SWIP privacy statement (2012/04/30)

Abstract: the short statement is that we do not collect the slightest piece of your data. Nothing. However, you may read the following for getting all the details. Of course, you can also inspect our code, the source is available.

RDFContentResolver is given access to personal data on your phone

RDFContentResolver requites READ_CONTACTS, READ_CALENDAR, INTERNET, WRITE_EXTERNAL_STORAGE, ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION authorisation. Hence, it can access your contact, calendar and your location. Internet and external storage are used for importing internet data to your phone (not the other way around). In addition, RDFContentResolver will have access to the data of any application implementing the RDFContentProvider interface (like pictures annotated with Pikoid). In fact, this is because RDFContentResolver embeds RDFContentProviders for contacts, calendar, location and http access that it requires these permissions.

This aims at accessing the corresponding data and providing it as RDF, which is the purpose of the RDFContentProvider framework. RDFContentProvider is an experimental framework whose goal is to show that RDF publication of device data is possible on Android. Hence there is no surprise, but this indeed could put your privacy at risk.

Moreover, RDFContentResolver will provide this data to any application that asks for it.

A desirable set-up would be that RDFContentProvider, as ContentProvider, be part of the Android framework and access to this content be controlled directly by Android.

We do not collect any piece of data

In fact, unless you open RDFServer there is no way your data can leak out of your device from our software.

We do not even offer you online checking of new versions. You have to come and check at our web site for updates.

At the moment, we are not even on the Android market, so there is even no record at google that your phone has this app installed (well, at least we think, but you have read the privacy policy, right?).

RDFServer is provided full internet access and will communicate data upon request

RDFServer requires INTERNET, ACCESS_NETWORK_STATE, ACCESS_WIFI_STATE privileges.

Again, the purpose of RDFServer is to offer a linked data view of your phone data outside of the device. This is indeed what it does.

The SWIP software is, for the moment, experimental software used to demonstrate a semantic web framework on a phone. It is not supposed to run on a phone with real data.

As soon as the device is connected to the Internet and RDFServer is launched, it is possible for a third party to scan the traffic and read the content communicated by RDFServer. It is not encrypted.

In addition, since there is no authentication so far, everyone with the IP address of your phone can browse its content. It would involve someone (1) sniffing the device IP address (there are programs to do this), (2) knowing the URI pattern and port used by RDFContentResolver (this is public), and (3) systematically scanning its space (asking for contact/1, contact/2, etc.). The threat is low, albeit this cannot be excluded.

We aim at helping you precisely protecting your privacy

One of our research goal is to use the same semantic web technologies for enabling users to precisely express privacy policy, i.e., when which data item can be communicated to whom.

As a matter of experiment, we are trying to understand what a good policy is.

Hence, if you have 5 minutes, send us (i.e., Maria . Rosiou -a- inria . fr) an email with one rule that you would find useful. One such rule could be: "Do not provide my location on Saturday night to colleagues" or "Customers can access my week schedule at the availability granularity". We do not need a complete policy, but if you have a rule that you think important, please tell us (only this rule will be recorded).

Jérôme David and Jérôme Euzenat
http://swip.inrialpes.fr/datapolicy.html
30/04/2012