| Smartphones are more popular and capable than ever, and have become an indispensable part of people's lives. Not only are smartphones replacing many tasks previously performed on desktop computers, but their ability to determine the location and activity of the user has enabled new features and functionality. With the time spent online shifting from desktops to mobile devices, mechanisms for protecting user privacy are presented with both opportunities and risks.;We first tackle user privacy in the context of sensor rich environments. Rich sensing devices equipped with microphones and cameras are becoming pervasive as they are deployed in everyday environments such as homes, offices and public spaces. At the same time, people increasingly find themselves with limited ability to determine what kind of data is being collected about them and how the data is being used. Openness and transparency serve as our guiding principles for the Sensor Tricorder, a system that enables people to query third party sensors with their smartphones in order to learn about their data collection activities and policies. In this dissertation, we describe the design and implementation of the Sensor Tricorder system.;Next, we take on the challenge of enabling user anonymity without the expense of user credibility. Trustworthiness and anonymity are both desirable properties on the Internet. However, online services and users often have to make the trade off due to the lack of usable frameworks for achieving them both. We develop Opaak, a practical authentication framework that provides users with anonymity while simultaneously giving online services the ability to detect abusive behavior from untrustworthy users. Opaak leverages the smartphone together with advanced cryptographic techniques in order to achieve this. In this dissertation, we describe Opaak's protocols, deployment architecture, implementation and evaluation.;Lastly, as with most technology, smartphones do not come without risks. The ubiquity of smartphones is in part, due to the thriving ecosystem of third party apps for popular platforms. Mobile apps have become pervasive, but the set of apps installed by a user has generally not been considered privacy sensitive information. We contradict this notion by proposing and demonstrating a new technique for fingerprinting users based on their selection of apps. In this dissertation, we describe the new fingerprint and evaluate its effectiveness in terms of uniqueness and stability. Our evaluation is based on real world data we collected from a tier-1 U.S. cellular service provider. |
