As mobile phone users, we are all subject to espionage on a daily basis. We know that. And, with every app we download and use – no matter which one – we explicitly give our consent to this espionage. Whether they’re messengers, games, fitness trainers or the pre-installed health app, they cost nothing. That’s what we think. They “only” cost our data and these are worth cash money for the app and advertising network operators. They know about our whereabouts, preferences for music and films, the shops we visit and what we buy, with whom we chat or phone and for how long. There are hardly any limits to the information about ourselves that we give away voluntarily.
So far, if you didn’t want all this and wanted to protect your privacy, there was only one way: to stay away from the digital world to a large extent. Now, innovative technology from the Karlsruhe Institute of Technology (KIT) and the FZI Research Center for Computer Science can put an end to espionage on our cell phones. Commissioned by the Baden-Württemberg Foundation, researchers have developed an app that protects personal data better while still allowing the unrestricted use of popular but information-hungry applications.
All in one
Many apps only work if you give your consent to everything that the operators want to know, for others, one had to set the permissions individually for each app. Now, the desired settings are possible for all applications with just a few clicks. With one single app. AVARE can be installed on Android devices like an app. It then generates a closed area into which other apps can be packed and which then controls the entire communication between these apps and the operating system.
“We were looking for a way that would allow us to use all applications without restrictions and still have control over our personal data,” says Dr. Gunther Schiefer, head of the Mobile Business working group at the Institute for Applied Informatics and Formal Description Methods (AIFB) at KIT.
For example, it is possible to give apps wrapped in AVARE access to the contacts in the address book, but not to all of the stored information. The phone owner can share only specific contacts and restrict this information to mobile phone numbers, first and last names, for example. “Address or date of birth are not necessary for a chat,” says Schiefer.
Inaccurate and false data to app operators
In addition, AVARE can extend the location information to a radius of several kilometers and disguise the exact location. Thus, a weather app can continue to provide reliable forecasts without knowing the exact location of the user.
And, in the future, AVARE wants to go even further with apps that do not work at all without general access rights. “Then we will import false data, which are recognizable as such. The microphone interface will get a static noise, the camera a black picture or a cloud image, the address book the emergency numbers of the fire brigade and roadside assistance.”
The AVARE code is available as open source software on the AVARE website and the scientists hope that their program will be taken up by other developers who will help to extend the current beta version to a version 1.0.
The AVARE project is commissioned by the Baden-Württemberg Foundation (www.bwstiftung.de) as part of the ICT Security research program. Also involved are the Institute of Applied Computer Science and Formal Description Methods, the Center for Applied Law of the Karlsruhe Institute of Technology and the FZI Research Center for Computer Science.