Privacy Preserving Collaboration in Bring-Your-Own-Apps.

Enterprise environments limit personal device usage for corporate data within a small set of enterprise provided apps or by using a whitelist of third-party apps. Both these options provide employees with limited app features, and a whitelist can be cumbersome to manage. In this paper we present CleanRoom, a new app platform designed to protect confidentiality in a brave "Bring Your Own Apps" (BYOA) world where employees use their own untrusted third-party apps to create, edit, and share corporate data. CleanRoom's core guarantee is privacy-preserving collaboration: CleanRoom enables employees to work together on shared data while ensuring that the owners of the data---not the app accessing the data---control who can access and collaborate using this data. CleanRoom provides fine-grained data object sandboxes and uses platform level access control to preserve privacy. We show that CleanRoom prevents a faulty or malicious app from leaking any data to unauthorized users or the app's publisher. CleanRoom accommodates a broad range of apps, preserves the confidentiality of the data that these apps access, and incurs low overhead. Furthermore, CleanRoom supports a novel privacy-preserving error reporting through a combination of differential privacy and static program analysis.