Skip to main content
SpringerLink
Log in

Assessing User Understanding, Perception and Behaviour with Privacy and Permission Settings

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14045))

Included in the following conference series:

  • 826 Accesses

Abstract

Nowadays, users face an increasing range of contexts in which they may wish to control access to and share their data. This includes mobile apps accessing sensitive data, cookies tracking user activity, and social media sites targeting users for advertisement. Existing studies have determined that many ordinary users are unable to make informed permissions-related decisions when giving permissions to apps due to a lack of understanding of permissions and interface issues. Today, primary web services, such as social networks, mobile phones, web browsers and the Internet of Things, provide a vast number of privacy settings to users, aiming to provide more control. Although privacy details and permission settings are often made available, they can fall short of capturing and communicating essential considerations which users care about or offering them a meaningful level of control. As a result, the situation for many users has become unmanageable, and they do not have sufficient and proper control of all permissions on different platforms. This paper presents initial findings from ongoing research that is aimed at investigating ways to improve communication with users and support their related decision-making. The analysis leads to the following conclusions: end-users do not read and misunderstand permission requirements, demonstrating a gap between knowledge, perception and behaviours about permissions and privacy settings. Therefore, it is reasonable to assist consumers by allowing them to manage and revisit their privacy settings easily. The number of privacy decisions is growing; therefore, it is unrealistic for ordinary users to manage all these privacy settings.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security, SOUPS 2012, pp. 1–14 (2012). https://doi.org/10.1145/2335356.2335360

  2. Zadeh, M.E., Kambar, N., Esmaeilzadeh, A., Kim, Y., Taghva, K.: A survey on mobile malware detection methods using machine learning (2022). https://doi.org/10.1109/CCWC54503.2022.9720753

  3. Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501–510 (2012)

    Google Scholar 

  4. Smullen, D., Feng, Y., Zhang, S., Sadeh, N.M.: The best of both worlds: mitigating trade-offs between accuracy and user burden in capturing mobile app privacy preferences. Proc. Priv. Enhancing Technol. 2020(1), 195–215 (2020)

    Article  Google Scholar 

  5. Benton, K., Camp, L.J., Garg, V.: Studying the effectiveness of Android application permissions requests. In: IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops, pp. 291–296 (2013)

    Google Scholar 

  6. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Financial Cryptography and Data Security, FC 2012 Workshops, USEC and WECSR (2012)

    Google Scholar 

  7. Yus, F.: Smartphone Communication: Interactions in the App Ecosystem. Routledge (2021)

    Google Scholar 

  8. Betzing, J.H., Tietz, M., vom Brocke, J., Becker, J.: The impact of transparency on mobile privacy decision making. Electron. Mark. 30(3), 607–625 (2019)

    Article  Google Scholar 

  9. Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402 (2013)

    Google Scholar 

  10. Tan, J., et al.: The effect of developer-specified explanations for permission requests on smartphone user behavior. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 91–100 (2014). https://doi.org/10.1145/2556288.2557400

  11. Liu, X., Leng, Y., Yang, W., Wang, W., Zhai, C., Xie, T.: A large-scale empirical study on Android runtime-permission rationale messages (2018). https://doi.org/10.1109/VLHCC.2018.8506574

  12. Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on Internet of Things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125 (2017). https://doi.org/10.1109/JIOT.2017.2683200

    Article  Google Scholar 

  13. Olejnik, K., Dacosta, I., Soares Machado, J., Huguenin, K., Khan, M.E., Hubaux, J.-P.: SmarPer: context-aware and automatic runtime-permissions for mobile devices (2017)

    Google Scholar 

  14. Ismail, Q.: Crowdsourcing permission settings for mobile apps to help users balance privacy and usability. Doctoral dissertation, Indiana University (2018)

    Google Scholar 

  15. Alepis, E., Patsakis, C.: Monkey says, monkey does: security and privacy on voice assistants. IEEE Access 5, 17841–17851 (2017)

    Article  Google Scholar 

  16. Boroojeni, K.G., Amini, M.H., Iyengar, S.S.: Overview of the security and privacy issues in smart grids. In: Boroojeni, K.G., Amini, M.H., Iyengar, S.S. (eds.) Smart Grids: Security and Privacy Issues, pp. 1–16. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-45050-6_1

    Chapter  Google Scholar 

  17. Fathi, S.: More users trust Amazon and Google to handle their personal user data than Apple, survey suggests. MacRumors (2021). https://www.macrumors.com/2021/12/22/survey-amazon-and-google-user-data-more-than-apple/

  18. Graeff, T.R., Harmon, S.: Collecting and using personal data: consumers’ awareness and concerns. J. Consum. Mark. 19(4) (2002)

    Google Scholar 

  19. Carrascal, J.P., Riederer, C., Erramilli, V., Cherubini, M.: Your browsing behavior for a big mac: economics of personal information online (2013). http://mozilla.org/firefox

  20. Shih, F., Liccardi, I., Weitzner, D.J., Csail, M.: Privacy tipping points in smartphones privacy preferences (2015). https://doi.org/10.1145/2702123.2702404

  21. Lim, S.L., Bentley, P.J., Kanakam, N., Ishikawa, F., Honiden, S.: Investigating country differences in mobile app user behavior and challenges for software engineering. IEEE Trans. Softw. Eng. 41(01), 40–64 (2015)

    Article  Google Scholar 

  22. Gu, J., Xu, Y.C., Xu, H., Zhang, C., Ling, H.: Privacy concerns for mobile app download: an elaboration likelihood model perspective. Decis. Support Syst. 94, 19–28 (2017)

    Article  Google Scholar 

  23. Herold, R., Hertzog, C.: Data Privacy for the Smart Grid. Taylor & Francis (2015)

    Google Scholar 

  24. Chen, H.T., Kim, Y.: Problematic use of social network sites: the interactive relationship between gratifications sought and privacy concerns. Cyberpsychol. Behav. Soc. Netw. 16, 806–812 (2013)

    Article  Google Scholar 

  25. McCay-Peet, L., Quan-Haase, A.: What is social media and what questions can social media research help us answer. In: The SAGE Handbook of Social Media Research Methods (2017)

    Google Scholar 

  26. Stieger, S., Burger, C., Bohn, M., Voracek, M.: Who commits virtual identity suicide? Differences in privacy concerns, internet addiction, and personality between Facebook users and quitters. Cyberpsychol. Behav. Soc. Netw. 16(9), 629–634 (2013). https://doi.org/10.1089/CYBER.2012.0323

    Article  Google Scholar 

  27. Beierle, F., et al.: What data are smartphone users willing to share with researchers? J. Ambient. Intell. Humaniz. Comput. 11(6), 2277–2289 (2019). https://doi.org/10.1007/s12652-019-01355-6

    Article  Google Scholar 

  28. Schmidtke, H.R.: Location-aware systems or location-based services: a survey with applications to Covid-19 contact tracking. J. Reliab. Intell. Environ. 6(4), 191–214 (2020)

    Article  Google Scholar 

  29. Almuhimedi, H.: Helping Smartphone Users Manage their Privacy through Nudges (2017)

    Google Scholar 

  30. Shen, B., et al.: Can systems explain permissions better? Understanding users’ misperceptions under smartphone runtime permission model. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 751–768 (2021)

    Google Scholar 

  31. Raab, C.: The role of national privacy law in shaping privacy attitudes and behaviors. Priv. Secur. Law Rep. 13(7), 1–6 (2017)

    Google Scholar 

  32. Nguyen, L.T., Gligor, D.V.: Privacy attitudes and behaviors in the context of emerging technologies. J. Am. Soc. Inf. Sci. 66(10), 2040–2049 (2015)

    Google Scholar 

  33. Pankowski, N., Kaminska, A.: The impact of national privacy laws on privacy behaviors in mobile applications. Priv. Secur. Law Rep. 16(4), 1–6 (2020)

    Google Scholar 

  34. Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences (2017)

    Google Scholar 

  35. Mendes, R., Brandão, A., Vilela, J.P., Beresford, A.R.: Effect of user expectation on mobile app privacy: a field study. In: 2022 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 207–214 (2022)

    Google Scholar 

  36. Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)

    Article  Google Scholar 

  37. Barth, S., De Jong, M.D.: The privacy paradox–Investigating discrepancies between expressed privacy concerns and actual online behavior–a systematic literature review. Telemat. Inform. 34, 1038–1058 (2017)

    Article  Google Scholar 

  38. Woodruff, A., Pihur, V., Consolvo, S., Schmidt, L., Brandimarte, L., Acquisti, A.: Would a privacy fundamentalist sell their DNA for $1000... if nothing bad happened as a result? The Westin categories, behavioral intentions, and consequences. In: Symposium on Usable Privacy and Security (SOUPS), vol. 5, p. 1 (2014)

    Google Scholar 

  39. Woźniak, P.W., et al.: Creepy technology: what is it and how do you measure it? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (2021)

    Google Scholar 

  40. Wijesekera, P., et al.: Android permissions remystified: a field study on contextual integrity. In: 24th USENIX Security Symposium (USENIX Security 2015) (2015)

    Google Scholar 

  41. Madden, M., Rainie, L.: Americans’ attitudes about privacy, security and surveillance (2015)

    Google Scholar 

  42. Solove, D.J.: Introduction: privacy self-management and the consent dilemma. Harv. L. Rev. 126, 1880 (2012)

    Google Scholar 

  43. Jesus, V., Pandit, H.J.: Consent receipts for a usable and auditable web of personal data. IEEE Access 10, 28545–28563 (2022). https://doi.org/10.1109/ACCESS.2022.3157850

    Article  Google Scholar 

  44. Linden, T., Khandelwal, R., Harkous, H., Fawaz, K.: The privacy policy landscape after the GDPR. In: Proceedings on Privacy Enhancing Technologies, pp. 47–64 (2020). https://doi.org/10.2478/popets-2020-0004

  45. School of Computer Science Research Ethics Committee. Application for ethics approval - Online Privacy and Permissions Survey - Ref no. CS-2021-R49. Ethicsadmin@cs.nott.ac.uk (2022)

    Google Scholar 

Download references

Acknowledgements

The authors would like to acknowledge the input from Julie Haney of the Visualisation and Usability Group at the National Institute of Standards and Technology (NIST) for her valuable input and comments into the design of the questionnaire instrument.

Author information

Authors and Affiliations

  1. School of Computer Science, University of Nottingham, Nottingham, UK

    Nourah Alshomrani, Steven Furnell & Ying He

Authors
  1. Nourah Alshomrani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven Furnell
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ying He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Nourah Alshomrani , Steven Furnell or Ying He .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alshomrani, N., Furnell, S., He, Y. (2023). Assessing User Understanding, Perception and Behaviour with Privacy and Permission Settings. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35822-7_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35821-0

  • Online ISBN: 978-3-031-35822-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation