Abstract

Skills are essential components in Smart Personal Assistants (SPA). The number of skills has snowballed, dominated by a changing environment that has no clear business model. Skills can access personal information, and this may pose a risk to users. However, there is little information about how this ecosystem works, let alone the tools to facilitate its study.  Jide Edu (KCL) will  look into developers’ practices in this ecosystem, including how they collect and justify the need for sensitive information, by designing a methodology to identify over-privileged skills with broken privacy policies. We collect 199,295 Alexa skills and uncover that around 43% of the developers’ skills (and 50% of the developers) request these permissions follow bad privacy practices, including (partially) broken data permissions traceability. To perform this kind of analysis at scale, Jide  will present SkillVet that leverages machine learning and natural language processing techniques and generates high-accuracy prediction sets.

Short Bio

Jide Edu received his master’s in Cybersecurity from Lancaster University, and is currently doing his PhD at King’s in computer science working on the research project “Cost Effective Security Testing of Cyber-Physical System”. He is also part of the ICO project that is working on evaluating third-party smart home assistant developers.

Joining details on members’ online platform