Skip to main content

NortonLifeLock’s AI-powered smartphone app blurs out sensitive information in photos

lock on gray background

With some regularity, sensitive information finds its way into smartphones and other mobile devices. Much of it comes from the estimated 3.2 billion images uploaded every day — people screenshot documents like tickets, tax forms, and medical prescriptions without thinking twice. This makes them susceptible to risks like identity theft and ransomware, among other problems. In 2019 alone, 14.4 million consumers became victims of identity fraud, or about 1 in 15 people.

In an effort to address this, data scientists at NortonLifeLock Labs, the R&D division of antivirus vendor NortonLifeLock, released an AI-powered iOS app designed to protect sensitive photos of passports, Social Security cards, passwords, credit cards, and more. Called Xposure, it identifies sensitive images, copies them to a secure vault, and either deletes the originals or replaces them with blurred-out placeholders.

“Depending on the device and types of photos, we can scan about 1,000 pictures per minute with minimal false positives,” Dan Marino, technical director at NortonLifeLock, told VentureBeat via email. “Xposure’s main problem to solve is privacy, which includes privacy from Norton as well. That is the main reason why the machine learning models we have trained run on the user’s device and user’s images and data are never shared with us.”

NortonLifeLock Xposure

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

NortonLifeLock’s research team had to tackle four main challenges while developing Xposure, according to Marino. The AI models powering the app had to be trained on stock images that didn’t contain any personally identifiable information, a difficult task given that there wasn’t a sufficient number images to train the models from scratch. For privacy reasons, all AI inferencing had to be done on users’ devices as opposed to in the cloud. And most importantly, the models had to achieve high processing speeds and accuracy. Because most AI-based image classifiers work on low-resolution images, they tend to flag any image with the same general characteristics, leading to false positives.

At the heart of Xposure is its on-device detection engine, which determines whether an image is sensitive or not using a combination of classifiers based on convolutional neural networks and optical character recognition (OCR). In machine learning, convolutional neural networks are a class of algorithm most commonly applied to analyzing visual imagery.

“The convolutional neural network separates images into sensitive and non-sensitive categories based on general visual features,” Marino explained. “We built [it] using transfer learning, a technique that takes a neural network built to solve one task and retrains it slightly, often with much less data, to do a different task. Synthetic data augmentation helped to create more training data by the varying angles, brightness, and zoom of the stock images [that we used to train the model].”

NortonLifeLock Xposure

Meanwhile, the OCR component of Xposure’s engine identifies the text in images and keywords that correspond to documents like “Passport,” “Date of Issue,” and “Date of Birth.” In contrast to a visual classifier, OCR requires higher-definition images, which causes a slowdown not only due to increased processing but because phones often store only low-resolution copies of images to save space. In order to apply OCR, Xposure has to download the high-resolution original from the cloud, which is why the engine only leverages OCR if the convolutional neural network detects an image is likely to be sensitive.

“OCR doesn’t perform accurately if the image is tilted or upside down and Xposure uses smarts to identify when OCR needs to be run from different orientations,” Marino said.

In one final check, Xposure presents images flagged as sensitive by the classifier but not OCR to users for review as potentially sensitive, so they can manually add them to the vault. Original images can only be accessed through the vault, which is password-protected and encrypted, or by selecting the placeholder and unblurring it via a special app extension.

NortonLifeLock Xposure

Marino says that Xposure’s hybrid approach achieves a low false positive rate — around 0.75% — while mitigating the OCR component’s sensitivity to languages it doesn’t recognize.

Separate from the vault, Xposure offers a feature called PhotoBlur, which creates a blurred version of a photo when a user comes across it in their photo library. Tapping and holding on the screen reveals the original, unblurred photo, offering a balance between protection and ease of use.

“We urgently need a solution that detects sensitive and private images on our phones and hides them away from curious onlookers, hackers, and buggy apps. The situation has only gotten worse during the pandemic, because most business is conducted online, and people are forced to click and share sensitive documents through their phones,” Marino said. “We believe Xposure delivers on NortonLifeLock’s vision to protect and empower people to live their digital lives safely and provides customers with an innovative solution to help keep their private photos private.”

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.