Trusted and privacy-preserving sensor data onloading

To personalize their services (e.g., advertisement, navigation, healthcare), mobile apps collect sensor data. Typically, they upload the collected sensor data to the cloud, which returns the inferred user profiles required to personalize mobile services. However, privacy concerns and network connectivity/congestion issues can render cloud-based processing inapplicable. If different apps collect the same type of sensor data, app providers can collaborate by combining their data collections to infer on-device the user profiles required for personalization. Although major mobile platforms provide on-device data sharing mechanisms, these direct data exchanges provide no privacy protection. As an alternative to direct data sharing, we present differentially privatized sensor data onloading for app providers' collaboration. With our approach, app providers can safely collaborate by using shared sensor data to personalize their mobile services. We realize our approach as a middleware that acts as a trusted intermediary. The middleware aggregates the sensor data contributed by individual apps, which execute statistical queries against the combined datasets. Furthermore, the middleware's adaptive privacy-preserving scheme (1) computes and adds the required amount of noise to the query results so as to balance utility and privacy; (2) introduces a Trust-Data Theory so as to detect and remove spurious data from the combined collections; (3) rewards active contributing app providers so as to incentivize data contribution; (4) integrates a Trusted Execution Environment (TEE) so as to secure all data processing. Our evaluation shows that it is feasible and useful to personalize mobile services while protecting data privacy: queries' execution time is within 10 ms; participants' dissimilar privacy/utility requirements are satisfied; untrustworthy data are effectively detected; mobile services are personalized, and data privacy of both app providers and users are preserved.1