Protecting User Privacy in the World of Internet of Things

With the rapid development of the Internet of Things (IoT), there are many interacting devices and applications. They usually need to collect data about users and the surrounding environment to operate. With so many data collection activities going on daily, one of the most critical challenges is ensuring user privacy while facilitating devices' operations.
In this dissertation, we aim to better understand the privacy risks and how to effectively protect user privacy in IoT environments. We first investigated the smart home context, which is one of the most popular IoT systems. One important feature of IoT for smart homes is voice-controlled devices/applications, which provide convenience but also introduce privacy issues. Unlike mobile apps, voice-controlled apps (or voice apps) do not have binary files or source code, posing a challenge to traditional analysis approaches. To address this challenge, we build a system to automatically interact with voice apps to identify suspicious behaviors and investigate privacy risks, such as inappropriate content or personal data collection. Although service providers like Amazon Alexa employed a vetting process for publishing voice apps, we find risky child-directed apps were still published on the market. To understand the root causes of such risks, we conduct a rigorous systematic analysis of voice apps' dynamic behaviors that bypassed standard vetting schemes and uncover limitations of the vetting process. We then propose a run-time behavior monitoring approach to address those privacy issues. In addition to risks from voice apps, there are also privacy concerns with voice-controlled devices and their data collection, as these devices record users' voice interactions. To study the impacts of this data collection and how to help users take control over it, we build a usable tool to effectively help users monitor their voice interactions recorded by the devices in real-time. We conduct user studies to understand users' perceptions of this data collection and how they prefer privacy notifications in the real world. It is important to also investigate public IoT systems and see if users' privacy perceptions and preferences vary. Thus, we further extend our research to the smart commercial building context. We conduct a user study with occupants who report working in smart commercial buildings regarding awareness of data collection, privacy notification preferences, and the potential factors for notification preferences, showing the key differences from the smart home context. Overall, our research helps to understand the risks of IoT technologies and informs key designs for smart environments to protect user privacy.