Prediction of Mobile App Privacy Preferences with User Profiles via Federated Learning

Permission managers in mobile devices allow users to control permissions requests, by granting of denying application's access to data and sensors. However, existing managers are ineffective at both protecting and warning users of the privacy risks of their permissions' decisions. Recent research proposes privacy protection mechanisms through user profiles to automate privacy decisions, taking personal privacy preferences into consideration. While promising, these proposals usually resort to a centralized server towards training the automation model, thus requiring users to trust this central entity. In this paper we propose a methodology to build privacy profiles and train neural networks for prediction of privacy decisions, while guaranteeing user privacy, even against a centralized server. Specifically, we resort to privacy-preserving clustering techniques towards building the privacy profiles, that is, the server computes the centroids (profiles) without access to the underlying data. Then, using federated learning, the model to predict permission decisions is learnt in a distributed fashion while all data remains locally in the users' devices. Experiments following our methodology show the feasibility of building a personalized and automated permission manager guaranteeing user privacy, while also reaching a performance comparable to the centralized state of the art, with an F1-score of 0.9.