers, the question arises whether typical developers also have sufficient knowledge in use with complex security solutions. Often, developers do not have such knowledge in these areas. Instead, it is recognizable that various developers use often external security libraries with offered complex security methods. But usually, these methods should be parameterized with several parameters, for which expert awareness is required but not available.
Goals
The “AppPETs” project focuses on the development of a privacy library (P-Lib) which offers a set of different security solutions that require minimal security knowledge. Furthermore, the P-Lib will include techniques in which it is feasible to ensure the user’s privacy. Private data should never be transmitted in by externals interpretable forms without the self-determination of the user itself. Here, the P-Lib provides numerous interfaces that an app developer can use to protect the privacy of his future users. Before transmission, data get encrypted, anonymized, pseudonymized or protected by complex privacy-enhanced technologies (PETs) through the use of provided P-Lib interfaces. Within the area of influence of the P-Lib and with this, beyond the sphere of influence of an app developer, the use of interfaces of the P-Lib can cause the user to be informed at run-time, that certain data are intended to be transmitted outside the device (in interpretable form). This is required for scenarios, in which personal data transmission is essential for functionality reasons. But in such cases, the user is i) informed about such a data flow and furthermore ii) able to stop such a transmission before data are sent somewhere.
The fact that there aren’t side channels in which private data are transmitted without agreement of the user or in general without the prior influence of the P-Lib is ensured through a source code-independent audit of an app in the form of a static and dynamic analysis. Privacy-friendly apps will achieve a privacy certificate in order to motivate app developers to develop privacy-friendly.
The project AppPETs is funded by the BMBF as part of the call for data protection: “self-determined in the digital world” from February 2016 to January 2019.
(P-Lib – https://github.com/AppPETs/PLib)