Inria and the CNIL award the 2019 Privacy Protection prize to a European research team

Date :
Changed on 28/01/2020
The CNIL (French Data Protection Authority) and Inria have awarded the 2019 Privacy Protection prize to a European research team during the 13th international conference Computers, Privacy and Data Protection (CPDP). The award was given to Julien Gamba, Mohammed Rashed, Abbas Razaghpanah, Juan Tapiador and Narseo Vallina-Rodriguez for their article "An Analysis of Pre-installed Android Software”.
Prix CNIL-Inria 2019
© Inria / Photo C. Morel

 

On 22nd January, 2020 Guillaume Prunier, deputy CEO of Inria and François Pellegrini, member of the CNIL, presented the CNIL-Inria Prize at the CPDP conference in Brussels. This European prize, created by the CNIL and Inria in 2016 as part of the partnership between the two institutions, aims to encourage research in the field of data protection and privacy. Papers were mainly selected on the two criteria of scientific excellence and societal impact, by a jury co-chaired by François Pellegrini for the CNIL, and Nataliia Bielova for Inria.

This prize is an opportunity to raise the scientific community's awareness of data protection issues and the need to develop research projects in this field, particularly in the light of developments brought by the European Regulation on the protection of personal data (GDPR), and in particular the new requirements for privacy by design and accountability.

The awarded paper, entitled "An Analysis of Pre-installed Android Software”, by Julien Gamba, Mohammed Rashed, Abbas Razaghpanah, Juan Tapiador and Narseo Vallina-Rodriguez, has been accepted for publication at the IEEE Symposium on Security and Privacy 2020.

This article investigates the privacy and security issues associated with pre-installed software on Android devices, and their supply chain. As opposed to user-installed software, pre-installed apps are privileged and can operate without user consent, bypassing the Android permission system, without any possibility of opting-out. The study conducted is impressive in terms of the number of applications, device models and vendors analysed, as well as the depth of the study through static and dynamic analysis approaches. This paper has a high impact on end users and privacy regulation, as it describes practical ways in which companies and the applications they create may cooperate as an ecosystem to bypass data protection safeguards.  It brings attention to the need to develop system audit tools for mobile applications that do not consider only the behavior of individual applications, but also their interactions.

 

The award jury has also highlighted three runner-up articles that were recognized by the jury as exceptional research in privacy protection, with very high impact on both society and industry:

The prize was awarded by the jury members, renowned researchers in the privacy field of computer science: Josep Domingo-Ferrer, Simone Fischer-Hübner, Sébastien Gambs, Seda Gürses, two CNIL members: François Pellegrini (co-chair) and Félicien Vallet, and two Inria researchers: Nataliia Bielova (co-chair) and Mathieu Cunche. More than forty-five articles were submitted to the jury, which evidences the ever growing interest of the scientific community for this event.

 

The Awarded Team

For more information

 

Press release 2019 CNIL-Inria Award