Browsing by Author "Lyons, Allan"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Open Access
    Be Careful What You Write, Someone Might Read It: Logging Personally Identifiable Information on Android
    (2023-01-03) Lyons, Allan; Reardon, Joel; Reardon, Joel; Henry, Ryan; Hagen, Gregory
    The Android Operating System provides a central, shared logging system that multiplexes messages from all of the various components including the operating system and all of the apps that run on it. A permission system exists that prevents these log messages from being read by processes other than the one that created them; however, there is an exception to this restriction for a privileged class of apps. This includes preinstalled system apps provided by Google, the manufacturer of the device, or the mobile network operator. As a consequence of this exception, Google admonishes developers that for privacy reasons they must refrain from logging personal or sensitive information to the system log. In this thesis, we examine the pervasive logging of Personally Identifiable Information (PII) throughout the Android ecosystem. With local lab experiments we show that freshly reset phones log PII---every phone we tested logged multiple identifiers. Then, through a field study we show that this logging is pervasive in the wild with PII being detected in the logs of 94.1% of the devices in our dataset which represented all of the observed manufacturers. We statically analyze the Android Open Source Project (AOSP) source code to identify the origin of some of the observed excessive logging and are able to attribute log entries to specific parts of the code and find that Google itself does not follow its own specific advice to not log sensitive data and more generally to remove debug logging from release software. Finally, we analyze the privacy policies of major cell-phone manufacturers and find that some report that they may collect these logs.
  • Thumbnail Image
    Item
    Open Access
    Teaching Machine Learning: Student Project Reports for CPSC 599.66 and 601.66 Winter 2007
    (2007-04-25) Richter, Michael; Bilawshuk, Tyler; Leclerc, Eric; McClocklin, Landon; Lyons, Allan; Kendon, Tyler; Kidney, Jordan; Xu, Hong; MacKas, Brenan; Obied, Ahmed; Olsen, Luke; Park, Justin; Walker, Scott; Olsen, Luke; Park, Justin; Tkachyk, Stephanie; Ma, Lizhe; Kianmehr, Kevin
    Teaching machine learning has two parts. One part is the lectures. These can be found under www.cpsc.ucalgary.ca/~mrichtet/ml. But lecturing is only half of the story. That is, because passive learning by listening does not provide the same expertise compared to active learning by doing. For this purpose a project work was required. Students had the choice to work on their own or to form a group of two. At the beginning of the course, after some introduction and overview, the projects started. The start had the following steps: 1) Selecting a domain of application as, e.g. spam filters, playing games, cooperative multiagents etc. 2) Formulating a learning goal in that domain, as improving cooperation. The choice was completely free. 3) Selecting one or more candidates for learning techniques presented in the course that were focused in the sequel. These topics were presented first very early and then in some more detail at midterm. In this volume the final reports are listed. Particular emphasis was put on the aspects of the difficulties that occurred during the project and how to overcome them. The difficulties had different sources. The major ones are problems with the tools and getting enough data, or underestimating the complexity. The free choice of the application domain had the consequence that the authors were quite familiar with it, could use existing environments and use the results for further activities like masters or PhD theses. Formal projects implementation details are available, write to mrichter@cpsc.ucalgary.ca