| dc.description.abstract | Modern consumer smart ecosystems—comprising of mobile and IoT devices, platforms, apps, third-party
SDKs, and cloud services—enable pervasive automation and personalization by continuously exchanging
data across software using internet and local network interfaces. While this interconnection enhances
usability and functionality, it also introduces systemic privacy risks that are difficult to audit and regulate.
These risks often stem from complex interactions across co-located programs, devices, and third-party
infrastructure, which existing analysis tools and protection mechanisms such as sandboxing and permission
mechanisms fail to capture because they are process-centric; i.e., they are focused on individual apps or
devices and treat them as monolithic entities. As a result, they often miss privacy violations that exist
beyond traditional program boundaries involving indirect flows, inter-app communication, and covert-
channel inferences.
This dissertation challenges the current process-centric view of privacy analysis and controls. It argues
that this perspective is insufficient for capturing emerging privacy risks in modern smart ecosystems,
where interactions across complex components enable unvetted channels and data leakage. By adopting
a holistic, ecosystem-level perspective, this work demonstrates that privacy violations often arise from
such interconnectedness. To support this argument, the dissertation applies novel multi-vantage empir-
ical methods—including static and dynamic app analysis, network traffic inspection, input fuzzing, and
controlled execution environments.
By exposing these underexplored threats, this dissertation calls for a paradigm shift in how privacy
is audited and controlled in smart ecosystems. It demonstrates that privacy should not be treated as a
static property of individual apps or devices, but as a property inherent to dynamic interactions across
apps, devices, SDKs, and cloud services.
Through three empirical analyses, this dissertation demonstrates how these privacy risks manifest
in real-world smart ecosystems, including smart home devices and mobile apps. First, insecure local
network communication in smart homes expose sensitive data enabling cross-device tracking and household
fingerprinting. Second, mobile apps embed wireless-scanning SDKs that covertly infer location and bridge
identifiers to persistently track users and bypass platform restrictions to access geolocation data. Third,
health and fitness apps retrieve sensitive user data from aggregator platforms via OAuth-authorized APIs
that bypass Android’s permission system; once data is returned to the app, embedded third-party SDKs
may gain indirect access, exposing health information without platform visibility or user awareness.
These risks are not incidental, but structural—and are deeply rooted in platform design decisions,
opaque third-party integrations, insufficient access controls, and enforcement mechanisms. Consequently,
this dissertation provides groundbreaking empirical foundations for advancing platform accountability, in-
forming regulatory oversight, and strengthening user-centric privacy protections in today’s interconnected
digital environments. In response to the findings presented in this dissertation and our active responsible
disclosure practices, major industry actors including Apple, Google, TP-Link, Philips, and over 20 other
IoT vendors acknowledged these risks and have implemented privacy protections in their products. No-
tably, Philips overhauled its identifier scheme to prevent long-term device tracking, and Google introduced
a dedicated local network permission in Android 16 to restrict unauthorized device discovery—changes
that now benefit billions of Android users worldwide. | es |
