OneTrust_Square Banner_300x250_DD_ROS_01_19
This app uses machine learning to help users find the best privacy settings

Chances are, if you have a smartphone, you likely have a wide variety of apps filling up your screen. You likely have apps for your social media accounts, your bank, and maybe a GPS app to help you find the closest restaurant.

While everyone may be flocking to Facebook, Google Maps, and PayPal, users' views about their app settings and permissions will probably differ.

This was the impetus behind the creation of the Privacy Assistant app, a tool created by Carnegie Mellon University researchers to help users of rooted Android phones - where the user unlocks the phone's operating system to better customize the device - find the proper settings and permissions fitting their habits.

Carnegie Mellon University Professor Norman Sadeh, CIPT, headed up the creation of the app, as his team has been conducting research on the ways apps share information with advertising networks and how users felt about such sharing.

While many people expressed discomfort about having their information shared with advertisers, it wasn’t a universal mindset, he found.

“One of the challenges about privacy is not every one feels the same about these scenarios. If everyone did feel the same way, things would be very easy,” said Sadeh. “You’d basically configure things in accordance with the way one feels. Obviously, that’s not the case, and that has been reflected in the number of settings iOS and Android has been making available to users over the years.”

As Sadeh and his team delved deeper into their research, they found machine learning can be used to predict a user’s preferred settings. The Privacy Assistant app works by analyzing the types of apps users have on their phone. From this analysis, the app will ask between three to five questions, depending on how the user responds.

Here's an example: “In general, do you feel comfortable with Social apps accessing your Camera?” or, “In general, do you feel comfortable with Finance apps accessing your Location?”  Below the question resides apps installed on the phone, and three choices: “not sure,” “mostly ok,” and “mostly no.”


Screen shot of the Privacy Assistant in action

These questions help Privacy Assistant sort users into one of seven clusters, or the profile best describing her setting preferences. The seven clusters cover the wide spectrum of views towards settings and permissions.

“You are going to have clusters of people who are very permissive, and will pretty much grant anything that is being asked. You have a cluster of people who are very conservative, and they will, by and large, try to deny anything. The vast majority of the population is somewhere in between,” said Sadeh. “There are clusters that are going to say, I am willing to let location be visible for apps that really need it to work, like a navigation app, but I am not willing to share my location with advertising networks.”

After a user has been sorted into her cluster, she can examine the recommendations made by Privacy Assistant. Users will have the ability to sort through the recommendations offered in seven different categories: location, contacts, messages, phone call data, camera, calendar, and microphone.

Once one of the categories has been chosen, the user will see a list of apps. Any recommendations made by Privacy Assistant will be marked by an exclamation point. The user will then have the ability to adjust the permission from the app.


Contacts view of the Privacy Assistant

Building the clusters was far from a trivial task. Users are likely not willing to share their settings information, and it is likely users are unaware their apps are locked into settings not matching their preferences. The Carnegie Mellon team developed a protocol to increase user awareness of their settings, and used machine learning algorithms to analyze the collected data. While the task is not an easy one to accomplish, Sadeh credits his team’s prior experience conducting similar efforts across different domains for getting the app off the ground.

One area of focus for the app was ensuring it had a clean interface, an issue plaguing other apps attempting to perform a similar function. “This is often overlooked by people in this space, but if you want your tool to be usable by a large number of people, you have got to really pay attention to the design of your interface and come up with something that is very clean," said Sadeh. “A few other people have been building apps to try and have users manage their permissions, and if you look at the interfaces that they have developed, they are cluttered and not leveraging machine learning the way we do, so they are not able to make recommendations that are useful as we do.”

Privacy Assistant is only available on rooted Android phones, which Sadeh knows is a small percentage of the total Android market. Sadeh said other users cannot use the app at this time due to Android's strict nature toward allowing third parties to tinker with the settings and permissions.

Google and Samsung have both funded portions of the research and expressed their support for the team’s efforts.

Whether the tech companies’ enthusiasm translates to wider exposure for Privacy Assistant remains to be seen. Sadeh said conversations are taking place to determine whether the public at large will be able to use their tool. The team is exploring whether they can release a variation of the app to normal Android phones, albeit without the ability alert permissions within the app.

Sadeh has received positive feedback from those who have used Privacy Assistant, and he hopes to obtain a wider audience to offer more users the ability to tackle their settings and permissions head on.

“I don’t think that there’s any other way of empowering people to really control their settings,” said Sadeh. “There are just too many of them, and you really need machine learning to help people in this space.”

Written By

Ryan Chiavetta


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

IAPP-OneTrust Website Scanning & Cookie Compliance Tool

Scan your website for cookies, tags, forms and policies and create a custom, dynamically updated cookie policy based on the results of your scans.

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

More Resources »

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds and unparalleled programs—plus a whole new spin on Active Learning!

Canada Privacy Symposium 2017

The Symposium returns to Toronto! Take advantage of Early Bird rates before March 31 and join your fellow privacy pros for a stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is SOLD OUT and the wait list is closed. If you got on the wait list, we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Join us in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens in May.

Europe Data Protection Congress 2017

Your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Registration opens in early June.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»