||<p>As more services have come to rely on sensor data such as photos and audio collected
by mobile phone users, verifying the authenticity of this data has become critical
for service correctness. At the same time, contributors require the flexibility to
modify data for resource efficiency, presentation, or privacy before the data is submitted.
This dissertation presents two approaches for resolving the tension between data authenticity
and user choice. YouProve is a partnership between a mobile device's trusted hardware
and software that allows untrusted client applications to directly control the fidelity
of data and enables services to verify that the meaning of source data is preserved.
The key to YouProve's approach is trusted analysis of derived data, which generates
statements comparing the content of a derived data item to its source.</p><p>To address
certain cases where YouProve's approach is insufficient for evaluating modifications
to photos, we introduce an alternative approach called pixel tracking. Pixel tracking
uses dynamic taint analysis, or taint tracking, to monitor the execution of untrusted
image processing code and track the history of operations performed on individual
pixels. Pixel tracking is built on TaintDroid, a collaborative work that enables taint
tracking in the Android operating system. This dissertation presents two key enhancements
to TaintDroid to improve its efficiency and precision which are critical for enabling
pixel tracking and other follow-on work.</p><p>Experiments with prototype implementations
of YouProve and pixel tracking for Android demonstrate that the approaches are feasible.
YouProve's photo analyzer is over 99% accurate at identifying regions changed only
through meaning-preserving modifications such as cropping, compression, and scaling.
Pixel tracking complements YouProve's analysis and can provide valuable information
in several important cases where the photo analyzer falls short. YouProve's audio
analyzer is similarly accurate at detecting which sub-clips of a source audio clip
are present in a derived version, even in the face of compression, normalization,
splicing, and other modifications. Finally, performance and power costs are reasonable,
with YouProve's analyzers having little noticeable effect on interactive applications
and CPU-intensive analysis completing asynchronously in under 30 seconds for 5-megapixel
photos and under 70 seconds for 5-minute audio clips. Pixel tracking incurs slowdowns
of only 21% to 43% for fine-grained tracking of image processing code.</p><p>Our work
on YouProve and pixel tracking demonstrates that it is possible to provide guarantees
about data authenticity while preserving users' control over the data they contribute.</p>