PrivacyShield: A Mobile System for Supporting Subtle Just-in-time Privacy Provisioning through Off-Screen-based Touch Gestures

Current in-situ privacy solution approaches are inadequate in protecting sensitive information. They either require extra
configuration effort or lack the ability to configure user desired privacy settings. Based on in-depth discussions during a design
workshop, we propose PrivacyShield, a mobile system for providing subtle just-in-time privacy provisioning. PrivacyShield
leverages the screen I/O device (screen digitizer) of smartphones to recognize gesture commands, even when the phone’s screen
is turned off. Based on gesture command inputs, various privacy-protection policies can be configured on-the-fly. We develop
a novel stroke-based approach to address the challenges in segmenting and recognizing gesture command inputs, which
helps the system in achieving good usability and performance. PrivacyShield also provides developers with APIs to enable
just-in-time privacy provisioning in their applications. We have implemented an energy efficient PrivacyShield prototype on
the Android platform, including smartphones with and without a low-power co-processor. Evaluation results show that our
gesture segmentation algorithm is fast enough for real-time performance (introducing less than 200ms processing latency)
and accurate (achieving an accuracy of 95% for single-character gestures and 89% for even three-character gestures). We also
build a non-touch-screen-based just-in-time privacy provisioning prototype called the wrist gesture method. We compare the
performance of the two prototypes by doing a 6-week field study with 12 participants and show why a simplistic solution
falls short in providing privacy configurations. We also report the participants’ perceptions and reactions after the field study.