Narseo Vallina-Rodriguez- Ph.D in Computer Science
- Professor (Assistant) at Madrid Institute for Advanced Studies
Narseo Vallina-Rodriguez
- Ph.D in Computer Science
- Professor (Assistant) at Madrid Institute for Advanced Studies
About
90
Publications
57,849
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,778
Citations
Introduction
Skills and Expertise
Current institution
Publications
Publications (90)
Mobile apps frequently use Bluetooth Low Energy (BLE) and WiFi scanning permissions to discover nearby devices like peripherals and connect to WiFi Access Points (APs). However, wireless interfaces also serve as a covert proxy for geolocation data, enabling continuous user tracking and profiling. This includes technologies like BLE beacons, which a...
The JavaScript programming language, which began as a simple scripting language for the Web, has become ubiquitous, spanning desktop, mobile, and server applications. This increase in usage has made JavaScript an attractive target for nefarious actors, resulting in the proliferation of malicious browser extensions that steal user information and su...
Web browsers, particularly Google Chrome and other Chromium-based browsers, have grown in popularity over the past decade, with browser extensions becoming an integral part of their ecosystem. These extensions can customize and enhance the user experience, providing functionality that ranges from ad blockers to, more recently, AI assistants. Given...
During the first days of the 2022 Russian invasion of Ukraine, Russia's media regulator blocked access to many global social media platforms and news sites, including Twitter, Facebook, and the BBC. To bypass the information controls set by Russian authorities, pro-Ukrainian groups explored unconventional ways to reach out to the Russian population...
Short Message Service (SMS) is a popular channel for online service providers to verify accounts and authenticate users registered to a particular service. Specialized applications, called Public SMS Gateways (PSGs), offer free Disposable Phone Numbers (DPNs) that can be used to receive SMS messages. DPNs allow users to protect their privacy when c...
The Chromium open-source project has become a fundamental piece of the Web as we know it today, with multiple vendors offering browsers based on its codebase. One of its most popular features is the possibility of altering or enhancing the browser functionality through third-party programs known as browser extensions. Extensions have access to a wi...
The ability to identify the author responsible for a given software object is critical for many research studies and for enhancing software transparency and accountability. However, as opposed to other application markets like Apple's iOS App Store, attribution in the Android ecosystem is known to be hard. Prior research has leveraged market metada...
During the first days of the 2022 Russian invasion of Ukraine, Russia's media regulator blocked access to many global social media platforms and news sites, including Twitter, Facebook, and the BBC. To bypass the information controls set by Russian authorities, pro-Ukrainian groups explored unconventional ways to reach out to the Russian population...
The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, they can have access to (and can expose) a unique combination of sensitive user data, from users’ browsing histor...
Android implements a permission system to regulate apps' access to system resources and sensitive user data. One salient feature of this system is its extensibility: apps can define their own custom permissions to expose features and data to other apps. However, little is known about how widespread the usage of custom permissions is, and what is th...
The transparency and privacy behavior of mobile browsers has remained widely unexplored by the research community. In fact, as opposed to regular Android apps, mobile browsers may present contradicting privacy behaviors. On the one end, they can have access to (and can expose) a unique combination of sensitive user data, from users' browsing histor...
The ability to identify the author responsible for a given software object is critical for many research studies and for enhancing software transparency and accountability. However, as opposed to other application markets like iOS, attribution in the Android ecosystem is known to be hard. Prior research has leveraged market metadata and signing cer...
YouTube has long been a top-choice destination for independent video content creators to share their work. A large part of YouTube's appeal is owed to its practice of sharing advertising revenue with qualifying content creators through the YouTube Partner Program (YPP). In recent years, changes to the monetization policies and the introduction of a...
Fake engagement services allow users of online social media and other web platforms to illegitimately increase their online reach and boost their perceived popularity. Driven by socio-economic and even political motivations, the demand for fake engagement services has increased in the last years, which has incentivized the rise of a vast undergroun...
In March 2020, the World Health Organization declared the Corona Virus 2019 (COVID-19) outbreak a global pandemic. As a result, billions of people were either encouraged or forced by their governments to stay home to reduce the spread of the virus. This caused many to turn to the Internet for work, education, social interaction, and entertainment....
Blocklists constitute a widely-used Internet security mechanism to filter undesired network traffic based on IP/domain reputation and behavior. Many blocklists are distributed in open source form by threat intelligence providers who aggregate and process input from their own sensors, but also from third-party feeds or providers. Despite their wide...
This book brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy, data protection and Artificial Intelligence. It is one of the results of the thirteenth annual International Conference on Computers, Privacy and Data Protection (CPDP) held in Brussels in January 2020.
The...
The closed design of mobile devices -- with the increased security and consistent user interfaces -- is in large part responsible for their becoming the dominant platform for accessing the Internet. These benefits, however, are not without a cost. Their operation of mobile devices and their apps is not easy to understand by either users or operator...
"Incentivized" advertising platforms allow mobile app developers to acquire new users by directly paying users to install and engage with mobile apps (e.g., create an account, make in-app purchases). Incentivized installs are banned by the Apple App Store and discouraged by the Google Play Store because they can manipulate app store metrics (e.g.,...
Due to the COVID-19 pandemic, many governments imposed lockdowns that forced hundred millions to stay at home. As a result of these measures, Internet traffic of residential users increased, in particular, for remote working, entertainment, commerce, and education. In turn, traffic demands in the Internet core shifted as well. In this paper, using...
Transport Layer Security (TLS) 1.3 is a redesign of the Web's most important security protocol. It was standardized in August 2018 after a four year-long, unprecedented design process involving many cryptographers and industry stakeholders. We use the rare opportunity to track deployment, uptake, and use of a new mission-critical security protocol...
It is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also...
Android parental control applications are used by parents to monitor and limit their children’s mobile behaviour ( e.g., mobile apps usage, web browsing, calling, and texting). In order to offer this service, parental control apps require privileged access to system resources and access to sensitive data. This may significantly reduce the dangers a...
The Domain Name System (DNS) is one of the most critical Internet subsystems. While the majority of ISPs deploy and operate their own DNS infrastructure, many end users resort to third-party DNS providers with hopes of enhancing their privacy, security, and web performance. However, bad user choices and the uneven geographical deployment of DNS pro...
Modern privacy regulations, including the General Data Protection Regulation (GDPR) in the European Union, aim to control user tracking activities in websites and mobile applications. These privacy rules typically contain specific provisions and strict requirements for websites that provide sensitive material to end users such as sexual, religious,...
TLS 1.3 marks a significant departure from previous versions of the Transport Layer Security protocol (TLS). The new version offers a simplified protocol flow, more secure cryptographic primitives, and new features to improve performance, among other things. In this paper, we conduct the first study of TLS 1.3 deployment and use since its standardi...
Virtually every connection to an Internet service is preceded by a DNS lookup. These lookups are performed in the clear without integrity protection, enabling manipulation, redirection, surveillance, and censorship. In parallel with standardization efforts that address these issues, large providers such as Google and Cloudflare are deploying soluti...
The open-source nature of the Android OS makes it possible for manufacturers to ship custom versions of the OS along with a set of pre-installed apps, often for product differentiation. Some device vendors have recently come under scrutiny for potentially invasive private data collection practices and other potentially harmful or unwanted behavior...
Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources. However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels. Side channels present in the implementation of the permission system allow apps to ac...
Global Internet users increasingly rely on virtual private network (VPN) services to preserve their privacy, circumvent censorship, and access geo-filtered content. Due to their own lack of technical sophistication and the opaque nature of VPN clients, however, the vast majority of users have limited means to verify a given VPN service's claims alo...
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are...
The Transport Layer Security (TLS) protocol is the de-facto standard for encrypted communication on the Internet. However, it has been plagued by a number of different attacks and security issues over the last years. Addressing these attacks requires changes to the protocol, to server- or client-software, or to all of them. In this paper we conduct...
China is one of the largest Android markets in the world. As Chinese users cannot access Google Play to buy and install Android apps, a number of independent app stores have emerged and compete in the Chinese app market. Some of the Chinese app stores are pre-installed vendor-specific app markets (e.g., Huawei, Xiaomi and OPPO), whereas others are...
First standardized by the IETF in the 1990's, SSL/TLS is the most widely-used encryption protocol on the Internet. This makes it imperative to study its usage across different platforms and applications to ensure proper usage and robustness against attacks and vulnerabilities. While previous efforts have focused on the usage of TLS in the desktop e...
We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps’ compliance with the Children’s Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of 5,855 of the most pop...
A broad range of research areas including Internet measurement, privacy, and network security rely on lists of target domains to be analysed; researchers make use of target lists for reasons of necessity or efficiency. The popular Alexa list of one million domains is a widely used example. Despite their prevalence in research papers, the soundness...
Mobile applications outsource their cloud infrastructure deployment and content delivery to cloud computing services and content delivery networks. Studying how these services, which we collectively denote Cloud Service Providers (CSPs), perform over Mobile Network Operators (MNOs) is crucial to understanding some of the performance limitations of...
For many years, the research community, practitioners, and regulators have used myriad methods and tools to understand the complex structure and behavior of ISPs from the edge of the network. Unfortunately, the nature of these techniques forces the researcher to find a balance between ISP-coverage, user scale, and accuracy. In this paper we present...
The functioning of mobile apps involves a large number of protocols and entities, with the Domain Name System (DNS) acting as a predominant one. Despite being one of the oldest Internet systems, DNS still operates with semi-obscure interactions among its stakeholders: domain owners, network operators, operating systems, and app developers. The goal...
Transport Layer Security (TLS), has become the de-facto standard for secure Internet communication. When used correctly, it provides secure data transfer, but used incorrectly, it can leave users vulnerable to attacks while giving them a false sense of security. Numerous efforts have studied the adoption of TLS (and its predecessor, SSL) and its us...
Online advertising subsidizes a majority of the “free” services on the Web. Yet many find this approach intrusive and annoying, resorting to adblockers to get rid of ads chasing them all over the Web. A majority of those using an adblocker tool are familiar with messages asking them to either disable their adblocker or to consider supporting the ho...
Millions of users worldwide resort to mobile VPN clients to either circumvent censorship or to access geo-blocked content, and more generally for privacy and security purposes. In practice, however, users have little if any guarantees about the corresponding security and privacy settings, and perhaps no practical knowledge about the entities access...
As ISPs face IPv4 address scarcity they increasingly turn to network address translation (NAT) to accommodate the address needs of their customers. Recently, ISPs have moved beyond employing NATs only directly at individual customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply address translation to many independent and disparate...
Third-party services form an integral part of the mobile ecosystem: they allow app developers to add features such as performance analytics and social network integration, and to monetize their apps by enabling user tracking and targeted ad delivery. At present users, researchers, and regulators all have at best limited understanding of this third-...
Adblocking tools like Adblock Plus continue to rise in popularity, potentially threatening the dynamics of advertising revenue streams. In response, a number of publishers have ramped up efforts to develop and deploy mechanisms for detecting and/or counter-blocking adblockers (which we refer to as anti-adblockers), effectively escalating the online...
As ISPs face IPv4 address scarcity they increasingly turn to network address translation (NAT) to accommodate the address needs of their customers. Recently, ISPs have moved beyond employing NATs only directly at individual customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply address translation to many independent and disparate...
Adblocking tools continue to rise in popularity, altering the dynamics of advertising revenue streams. In response, a number of publishers have ramped up efforts to develop and deploy tools for detecting and/or counter-blocking adblockers (tools we refer to as anti-adblockers), effectively escalating the online advertising arms race. In this paper,...
Despite our growing reliance on mobile phones for a wide range of daily
tasks, we remain largely in the dark about the operation and performance of our
devices, including how (or whether) they protect the information we entrust to
them, and with whom they share it. The absence of easy, device-local access to
the traffic of our mobile phones present...
HTTP header enrichment allows mobile operators to annotate HTTP connections via the use of a wide range of request headers. Operators employ proxies to introduce such headers for operational purposes, and---as recently widely publicized---also to assist advertising programs in identifying the subscriber responsible for the originating traffic, with...
Cellular network performance is often viewed as primarily dominated by the radio technology. However, reality proves more complex: mobile operators deploy and configure their networks in different ways, and sometimes establish network sharing agreements with other mobile carriers. Moreover, regulators have encouraged newer operational models such a...
The security of today's Web rests in part on the set of X.509 certificate authorities trusted by each user's browser. Users generally do not themselves configure their browser's root store but instead rely upon decisions made by the suppliers of either the browsers or the devices upon which they run. In this work we explore the nature and implicati...
As the importance of online media content grows in Tunisia and as Internet infrastructure increasingly supplants or overlaps with traditional telecommunication systems, the issue of Internet governance has become a key component in understanding the media environment. This study investigates the structures undergirding the governance of the Interne...
Mobile phones in the 3G/4G era enable us to stay connected not only to the voice network, but also to online services like social networks. In this paper, we study the energy and network costs of mobile applications that provide continuous online presence (e.g. WhatsApp, Facebook, Skype). By combining measurements taken on the mobile and the cellul...
The co-existence of cellular and wired networks has been exploited almost exclusively in the direction of OffLoading traffic from the former onto the latter. In this paper we claim that there exist cases that call for the exact opposite, i.e, use the cellular network to assist a fixed wired network. In particular, we show that by "OnLoading'' traff...
Mobile phones in the 3G/4G era enable us to stay connected not only to the voice network, but also to online services like social networks. In this paper, we study the energy and network costs of mobile applications that provide continuous online presence (e.g. WhatsApp, Facebook, Skype). By combining measurements taken on the mobile and the cellul...
Location based services are a vital component of the mobile ecosystem. Among all the location technologies used behind the scenes, A-GPS (Assisted-GPS) is considered to be the most accurate. Unlike standalone GPS systems, A-GPS uses network support to speed nup position fix. However, it can be a dangerous strategy due to varying cell conditions whi...
The popularity of smartphones, cloud computing, and the app store model have led to cellular networks being used in a completely different way than what they were designed for. As a consequence, mobile applications impose new challenges in the design and efficient configuration of constrained networks to maximize application's performance. Such dif...
The popularity of smartphones, cloud computing, and the app store model have led to cellular networks being used in a completely different way than what they were designed for. As a consequence, mobile applications impose new challenges in the design and efficient configuration of constrained networks to maximize application's performance. Such dif...
Managing energy efficiently is paramount in modern smartphones. The diverse range of wireless interfaces and sensors, and the increasing popularity of power-hungry applications that take advantage of these resources can reduce the battery life of mobile handhelds to few hours of operation. The research community, and operating system and hardware v...
Mobile phones and tablets can be considered as the first incarnation of the post-PC era. Their explosive adoption rate has been driven by a number of factors, with the most signifcant influence being applications (apps) and app markets. Individuals and organizations are able to develop and publish apps, and the most popular form of monetization is...
Mobile phones and tablets can be considered as the first incarnation of the post-PC era. Their explosive adoption rate has been driven by a number of factors, with the most signifcant influence being applications (apps) and app markets. Individuals and organizations are able to develop and publish apps, and the most popular form of monetization is...
Access link can often be the bottleneck for application performance. In this paper, we propose to augment wired connections using cellular ones, that we term "3G onloading (3GOL)". 3GOL utilizes available mobile devices and already-paid-for data volumes to augment and improve performance of applications on wired network. We motivate 3GOL by underst...
This demo presents Signposts, a system to provide users with a secure, simple mechanism to establish and maintain communication channels between their personal cloud of named devices. Signpost names exist in the DNSSEC hierarchy, and resolve to secure end-points when accessed by existing DNS clients. Signpost clients intercept user connection inten...
This demo presents Signposts, a system to provide users with a secure, simple mechanism to establish and maintain communication channels between their personal cloud of named devices. Signpost names exist in the DNSSEC hierarchy, and resolve to secure end-points when accessed by existing DNS clients. Signpost clients intercept user connection inten...
Twitter has already become an important facet of the social Web, allowing users and organizations to share their ideas and subscribe to others' updates. Notably, it has been actively used during political events such as the recent elections in Iran, Spain and the USA, or the uprisings in the Middle East, to the extent that it is claimed that revolu...
Efficient management of mobile resources from an energy perspective in modern smart-phones is paramount nowadays. Today’s mobile phones are equipped with a wide range of sensing, computational, storage and communication resources. The diverse range of sensors such as microphones, cameras, accelerometers, gyroscopes, GPS, digital compass and proximi...
The intense use of hardware resources by mobile applications has a significant impact on the battery life of mobile devices. In this paper we introduce a novel approach for the efficient use of mobile phone resources, by considering the coordinated sharing of resources offered by multiple co-located devices. Taking into account the social behaviour...
The integration of multiple hardware components available in cur-rent smartphones improves their functionality but reduces their battery life to few hours of operation. Despite the positive im-provements achieved by hardware and operating system vendors to make mobile platforms more energy eff cient at various levels, we believe that an eff cient p...
Despite the advances in battery technologies, mobile phones still suffer from severe energy limitations. Modern handsets are rich devices that can support multitasking thanks to their high processing power and provide a wide range of resources such as sensors and network interfaces with different energy demands. There have been multiple attempts to...
In developing regions, Internet connectivity is ex- tremely poor, while mobile phone penetration is much higher. The inhabitants of developing conuntries still rely on traditional social mechanisms, such as word-of-mouth, to gather most information that they use in everyday life. In this paper, we propose Goose, a Social Network Service (SNS) archi...
Many Social Network Services (SNSs) such as Facebook and MyS- pace rely on a web server that enables the communication between users. As a consequence, SNSs' users require Internet access to participate and interact with their contacts, a service that is not usu- ally available in rural and developing areas. In this paper we introduce Goose, a dist...
