This article is one of a series covering the Federal Trade Commission’s 2018 PrivacyCon event. The conference featured research on privacy implications of Internet technologies and smart devices. For a full list of Consumers’ Research’s articles on this event, click here.
“If This Then That (IFTTT)” commands are a type of communication between smart devices that allow for the execution device protocols when certain conditions are triggered. For example, a user could set up a protocol that automatically uploads a photo to cloud storage when it is taken by his or her smartphone. In this case, the IFTTT protocol is “If I take a picture with my smartphone, upload the pictures to the Amazon Cloud.” These protocols expand on the conveniences enabled by smart devices. However, problems can occur when an IFTTT engages in unexpected ways
Presenter Milijana Surbatovich from the University of Rochester offered this scenario: A user had an IFTTT protocol enabled on his phone that would upload every photo he took to a public profile on Flickr. Typically, these photos were pictures of places the user visited or food he ate. However, in one instance, he took a photo of his passport, forgetting the IFTTT protocol was active. His passport photo and all the accompanying information was then uploaded to the public domain.
In this case, the IFTTT protocol compromised the user’s Private Identifying Information (PII) despite functioning correctly. According to Surbatovich, about half of the apps examined contained IFTTT protocols that could be unsafe depending on user settings. These unsafe apps violate either the secrecy or integrity lattices.
The middle ground for both lattice flows start in the restricted physical space (you must be in a physical location for the IFTTT protocol to engage), or the restricted online space (you must be on specific online site or community for the protocol to engage). In both lattices, violations occur when information moves from a more restricted source to a less restrictive source, or moves between the middle grounds. In the previous example, after taking the picture using a physically restricted device, the IFTTT violated the secrecy lattice by uploading the photo to the public domain.
Ultimately, consumers should be aware how IFTTT protocols work, and regularly review what system settings are enabled within applications. Within the development community, simple interactive functions could be implemented to ensure user PII is not accidentally disseminated to larger than desired audiences.
Jingjing Ren, a student at Northeastern University, touched on PII (Personal Identifiable Information) leaks across Android apps. In this presentation, Ren went into detail on how mobile privacy is getting worse over time. Through automated and scripted interaction with apps and analysis of the network traffic generated on real mobile devices, they found that the privacy risk of individual apps varies greatly over time, and they also found that a large majority of apps see little to no improvement in privacy in their lifespan.