Journal of Network and Computer Applications 174 (2021) 102874 Available online 4 November 2020 1084-8045/© 2020 Elsevier Ltd. All rights reserved. A privacy-preserving protocol for continuous and dynamic data collection in IoT enabled mobile app recommendation system (MARS) Saira Beg a , Adeel Anjum a, f , Mansoor Ahmad a , Shahid Hussain e, * , Ghufran Ahmad b , Suleman Khan c , Kim-Kwang Raymond Choo d a Department of Computer Sciences, COMSATS University Islamabad, Islamabad, Pakistan b Department of Computer Science, FAST National University of Computer and Emerging Sciences (NUCES), Karachi, Pakistan c Department of Computer and Information Sciences, Nothumbria University, Newcastle, UK d Department of Information Systems and Cyber Security, University of Texas at San Antonio, USA e Department of Computer and Information Science, University of Oregon, University, USA f Department of Computer Science and Engineering, Southern University of Science and Technology, 1088 Xueyuan Ave, Nanshan Qu, Shenzhen Shi, Guangdong Sheng, 518055, China A R T I C L E INFO Keywords: Mobile app recommendation system Privacy-preserving protocol Data collection Social-infuence Reversible integer transform (RIT) Internet of Things (IoT) ABSTRACT User trust is an important factor in the success of recommendation systems, including Internet of Things (IoT)- based recommendation systems. However, such trust can be eroded in many different ways (e.g., unauthorized data modifcations). Several privacy-preservation schemes have been designed for specifc data and/or require strict assumptions (e.g., a private/secure communication channel between client-server and third-party authentication). However, these may limit their application in practice. Hence, in this paper we propose the Reversible Data Transform (RDT) algorithm based privacy-preserving data collection protocol. Our protocol allows us to achieve privacy preservation against beyond the scope processing and does not require a private channel or rely on a third-party authentication. Due to group formation, the disclosure probability of the internal disclosure attack will not be greater than 1/k. Similarly, the reversible privacy-preserving data mining approach protects beyond the scope processing. Findings from the experimentation demonstrates the utility of the pro- posed protocol and its potential to be deployed in a mobile app recommendation system. 1. Background Recommendation systems (RS), a sub-class of information-fltering systems, take as input data-owners’ data in order to inform service or product recommendation based on some predicted ratings and prefer- ences. The task of recommendation systems becomes more challenging as the volume, variety, velocity, veracity of data, say from Internet of Things (IoT) devices, increase (Mohammadi et al., 2019, Felfernig et al., 2019; Costa-Montenegro et al., 2012; El Khaddar and Boulmalf, 2017). In this paper, we broadly defne IoT devices to also include smartphones which are used to collect various information (e.g., user input infor- mation and information from the device’s surroundings such as loca- tions) to inform service or product recommendation (Frey et al., 2015, Twardowski and Ryzko, 2015, Ju et al., 2019). There are a number of risks associated with RS, including the gen- eration of fake or misleading data (Lam et al., 2006, Chamorro-Vela et al., 2017, Wang et al., 2015). In addition, there have been attempts by the platform operator, service or product providers, or some third-party entity, to collect more private data from the data holders than required, for various purposes (e.g., marketing and user profling). Such private data include search terms, app installation log, app usage frequency, call detail record (CDR), and data holder’s social and relationship informa- tion. There are security and privacy implications, such as data leakage and user profling. Thus, existing recommendation techniques use different cryptographic approaches to protect against external adver- saries. However, mitigating the risk from a malicious insider is generally less of a focus. Therefore, we need trust models to be corporated into such RS, for example to distinguish malicious or dishonest devices / nodes from honest devices / nodes (Mohammadi et al., 2019, Su et al., 2018, Kumar and Patel, 2014). Given the popularity of IoT devices (broadly defned to include mobile devices), we focus on mobile recommendation system (MRS) model in this paper. * Corresponding author. E-mail addresses: Shussain@uoregon.edu (S. Hussain), raymond.choo@fulbrightmail.org (K.-K.R. Choo). Contents lists available at ScienceDirect Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca https://doi.org/10.1016/j.jnca.2020.102874 Received 6 March 2020; Received in revised form 17 July 2020; Accepted 3 October 2020