A growing number of users are utilizing mobile computing devices to access public cloud services (PCS) (e.g., Gmail™, Outlook®, and WhatsApp®) as an essential part of their daily lives. While mobile platforms may help improve a user's connectivity to the Internet, the issue of preserving data privacy while accessing PCS on mobile devices remains unsolved. Moreover, recent news about widespread governmental surveillance programs has brought to the forefront a very unsatisfactory status quo: while PCS have become an essential part of everyday life for many, conventional methods of accessing PCS expose users to privacy breaches because they implicitly require the users to trust the PCS providers with the confidentiality of user data. However, such trust is unjustified, if not misplaced. In many situations, PCS providers are bound by law to share their users' data with surveillance agencies. Moreover, it is the business model of many PCS providers to mine their users' data and share it with third parties. Further, operator error may result in unintended data leaks, and data servers may be compromised by attackers.
To alter this undesirable status quo, solutions should be designed based on an updated trust model of everyday communications that better reflects the reality of these threats. In particular, new solutions should assume PCS providers untrustworthy. This implies that all other entities controlled by the PCS providers—including the consumer apps that users install to engage with the PCS—should also be assumed untrustworthy.