Building a privacy-preserving Federated Recommender system for mobile devices

Background

The traditional method of serving personalized content involves pooling sensitive user data on centralized servers, which conflicts with modern privacy expectations and geographical regulations. This paper addresses the challenge by introducing a two-stage federated recommendation system designed for mobile devices, ensuring that only non-sensitive preference data is processed in the cloud while keeping all sensitive context data local.

Key Points

• Stage 1: A collaborative filtering model processes non-sensitive app-context data on the cloud to generate a shortlist of relevant items.
• Stage 2: The candidates from the first stage are re-ranked on-device using sensitive mobile signals. Only model updates or gradients leave the device, maintaining privacy.

Technical Details

• Model Separation: The system separates user preference data (non-sensitive) from mobile context data (sensitive), ensuring that no sensitive data is transmitted to centralized servers.
• Cloud Processing: In the first stage, a collaborative filtering model runs on non-sensitive app-context data in the cloud to reduce the number of items for further processing.
• On-device Ranking: The second stage uses sensitive mobile signals such as location, acceleration, and other context-specific information to re-rank candidates. This ensures that only local devices handle sensitive data.

Validation

The approach was validated using:

• MovieLens dataset: A popular benchmark for recommendation systems.
• UCI Human Activity Recognition (HAR) dataset: To test the system’s effectiveness with real-time mobile signals.
• Proprietary pilot dataset: For additional testing and validation purposes.

Significance

• Privacy Protection: The two-stage approach ensures that sensitive user context data never leaves the device, aligning with strict privacy regulations and enhancing user trust.
• Scalability: By leveraging cloud resources for initial filtering while keeping processing localized, the system can scale efficiently to handle large datasets.
• Production Readiness: A Kotlin Multiplatform library was developed and deployed on both Android and iOS platforms, making it easy for developers to integrate into existing applications.

Key Insights:

• The separation of non-sensitive data from sensitive context data in a federated setting is crucial for maintaining privacy while still delivering personalized content.
• The approach can be applied to various domains beyond recommendation systems, such as activity recognition, where real-time contextual information plays a critical role.