You are invited to participate in this study. By collecting data on the connections made by applications the study aims to highlight potential privacy issues, improve user security and to improve our understanding of the app ecosystem.
Your participation is entirely voluntary, and you can withdraw at any time by uninstalling the project app. Note that as there is no way for us (or anyone else) to link collected data to individual participants there is no way for us to delete data of yours once it has been uploaded to the project server.
This study is being carried out by the research group of Prof Douglas Leith in the School of Computer Science and Statistics at Trinity College Dublin.
We are seeking participants who use a macOS computer and are over 18 years of age.
We collect no personal data in this study and we have no way to link the data collected to you or the instance of the project app that you run. On first startup our app records basic security settings (is System Integrity Protection enabled, Filevault enabled, Gatekeeper settings, Apple’s Application Firewall settings as well as the OS version). It then periodically (roughly monthly) chooses one application at random and uploads the connections logged for that application to the project server. Browser apps (Chrome, Firefox, Safari etc) are excluded from this sampling since the list of connections may contain personal data or be otherwise revealing. There is no identifier linking this sample to the particular instance of the app being used and no logging by the project server of the network connections made to upload samples. The app stores a copy of all uploaded data in the ~/Library/Application Support/samples folder on your computer so that you can see what data has been shared. The app menu contains a link that opens this folder in Finder so that it is easy to inspect. The source code of the app is also available for you to inspect at github.
The study involves only a small time commitment on your part, namely that needed to install the project app (i.e. downloading the app and dragging to the /Applications folder).
We do not anticipate any risks to you from participating in the study. The project app also acts as an application firewall, allowing you to observe and allow/block the network connections being made from your computer. We hope that this will be useful to you.
Study results will be made publicly available on the [project web site]((https://www.scss.tcd.ie/doug.leith/).
The data collected will be analysed in order to uncover potential privacy issues, improve user security, and to improve our understanding of the app ecosystem. We plan to publish the results of our research in academic journals and conference proceedings. In order to facilitate study of the app ecosystem it is expected that parts of the data may also be shared with other academic researchers for purposes aligned with the project aims. The data collected by us is anonymised and cannot be linked to you personally, and we will take care to maintain this anonymity when publishing results.
This study forms part of the research work of the project team and is supported by Science Foundation Ireland grant 16/IA/4610.
If you have any queries, feel free to contact Prof Doug Leith at [email protected], and we will be happy to answer questions about the study.