Today’s mobile devices sense, collect, and store enormous amounts of personal information, while our favorite applications let us share that information with family and friends. We trust these systems and applications with our sensitive data and expect them to maintain its privacy. As we have repeatedly witnessed, this trust is often violated due to bugs, confusing privacy controls, or an application’s desire to monetize personal data.

Agate is a trusted distributed runtime system that: (1) gives users the power to define privacy policies for their data, and (2) enforces those policies without needing to trust applications or their programmers. Agate combines aspects of access control and information flow control to ensure that applications executing across mobile platforms and cloud servers meet our privacy expectations. We designed and implemented an Agate prototype to run on Android systems for smartphones, tablets, and servers. Both empirical and measurement data demonstrate that Agate effectively supports distributed, social data-sharing applications while preventing the leakage of sensitive data at only a moderate performance cost compared to Android.