Privacy

Ashkan Soltani introduces MobileScope, an innovative approach to online privacy

There's a lot of debate taking place on how to guarantee online privacy -- but few user-ready solutions. Michael Kassner talks to Ashkan Soltani about a new tool called MobileScope that may change that.

Online privacy is a major concern, and the focus of considerable effort by security experts -- including Ashkan Soltani. Today, I'm interviewing Ashkan as he'd like to share news about a new privacy platform.

Before getting to his news, I wanted to ask Ashkan about his part in the Wall Street Journal's "What They Know" investigative series -- several articles focused on mobile-device privacy concerns. Kassner: Ashkan, you helped the Wall Street Journal test several mobile-device apps to determine what information they collected. The test results are uniquely displayed in an interactive tool depicted below. In the example, the Dictionary.com app is sending the phone's ID number to Google/DoubleClick.

Why is sending information to third-party vendors like Google/DoubleClick a bad thing?

Soltani: First off, most users probably do not realize their information is being transmitted to third parties -- who they've never heard of or had a relationship with. Since there's little transparency on these platforms, it's unlikely anyone would know.

Second, these third parties often receive extremely sensitive information, such as your precise location information (latitude/longitude) and your device identifier, which is persistent for the life of your device and can often be tied to your actual identity.

Most of the platforms do provide some notice that an application is accessing your location information. However, you still have no idea what third parties besides the app developer actually receive this information. I actually discuss this at length in my Senate testimony.

MobileScope

KassnerAshkan. You, Dave Campbell (founder of Electric Alchemy), and Aldo Cortesi (security consultant) created MobileScope as a way to preserve online privacy. What are your expectations for MobileScope? Soltani: We built MobileScope as a proof-of-concept tool that automates much of what we were doing manually; monitoring mobile devices for surprising traffic and highlighting potentially privacy-revealing flows. The graphic below is third-party application traffic, viewed via Collusion.

Unlike PCs, we have little control over the underlying privacy and security features of our mobile devices. They come pre-installed with locked-down operating systems that often restrict their owners from exercising meaningful control unless they're willing to void their warranty and jailbreak the device.

Our current plans are to release MobileScope in the coming weeks and allow interested consumers, developers, regulators, and press to see what information their mobile devices can transmit.

We also experimented with "privacy control" tools to demonstrate how you can filter out certain activities and regain control over your privacy; eventually adding SSL Certificate Pinning, HTTPS Everywhere, AdBlock Plus, Do Not Track headers, and data blocking/spoofing -- similar to Google Sharing.

We haven't thought much beyond that. There are a few possibilities including building a central application-reputation database or a hosted "privacy protecting service" for consumers.

Kassner: In this Wall Street Journal video, you mentioned that MobileScope is flexible enough to block specific permissions. Up until I heard that, the only option I knew of was to not load the app. Do I understand correctly? Soltani: Yes that's right. We modeled it after projects like Google Sharing, allowing users to block or even "spoof" transmission of their sensitive information such as email address, UDID, or location information. We can restrict location transmission only to certain geographic areas, similar to Flickr's privacy geo-fencing feature. Kassner: Also in the video, you mentioned a side benefit of MobileScope is reducing unwanted data usage. It seems advertising uses a significant amount. How much are we talking about? Soltani: We added this feature right at the end and in quick tests it appeared that five to ten percent of your mobile traffic could be construed as ad-related content. This isn't a huge deal until you consider how mobile data plans are increasingly including "data caps."

You can view what portion of your traffic is ad content, or block ads completely using an AdBlock Tracking Protection List.

Kassner: I'm not a big fan of free apps and their advertising, but I know several app developers. Isn't MobileScope going to adversely affect them? Soltani: Well, I think it's about creating an environment where the value exchange is apparent to the user. It's one thing to say "Hey, this app is free." It's another to realize by using an app, you're revealing sensitive information to unknown third parties, plus paying for all the underlying ad traffic.

I think as this ecosystem evolves, we need to come up with ways where the underlying value exchange is clearly understood by all parties.

Kassner: I was surprised to hear you mention, "The amount of tracking on paid apps was as much as unpaid apps." I and many others were under the assumption if we paid for the app, that was not the case. Would you provide more details on what you have found? Soltani: We actually tested paid and unpaid versions of the same apps in the original Wall Street Journal "What They Know" apps story. For the most part, there was no significant privacy benefit to using the paid version. As the paid apps included the same third-party ad or analytic libraries and transmitted information to those parties.

This seems contrary to the common belief that "if the app is free, you're the product being sold." In our findings, that was not the case.

Kassner: I recently wrote about TaintDroid, a mobile-device app similar to MobileScope. It also monitors what information leaves the mobile device. But TaintDroid requires the mobile device to be rooted. I did not hear any mention of that requirement for MobileScope. How is MobileScope set up? Soltani: MobileScope is not installed on the mobile device. Think of MobileScope as a portal or a proxy server. You sign up on a web site and the portal runs in the background. You use an app and the portal watches what the app does, reporting on what information is sent and where. It also can restrict what is sent. Kassner: When will we be able to start using MobileScope? Soltani: We're looking to release a limited beta by the end of May. Here is a signup page if you want to be part of the pre-release.

Final thoughts

I asked one final question of Ashkan. With your intense regard for personal privacy, what do you say to people who don't care if their contact information is sent to third-party ad networks. His response, "I'm working on why they should care right now. That's another interview."

I wanted to congratulate Aldo, Ashkan, and Dave. MobileScope won the Wall Street Journal's 2012 Data Transparency Award. And thank you Ashkan for your dedication and help with this article.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

9 comments
OldGuru
OldGuru

Is the traffic monitored and filtered by the portal's JavaScript running on the phone or by MobileScope servers acting as proxy? In the latter case, we may just be shifting our privacy woes away from app vendors and trust a single entity with [i]ALL[/i] our traffic.

authorwjf
authorwjf

I appreciate knowing that someone is out there keeping up with all the latest and greatest innovations and threats in the field of mobile security. MobileScope is yet another step down the path of taming the digital wild west that is the current world of mobile computing. As both a developer and a user of mobile computing, I think the key to solving this problem in the best interest of all parties is summed up in one word: transparency. Users, developers, and even advertisers are all capable of making "the right" decisions when all parties are well informed. Sounds to me like that is the goal of MobileScope and in my mind its an admirable and attainable goal. I look forward to trying the beta!

Michael Kassner
Michael Kassner

New post: Ashkan Soltani and two fellow researchers have created a way for us to control who gets what information from our mobile devices.

Michael Kassner
Michael Kassner

Our service runs server-side (i.e as a proxy server) and yes, you have the option of tunneling all of your traffic through it. The concept of managed security services isn't new and we've essentially extended it to 'managed privacy services'. The fact of the matter is, you already trust a great many parties in the ecosystem. Your ISP gets too see 'ALL' of your traffic as do browser extensions (which are sometimes malicious). The thinking here is that you trust ONE entity (us) and that entity is responsible for deploying best of breed privacy/security techniques on your behalf. You of course have the option to only selectively route traffic (i.e to simply test application privacy on a test device) or disable SSL filtering. However, it's up to the user. We've also taken steps to ensure that we don't inadvertently expose ourselves to your data, such as breaking out each instance into its own Virtual Machine and encrypting sensitive data in memory.

Michael Kassner
Michael Kassner

I will pass it along to Ashkan and get back to you as soon as I can. Thanks.

Michael Kassner
Michael Kassner

I hope it's easy to use, especially since we are in charge of what happens using MobileScope.

bboyd
bboyd

At the word spoof. If I can spoof my data I don't care who uses it.

OldGuru
OldGuru

Comparing a proxy server with a browser extension is a bit off the mark as whoever uses a browser extension has the opportunity to monitor its behavior. But the comparison with an ISP is a valid one with the exception that no one can do without an ISP. At the end, as you said, it all boils down to the question of trust. I congratulate Ashkan on this great project. I am sure with the vision demonstrated in this project, Ashkan and other innovators will come up with solutions that will gradually minimize the need for trust.

Michael Kassner
Michael Kassner

That particular comment caught my attention as well. It showed me that Ashkan and the others understand the situation and are looking "outside the box" to find a solution that will work right now.

Editor's Picks