Data Privacy Management in Public Environments

Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 Article Data privacy management in public environments Hugo Lopes 1, Valderi R. Q. Leithardt 1,4, 5,*, Ivan Miguel Pires 2,3, Raúl García-Ovejero 6 and María Navarro-Cáceres 6, Computer Science Department, Universidade da Beira Interior, 6201-001 Covilhã, Portugal; lopeshma@gmail.com (H.L.); 2 Instituto de Telecomunicações, Universidade da Beira Interior, 6201-001 Covilhã, Portugal; impires@it.ubi.pt (I.M.P.) 3 Computer Science Department, Polytechnic Institute of Viseu, 3504-510 Viseu, Portugal 4 Laboratório de Sistemas Embarcados e Distribuídos (LEDS), Programa de Mestrado em Computação Aplicada (MCA), Universidade do Vale do Itajaí – Univali, Brasil; valderi@univali.br (V.L.) 5 COPELABS, Universidade Lusófona de Humanidades e Tecnologias, Lisboa, Portugal. 6 Expert Systems and Applications Lab, Faculty of Science, University of Salamanca, Plaza de los caídos s/n, 37008 Salamanca, Spain; raulovej@usal.es (R.G.-O), maria90@usal.es (M.N.-C.); * Correspondence: valderi.leithardt@ubi.pt: (V.L.) 1 Abstract: The mobile devices caused a constant struggle for the pursuit of data privacy. Nowadays, it appears that the number of mobile devices in the world is increasing. With this increase and technological evolution, thousands of data associated with everyone are generated and stored remotely. Thus, the topic of data privacy is highlighted in several areas. There is a need for control and management of data in circulation inherent to this theme. This article presents an approach of the interaction between the individual and the public environment, where this interaction will determine the access to information. This analysis was based on a data privacy management model in public environments created after reading and analyzing the current technologies. A mobile application based on location via Global Positioning System (GPS) was created to substantiate this model, which it considers the General Data Protection Regulation (GDPR) to control and manage access to the data of each individual. Keywords: Data Privacy; Mobile devices; Environment Privacy; General Data Protection Regulation (GDPR). 1. Introduction Mobile devices are increasingly present in the daily lives of each individual, and they considered it essential for their daily activities. Each machine is a source of private information about the individual who owns it and who surrounds it. As these data are considered to belong to the individual, collection and treatment cannot be carried out without the consent of the individual. Based on this assumption, the processing and collection of private data in a non-consensual way, damages and violates your privacy and may cause damage to it [1]. The sharing of any data depends on the individual's perception and willingness to share such private data, respecting the privacy preferences of each individual, which is the primary motivation of the study [1]. As a primary objective, a data privacy management model was created in public environments based on the comparison and study of state of the art in and considering the comparison of existing solutions. After this comparison, the mobile application representing the public data management and privacy model will be presented. The proposed model contributes to the analysis of all environmental situations with the technology involved, and it guarantees a correct treatment of their data. This paragraph ends the introduction. Section 2 presents the background of the proposed solution. The materials are presented in section 3, showing the requirements in section 4. Next, Section 5 offers the details about the implementation. The validation of the solution was introduced © 2020 by the author(s). Distributed under a Creative Commons CC BY license. Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 in section 6. Finally, the discussion of the results is presented in section 7, ending with the conclusions in section 8. 2. Background Data privacy has had a vast prominence in society. Several approaches are taken to realize the dream of one day. There could be a world in which there is a real state of privacy for the individual. For such privacy to exist, it is necessary to take into account aspects such as the individual's behaviour, existing technologies, political, economic and social limits [2]. Mobile devices are one of the most significant sources of information about each individual, as they reflect habits, tastes and characteristics related to each one. Considering that mobile devices have such data, there is a need to control and manage how this dissemination is done [1]. 2.1. Comparison with prior work For the elaboration of the privacy management model in public environments, we analyzed the related work developed between 2017 and 2020. The related works examined were: • State of the art on Privacy Risk Estimation Related to Android Applications [3]; • Introducing Privacy in Screen Event Frequency Analysis for Android Apps [4]; • Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem [5]; • Analyzing Android App Privacy with GP-PP Model [6]; • GUILeak: Tracing Privacy Policy Claims on User Input Data for Android Applications [7]; • IoT Big Data Security and Privacy Versus Innovation [2]; • PAU: Privacy Assessment method with Uncertain Consideration for cloud-based vehicular networks [8]; • UbiPri – Middleware para Controle e Gerenciamento de Privacidade em Ambientes Ubíquos [9]. A comparison was obtained between the model performed and the related works considered. In Table 1, we can see that the related works are related to data privacy considering the following approaches, such as user, application, generalized environment and public environment. Thus, the following definitions will be found: • Address: the work addresses the requirement addressed; • Not address: the work does not address the requirement; • Not described: No information was found about the requirement addressed; • Under Development: The requirement is still under development. It is usually pointed out frequently in tests, validations, results obtained or future work. Table 1. Relation between data privacy approaches and the different studies. Study: Data Privacy Approaches: May et al. [3] User: Address Application: Address Generalized environment: Not described Public environments: Not described Zhang et al. [4] Liu et al. [5] Address Address Address Address Not described Not described Not described Not described Kesswani et al. [6] Wang et al. [7] Address Address Address Not address Not described Not described Not described Not described Sollins et al. [2] Feng et al. [8] Address Not described Not address Address Address Not described Not described Not described Leithardt et al. [9] This study Address Address Address Address Address Address Not address Address Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 After comparison, we can verify the approaches considered about the data privacy, where the authors' focus was centred on the user and the application. On the other hand, concerning the specific public environment, previous works do not describe or address the theme, so we can verify that the work elaborated has this aspect as its main contribution. 2.2. Comparison with other solutions The following solutions were analyzed to understand its relation to the subject of this analysis: • MoveWithMe [10]; • Priser [11]; • ShiftRoute [12]; • SieveDroid [13]; • UbiPri [9]. Thus, Table 2 shows the implementation of local privacy, mobile devices, and geolocation in the different solutions available in the literature. Table 2. Relation between the implemented features and the applications. Applications: Approaches: Local Privacy: Mobile devices: Geolocation: MoveWithMe [10] Priser [11] Yes Yes Yes Yes Yes Yes ShiftRoute [12] SieveDroid [13] Yes No Yes Yes Yes No UbiPri [9] This study Yes Yes Yes Yes Yes Yes The solutions presented in Figure 2 are distinct between then, but they have the common purpose of contributing to the privacy of users' data. The approach of data privacy in the environment is highlighted in each solution, where these solutions generally use location-based services for mobile devices. 3. Materials 3.1. Definition of management method for privacy in public environments Based on the comparison of the state-of-the-art related to the literature and existing implemented solutions, a model was developed for the data privacy management in public environments with the definition of the following categories: • Unrestricted Public Environment: Environment without time restrictions or access control; • Temporarily Unrestricted Public Environment: Time-restricted environment without access control; • Public Environment of Semi-Restricted Access: Environment without time restriction but with access control; • Public Restricted Access Environment: Time-restricted environment with access control. Table 3 presents some examples of public environments related to different categories that are generally attributed. The assignment of a category to a given environment depends on legal factors and rules inherent to it. Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 Table 3. Relation between types and environment categories. Public Environments: Unrestricted Public Environment: Temporarily Unrestricted Public Environment: Public Environment of Semi-Restricted Access: Public Restricted Access Environment: Garden Public highway Square Yes Yes No No No No No No Yes No No No Shopping centre No Yes No No Gallery Parking No No Yes Yes No No No No Trade point Service No No No No No Yes Yes No Institution No No No Yes Categories: 3.2. Definition of individual profiles The proposed model focuses on the interaction between the individual and his/her environment. Thus, the following definitions of individual profiles were considered: • Levels 1, 2 or 3: The user only has access to the information given by her/his environment; • Level 4: The Administrator is a user that can access the information provided by the category of his/her environment. This user can also perform operations on the information as well as the users. Regarding the mentioned profiles, for all of them, it will be the environment to determine the access to information. 3.3. Definition of types of information A direct relationship was made with the category of the environment to define the types of information that a user can access. Thus, as presented in Table 4, the following levels were defined: • Level 1: Information given by the Unrestricted environment; • Level 2: Information provided by the Unrestricted and Temporarily Unrestricted environment; • Level 3: Information provided by the Unrestricted, Temporarily Unrestricted and SemiRestricted environment; • Level 4: Information given by the Unrestricted, Temporarily Unrestricted, SemiRestricted and Restricted environment. Table 4. Relation between the access level of information and environment categories. Categories: Public Environments: Unrestricted Level 1 Yes Level 2 No Level 3 No Level 4 No Temporarily Unrestricted Semi-Restricted Yes Yes Yes Yes No Yes No No Restricted Yes Yes Yes Yes Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 4. Requirements 4.1. Functional Requirements After authentication, the user will have the possibility to view information, manage users and manage the existing information. Regarding the user management, it also includes the option of managing users. Finally, information management consists of the possibility to manage different information. The main functional requirements are: • A user with level 4 or Administrator can manage other users and application data; • A user from level 1 to 3 can check the application data; • The data query has access mechanisms by location and time. 4.2. Non-functional requirements The non-functional requirements are: • The user must be registered to perform authentication; • Only a user with level 4 can manage other users, and application data; • For any user to consult any application data, they will have to authorize the location permission; • The mobile application requires access to the device's location; • Installing the application on the mobile device requires 4 Megabytes plus the space of data stored by the mobile application; • The minimum version of Application Programming Interface (API) for the application is 23, which corresponds to Android version 6.0 (Marshmallow). 5. Implementation The implementation of the Application Layout was carried out using a purely guiding outline. The implementation decisions were influenced by the different needs, which led to the constant modification of this outline. The main goal was to make operations logical and straightforward. In the implementation of the layout, the Extensible Markup Language (XML) was used, using the Android Studio IDE. 5.1. Registration It was necessary to create a record where the fields name, password, description and a profile level (from level 1 to 4) are filled into the user to have access control to the login application. When an attempt is made to register a user, in turn, the fields are checked before being entered in the local database, to ensure that there are no repeated users. The methods used for this purpose are called insertData and addData. The first is in the activity that controls the DataBaseHelper Database, while the second is in the Registration activity, called RegisterActivity. In the RegisterActivity, it is also possible to edit or delete users. The updateData and updateUser functions are used to modify the user's data. The first is in the RegisterActivity activity and the second in the DataBaseHelper. Finally, to be able to delete a user, the functions deleteData and deleteUser are used. The first is found in the class assigned to the registration of the user RegisterActivity and the second in the activity DataBaseHelper, aimed at controlling the database. 5.2. Authentication Regarding the implementation of the authentication process, presented in Figure 1, it includes the verification of the fields introduced when registering the user. This process takes place in the LoginActivity activity. The functions used for this purpose are called checkLogin and validate. The first is in the class that controls the database called DataBaseHelper, while the second is located in the Login activity called LoginActivity. Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 Figure 1. Login screen. 5.3. Data management In the AdminActivity activity, the users with level 4 can manage other users, insert, edit and remove data in the application and have access to the data query activity. The UserActivity for the remaining levels also allows connection to the activity where the information is contained. When the user enters InformationActivity for the first time and has the GPS turned off, they are asked to be activated. If the user refuses, he is prevented from proceeding and redirected to the previous activity, where he will have to repeat the process. Finally, if the user allows access and the Global Positioning System (GPS) is active, the application will obtain the current location, given by latitude and longitude, thus allowing it to remain in the activity. After getting the location of the device, the application only allows access to the data if the user is within an existing location in the database, at a maximum distance (radius in meters) defined for each location point. If the user checks this condition, considering the category of the environment, he will see different types of data, as visible/invisible buttons, that have been implemented for this purpose. Finally, for each type of information belonging to a specific category of environment, there may be a need to be accessed at a time defined in the application. This check is done using the device's date/time using the Calendar class. Figure 2 shows the management screen related to the users and information. Next, Figure 3 shows the information retrieved by the mobile application. In figure 3, it is possible to verify that the user was in a Restricted Access category location, approximately, where he/she is ten meters from the point defined by latitude and longitude in the database. Finally, Figure 4 shows the working machine used connected in real-time to the mobile testing device. Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 Figure 2. Management of information and users. Figure 3. Information retrieved. Figure 4. Testing environment of the mobile application. Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 6. Validation 6.1. Test Cases Some of the application tests were done through real situations in different public environments. For a better understanding, the main tests performed were: • Registration/Authentication ➔ To test the functioning of the user registration/authentication, users with different permission levels were created. In the first attempt to register a new user, the field "name" was placed equal to that of an existing one in the database, and the application prevented registration. In the second attempt to register a new user, the "name" field was placed differently from that of an existing one in the database and the application successfully registered. After the user was introduced, when the authentication attempt was made, a user verification was performed in the database. In the first attempt, the user existed in the database, and the application saved the permission level, so the user was redirected to the activity corresponding to his permission level. In the second attempt, as the user's existence in the database was not verified, he was prevented from entering any activity; • Location ➔ To ensure that the user can only consult the data within a location defined by the application, the coordinates of an "A" location have been inserted away from the device's position and a maximum distance delimited to which it could have been bound. As this distance did not reach the current location of the device, he was not allowed to view any data access button. To test the contrary case, the user walked towards the location "A" defined by the application. As the user walked towards location "A", the application would automatically update its location and check if the place it was in was within the maximum distance from location "A". As there was a match, the buttons became visible, and the corresponding data could be viewed depending on the location's permission. For the tests described above to be possible, first, the application asked for permission to access the device's location, it was refused, and the user was prevented from proceeding and redirected to the previous activity corresponding to his permission level. The same attempt was made again, and when requesting access to the device's location, it was accepted, and the GPS was not active, so he was asked for permission to activate it. The user refused and was immediately prevented from proceeding and redirected to the previous activity where he had to repeat the process previously described until all conditions were met. In the last attempt, the conditions were all checked, and the user managed to remain in the information query activity; • Data consultation time ➔ To ensure that the user could only consult the data at a specific time (day of the week and time), for a particular type of information (information buttons) different consultation times were introduced. The test was done for two different kinds of information, in the first, a consultation time was added outside the time the device was in, the second type of information was within the consultation time imposed by the device. As the first type of information was outside the schedule imposed by the application, it prevented the user from consulting information. Finally, as the second type of data was within the limit imposed by the application, it allowed data to be asked. 6.2. Performance tests Android Profiler [14] was used to test the application's performance, a tool for monitoring the real-time performance of the application provided by Android Studio [15]. This tool focuses on monitoring the application in the following aspects: • Energy consumption through the Energy Profiler [16]; • Memory allocation from Memory Profiler [17]; • CPU activity through the CPU Profiler [18]; Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 Figure 5 shows the global chart that evaluates each of the existing components in Android Profiler [14] mentioned above. Figure 5. General chart of application performance at run time. The previous figure shows the general chart of performance tests performed on the representative application of the data privacy management model in public environments. It is possible to see low energy consumption, low processor usage and a small memory allocation. 6. Discussion Based on the comparison of state of the art referring to Table 1, it can be seen that the elaborated work contributes to an improvement in data privacy since, in addition to making the relationship between the individual and information, it addresses the public environment in which the individual is inserted. In this way, with the categorization carried out, it is possible to determine which are the most critical public environments where there should be a different treatment of the information of each individual. From this categorization, it is also possible to define what type of information will be made available in each environment, thus having a direct relationship between the environment and information. In this way, we will see an improvement in the management of the individual's privacy in public environments. The implementation referring to the chapter where software engineering is described using use case diagrams and activity diagrams has as focus the use of GPS and permission to access the user's location. From the test scenarios within a set of public environments, it reflects the functioning and response of the application to changes in context. Thus, it is possible to obtain real results on the interaction with the individual. Finally, we can conclude through tests performed using the Android Profiler tool [14] that satisfactory results were obtained in terms of the use of computational resources and energy consumption. 7. Conclusions This project consisted of the elaboration of a data privacy management model focused on the public environment, for this purpose a mobile application was created that uses GPS location and device time as a basis to determine access to information in each location. This model together with other application models related to data privacy can together form a model considered complete that analyzes all situations that occur in the environment in which any technology is inserted and therefore guarantee users a correct treatment of their data. As the study of this theme reached more significant proportions, there was a need to study the central theme in more depth. Consequently, it was concluded that despite the application functioning Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 doi:10.20944/preprints202007.0330.v1 well, issues such as GPS accuracy and energy consumption derived from the use over a long time could limit its operation. In the future, it would be interesting to make some improvements in terms of precision and energy consumption using Bluetooth Low Energy [11], using a database connected to a server for better treatment, exchange and management of information between the database and the application. In addition to the points mentioned, issues such as application security and the use of Artificial Intelligence algorithms could bring improvements in the operation of the application. Author Contributions: Conceptualization, methodology, software, validation, formal analysis, investigation, writing—original draft preparation, writing—review, project administration and editing: H.L and V.L, visualization, writing—review and editing: I.M.P., R.G.-O and M.N.-C. Funding: This work is funded by FCT/MEC through national funds and co-funded by FEDER-PT2020 partnership agreement under the project UIDB/EEA/50008/2020. This work was partially supported by Fundação para a Ciência e a Tecnologia under Project UIDB/04111/2020. Acknowledgements: This work is funded by FCT/MEC through national funds and when applicable co-funded by FEDER-PT2020 partnership agreement under the project UIDB/EEA/50008/2020. (Este trabalho é financiado pela FCT/MEC através de fundos nacionais e cofinanciado pelo FEDER, no âmbito do Acordo de Parceria PT2020 no âmbito do projeto UIDB/EEA/50008/2020). This article is based upon work from COST Action IC1303-AAPELE— Architectures, Algorithms and Protocols for Enhanced Living Environments and COST Action CA16226– SHELD-ON—Indoor living space improvement: Smart Habitat for the Elderly, supported by COST (European Cooperation in Science and Technology). More information in www.cost.eu. Conflicts of Interest: The authors declare no conflict of interest. References 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Leithardt, V.R.Q.; Geyer, C.F.R.; Silva, J.M.S. Controle e gerenciamento de privacidade de dados; Novas Edições Acadêmicas, 2019; ISBN 978-3-8417-1533-3. Sollins, K.R. IoT Big Data Security and Privacy Versus Innovation. IEEE Internet Things J. 2019, 6, 1628– 1635, doi:10.1109/JIOT.2019.2898113. May, Z.E.; Kaffel Ben Ayed, H.; Machfar, D. State of the art on Privacy Risk Estimation Related to Android Applications. In Proceedings of the 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC); IEEE: Tangier, Morocco, 2019; pp. 889–894. Zhang, H.; Latif, S.; Bassily, R.; Rountev, A. Introducing Privacy in Screen Event Frequency Analysis for Android Apps. In Proceedings of the 2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM); IEEE: Cleveland, OH, USA, 2019; pp. 268–279. Liu, X.; Liu, J.; Zhu, S.; Wang, W.; Zhang, X. Privacy Risk Analysis and Mitigation of Analytics Libraries in the Android Ecosystem. IEEE Trans. on Mobile Comput. 2020, 19, 1184–1199, doi:10.1109/TMC.2019.2903186. Kesswani, N.; Lyu, H.; Zhang, Z. Analyzing Android App Privacy With GP-PP Model. IEEE Access 2018, 6, 39541–39546, doi:10.1109/ACCESS.2018.2850060. Wang, X.; Qin, X.; Hosseini, M.B.; Slavin, R.; Breaux, T.D.; Niu, J. GUILeak: tracing privacy policy claims on user input data for Android applications. In Proceedings of the Proceedings of the 40th International Conference on Software Engineering; ACM: Gothenburg Sweden, 2018; pp. 37–47. Feng, X.; Wang, L. PAU: Privacy Assessment method with Uncertainty consideration for cloud-based vehicular networks. Future Generation Computer Systems 2019, 96, 368–375, doi:10.1016/j.future.2019.02.038. Leithardt, V.R.Q. UbiPri : middleware para controle e gerenciamento de privacidade em ambientes ubíquos. UBiPri : middleware control and privacy management in ubiquitous environments 2015. Kang, J.; Steiert, D.; Lin, D.; Fu, Y. MoveWithMe: Location Privacy Preservation for Smartphone Users. IEEE Trans.Inform.Forensic Secur. 2020, 15, 711–724, doi:10.1109/TIFS.2019.2928205. Silva, L.A.; Valderi R. Q. Leithardt; Rudimar S. Dazzi; Silva, J.S. Priser - Utilização De Ble Para Localização E Notificação Com Base Na Privacidade De Dados. 2018, doi:10.5281/ZENODO.1336806. Zhang, P.; Hu, C.; Chen, D.; Li, H.; Li, Q. ShiftRoute: Achieving Location Privacy for Map Services on Smartphones. IEEE Trans. Veh. Technol. 2018, 67, 4527–4538, doi:10.1109/TVT.2018.2791402. Huang, J.; Xiong, Y.; Huang, W.; Xu, C.; Miao, F. SieveDroid: Intercepting Undesirable Private-Data Transmissions in Android Applications. IEEE Systems Journal 2020, 14, 375–386, doi:10.1109/JSYST.2019.2938611. Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 15 July 2020 14. 15. 16. 17. 18. doi:10.20944/preprints202007.0330.v1 Medir o desempenho do app com o Android Profiler Available online: https://developer.android.com/studio/profile/android-profiler?hl=pt (accessed on Jul 10, 2020). Android | The platform pushing what’s possible Available online: https://www.android.com/ (accessed on Jul 10, 2020). Inspecionar o uso de energia com o Energy Profiler Available online: https://developer.android.com/studio/profile/energy-profiler (accessed on Jul 10, 2020). Ver as alocações de heap e memória do Java com o Memory Profiler Available online: https://developer.android.com/studio/profile/memory-profiler (accessed on Jul 10, 2020). Inspecionar atividades de CPU com o CPU Profiler Available online: https://developer.android.com/studio/profile/cpu-profiler (accessed on Jul 11, 2020).