The work carried out along RP2 focused on the extension and enhancement of the developments from RP1, as well as the application of the co-creation methodology, to successfully achieve all the objectives and key performance indicators (KPIs) that were defined at the proposal stage. In parallel, special attention was paid to build a certification scheme and widely disseminate and communicate the results and outcomes, which were also analysed for uptake, adoption and exploitation.
• A combination of citizen engagement actions, stakeholder engagement activities, methodological design actions, co-creation and piloting activities was carried out. This includes two rounds of pilots involving a total of 561 participants from four countries (Spain, France, Italy and Romania), resulting in feedback for further functionality and usability improvement as well as guidelines, best practices and recommendations.
• An advanced suite of tools aimed at enhancing digital privacy was completed. This suite includes (i) a software analyser for Android apps capable of both static and dynamic analysis, ensuring comprehensive privacy evaluations; (ii) a natural language privacy-related information analyser for Android apps that provides in-depth privacy insights; and (iii) Ad Analyser for Facebook, which profiles the ads shown to users via a browser extension and collects and analyses ad-related information. These tools are seamlessly integrated with other TRUST aWARE developments, specifically the TRUST aWARE Malware Information Sharing Platform (MISP) instance (see below) and the TRUST aWARE dashboard, a user-centric front-end component oto assist and educate users at the time of addressing their specific S&P threats.
• A set of cybersecurity and privacy protection tools was completed. Starting from previous developments by TRUST aWARE partners, these tools improves existing functionalities and build new ones: (i) Activity Monitor is designed to detect and counteract attacks that traditional anti-malware engines may miss; (ii) DiAPK is a classifier that identifies malicious Android Packages (APKs) using static software analysis and machine learning-based models; (iii) CheckMyNews is a software designed to collect data about the public posts, news posts, and ads the users receive on their feeds .
• A Collaborative Cyber Threat Intelligence (CTI) platform was deployed based on a MISP instance, which relies on a taxonomy specifically conceived to tackle security and privacy (S&P) threats. A MISP training course was elaborated to master the use of the MISP platform and an online platform to present reports on existing S&P risk levels was also developed.
• A socio-economic impact assessment was conducted, quantifying the social and economic impacts identified with inputs from international studies and S&P and technology experts. Similarly, the ethical impact assessment validated the identified ethical impacts through a workshop with project partners and external experts, benchmarked the methodology against the SIENNA methodology, and offered design recommendation for S&P tools.
• A standards guideline was generated explaining step-by-step how developers can comply with standards to enhance privacy protections when developing their tools.
• A specific extension of Europrivacy for international data transfer under article 46 of the GDPR was developed. It was particularly focused on the implementations of a high-level certification scheme to bridge major international regulatory certification schemes (Interprivacy).
• The consortium produced 22 peer-reviewed publications in journals/international conferences and 1 book, attended 26 industry or regulatory events and participated in 79 events in total. Besides that, information was released through the website (www.trustaware.eu) newsletters and social media (X and Linkedin, @trustaware).
Along the whole execution of the TRUST aWARE project, the different developments were continuously monitored to early identify key exploitable results (KERs):
• KER1: Static/dynamic analysis
• KER2: NLP tool for the analysis of privacy policies
• KER3: Content analysis
• KER4: Cybersecurity protection, detection and response tools
• KER5: S&P dashboard
• KER6: S&P CTI platform
• KER7: S&P certification and search engine
• KER8: Training programme
These KERs were duly analysed (owners, interest, roles, competitors, target users, SWOT, etc.) as part of the exploitation and sustainability plan.