Phyo Thuta Aung Protects Mobile Users' Privacy 

  • The focus of Phyo Thuta Aung's research was to catch leakages of sensitive data from a mobile device through a network traffic analysis with a virtual private network (VPN) and to ask for preferences from users on how the app should deal with those leaks. The focus of Phyo Thuta Aung's research was to catch leakages of sensitive data from a mobile device through a network traffic analysis with a virtual private network (VPN) and to ask for preferences from users on how the app should deal with those leaks.

 "As a lot of people in the world tend to use mobile devices more and freely, the protection of mobile users’ privacy also needs to be improved more. Our research is going to be very beneficial in detection of users’ privacy leakage as well as protecting the privacy of users," says Phyo Thuta Aung '21, a computer science major who recently completed summer research with F&M computer scientist, Prof. Ed Novak, and student co-researcher Thu Do '21.

The main goal of Phyo's research was to be able to inform mobile users of which mobile apps are leaking and exactly what kind of data from their devices, as well as to give users freedom in choosing whether to let their sensitive data be sent to various sites and sources.  "This is not a completely new thing in this field of research," explains the computer science major, "but, for our current research, we have mainly focused on the usability of the tool, an Android app named VPN+, which will be the program carrying out our goals in the real world."

  • Phyo met regularly with Prof. Novak to provide updates on his project's progress, and illustrate his next steps and findings. Phyo met regularly with Prof. Novak to provide updates on his project's progress, and illustrate his next steps and findings.

'"Phyo is an excellent student researcher," says Prof. Novak.   "His work involved a sophisticated theory called 'information flow tracking.'  Information flow tracking (IFT) allows for data to be tracked through the execution of a program.  Phyo worked on alternative tracking mechanisms that allow for the implementation to be moved out of the operating system which makes the system easier to install and, ultimately, will hopefully improve wide-spread adoption of these kinds of systems.  To achieve this, Phyo focused on utilizing oracle attacks." 

 

"Doing research is not just about being able to put your name on a published paper.  It is about giving yourself a chance to learn new concepts on your own and come up with new approaches for current real-world challenges using what you have learned.   The only advice I would give is that, if you do not know something, either ASK or SEARCH. Do not settle down with the answer that you do not simply understand."

 

Phyo became involved in this project by talking to Prof. Novak about his interest in mobile security, and the computer scientist then invited the student to join his directed-reading class on the topic of protecting mobile security with dynamic information flow tracking.

The student researcher gives this tip, "Based on my experience during this summer research, I would like to tell future research students to always LOOK OUT for research papers which can potentially be similar to yours AHEAD of your research."

" I mainly learned about a lot of security failures in mobile devices running an Android platform and how real-world apps try to exploit those," Phyo comments.  "At the same time, I also learned multiple techniques to detect those kinds of security attacks. I believe all of  the knowledge I gained will be very useful when I decide to go further into either a graduate studies of security engineering or software development, as well as for a career in those fields."