Making sense out of mobile phone privacy leaks through Electrical Muscle Stimulation

The project explores how people perceive privacy leaks from their mobile phones. Privacy leaks (Data sent to third-party servers, also called Ad-servers) from a mobile phone or table are detected via a monitoring-app (AntMonitor) developed by Athina Markopoulou and her team at University of California, Irvine (UCI).
Through a specific hardware that connects to the mobile phone over Bluetooth, CreepyLeaks allow people to become aware of the leaks in real-time using on-body notifications (Electrical Muscle Stimulation). The project explore how people think and reflect about data leakage and the strategies they may apply to protect themselves from such leaks once they become aware of how their phones leak personal data.

Your mobile phone constantly leaks your data!
What if you could FEEL it?

The system currently works with Android mobile phones and tablets. CreepyLeaks is composed by three parts: 1) The AntMonitor app, 2) an app that decides the severity of a leakage and 3) a purpose-made bluetooth-enabled hardware that notiieces the user of a leakage using Electrical Muscle Stimulation (EMS).
The app AntMonitor run on the mobile device and detects data leakages from the mobile device in realtime, regardless if the mobile device is used or not. When a data leakage occur, for example if the so-called AdvertiserID or the mobile device’s current location is sent to an ad-server, this is forwarded to the severity-decission app also running on the mobile device. This app check the severity of the leakage (something that can be configured by the researchers for each test person and device). Based on its decission, the app notifies the purpose-made CreepyLeaks hardware over bluetooth about the leakage and its severity.
The CreepyLeaks hardware have two electrodes that are attached to the user’s body. The two electordes allows the hardware to send small amounts of electrical current (using EMS) into the user’s body creating a small muscle contraction for each detected data leakage. The more severe the leakage, the stronger is the signal sent into the body.

CreepyLeaks was developed by Erik Grönvall and its use and implications have been researched together with Irina Shklovski.

Shklovski, I., Grönvall, E. (2020).
CreepyLeaks: Participatory Speculation Through Demos.
In the proceedings of NordiCHI 2020: the 11th Nordic Conference on Human-Computer Interaction, Online/Tallinn, Estonia, October 25 - 29, 2020.

CreepyLeaks has also been widely demonstrated for the general public, oranizations and government bodies. CreepyLeaks has also been featured in the news, for example in the Danish newspaper Politiken.

erig (at)