Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior

doi:10.1016/j.ijhcs.2013.08.016

International Journal of Human-Computer Studies

Volume 71, Issue 12, December 2013, Pages 1163-1173

https://doi.org/10.1016/j.ijhcs.2013.08.016 Get rights and content

Highlights

•
We execute an improved methodology for testing information disclosure over mobile devices.
•
We collected actual information disclosure including the level of honesty/accuracy of information disclosed.
•
Information disclosure intentions have significant—yet very weak—relationship on actual disclosure.
•
The risk and benefit perceptions of information disclosure explain actual disclosure better than behavioral intentions.
•
Researchers much distinguish between intentions to disclose accurate information versus any information.

Abstract

The use of mobile applications continues to experience exponential growth. Using mobile apps typically requires the disclosure of location data, which often accompanies requests for various other forms of private information. Existing research on information privacy has implied that consumers are willing to accept privacy risks for relatively negligible benefits, and the offerings of mobile apps based on location-based services (LBS) appear to be no different. However, until now, researchers have struggled to replicate realistic privacy risks within experimental methodologies designed to manipulate independent variables. Moreover, minimal research has successfully captured actual information disclosure over mobile devices based on realistic risk perceptions. The purpose of this study is to propose and test a more realistic experimental methodology designed to replicate real perceptions of privacy risk and capture the effects of actual information disclosure decisions. As with prior research, this study employs a theoretical lens based on privacy calculus. However, we draw more detailed and valid conclusions due to our use of improved methodological rigor. We report the results of a controlled experiment involving consumers (n=1025) in a range of ages, levels of education, and employment experience. Based on our methodology, we find that only a weak, albeit significant, relationship exists between information disclosure intentions and actual disclosure. In addition, this relationship is heavily moderated by the consumer practice of disclosing false data. We conclude by discussing the contributions of our methodology and the possibilities for extending it for additional mobile privacy research.

Introduction

Mobile devices, such as smartphones, tablets, and e-readers are experiencing unprecedented rates of adoption. Since their inception less than three years ago, almost 30% of adults in the US now own a tablet computer (Rainie, 2012) and about half of American adults own smartphones (Smith, 2012). These devices create unique combinations of utility in the form of applications (a.k.a. apps) designed to provide entertainment, productivity tools, Internet access, and more. On the negative side, this blend of features creates exponentially greater privacy risks (Awad and Krishnan, 2006), especially in regard to location-based services (LBS) made possible by the global positioning system (GPS) that are often featured in these devices. In addition to GPS technology, mobile devices commonly have accelerometers and Bluetooth capability, which can provide real time estimates of how many people are near the mobile device. Analyzed separately, this information poses limited risks; however, the primary risk factor associated with these mobile devices is that all of this information can be integrated to precisely identify the user's real-time location.

Consider for example, the recent controversy surrounding i-Free's Girls Around Me app (Mikhaylova, 2012), which led to its removal from the Apple App Store™. The app generated a map displaying the locations of single females in close proximity to the user. The availability of publicly shared personal and location data through the application programming interfaces (API) of Foursquare and Facebook allowed Girls Around Me to collect and display the names, personal photos, and most recent location(s) of single females. The fine line between “social networking app” and “creepy stalker app” was crossed by its “Make contact!” button, which facilitated the user's personal introduction to the female through the push notification feature of the female's Foursquare app.

If examined in isolation, each element that made the Girls Around Me app possible—GPS technology, push notifications, APIs, Internet connectivity, public personal data—has potential for only modest risk. It is unlikely that the creators of any of these technology components visualized the risk synergies possible when combined with other components. Consequently, the privacy risk of an app like Girls Around Me is certainly noteworthy. If such threatening tools can be legally implemented on mobile devices, it is quite likely that many illegal and unethical tools have or will be created.

In the Girls Around Me case, the privacy threat would not exist if consumers did not make their personal and location data publicly available through the Foursquare and Facebook apps that allow users to “check in” by publicly registering their current location for social purposes. With consumers becoming increasingly educated regarding the privacy risks of social media and mobile apps (Jaiswal, 2010), why do so many people continue to publicly share their personal and real time location data (McCarthy, 2010), particularly since mobile devices compound these risks? In essence, this represents the privacy paradox, which refers to the discrepancy between a consumer's stated privacy risk beliefs and their actual behaviors (Norberg et al., 2007). Prior research has examined this question in the context of mobile apps (e.g., Keith et al., 2010, Xu et al., 2010)—primarily through the lens of privacy calculus theory (Dinev and Hart, 2006), which frames information disclosure as a tradeoff of benefits and risks. A core complexity in this research exists in providing methodologies appropriate to study the related phenomena. A major limitation, for example, is that the collected data traditionally only involves intentions to disclose personal data, not the actual disclosures of personal data (e.g., Keith et al., 2010, Xu et al., 2010)—a difficulty documented in related areas of information privacy research (Joinson et al., 2010).

Therefore, in this paper we execute a methodology and analysis approach that involves actual disclosure—particularly involving the decision to register personal information in a new mobile app and the associated privacy settings regarding location data, credit card storage, and access to Facebook data. To accomplish this, we performed a controlled experiment involving a range of mobile device users (n=1025, age=19–70) using mobile device software. We find that a privacy paradox (Acquisti and Grossklags, 2005) exists, in that information disclosure intentions poorly explain actual information disclosure even though it is a statistically significant indicator. In addition, we find that examining actual information disclosure, without understanding the honesty and accuracy of the information provided, may also lead to a misinterpretation of results.

Before introducing our methodology, we explain our chosen information privacy and disclosure context, with the key concepts that we measure. We also briefly note the theoretical basis for the research model that we investigate. We then explain our methodology, data collection approach, and a review of the results. Lastly, we discuss our results in terms of their contributions toward privacy research methodologies, along with the limitations and future research possibilities from our study.

Section snippets

Conceptualizing information privacy and disclosure

In general, information privacy refers to an individual's control over the release of information about themselves (Belanger and Crossler, 2011, Bélanger et al., 2002) including its collection, unauthorized use, improper access, and errors (Smith et al., 1996). Smith et al. (2011) dichotomized the information privacy conceptualizations into those that view it as (1) a desired state (Westin, 1967), in which people can vary along a continuum of anonymity versus intimacy with the goal of obtaining

Design

To understand information disclosure decisions regarding the location data and personal information used by today's mobile applications, we created a mobile app to be evaluated and used by research participants (explained in detail later). To increase the validity of our methodology, it was necessary to create variation in the participants' perception of the level of mobile app risk. In other words, we did not want our participant sample to perceive the app to be either completely risk-free or

Pre-analysis, factorial validity, and reliabilities

Pre-analysis was performed to analyze whether the measures were formative and/or reflective, test the convergent and discriminant validity of the reflective measures, test for multicollinearity, ensure reliabilities, and check for common methods bias (CMB). These analyses are extensively explained in Appendix 1. The results indicated acceptable factorial validity and minimal multicollinearity or CMB based on the standards for IS research (Gefen and Straub, 2005, Liang et al., 2007, Pavlou et

Summary of results

As expected from prior privacy calculus research (Dinev and Hart, 2006, Keith et al., 2010, Xu et al., 2010), Fig. 5 demonstrates that an increase in perceived privacy risk from a new mobile app decreases an individual's intent to disclose information through the app significantly, while perceived benefits increase this intention. In contrast to prior research (Keith et al., 2010, Xu et al., 2010), our results suggest that perceived privacy risks play a larger role than perceived benefits in

Conclusion

While still maintaining a high degree of experimental control and internal validity, this study demonstrates a methodology for gathering realistic perceptions concerning perceived privacy risks. More specifically, our methodology induced an environment in which participants perceived actual risk rather than hypothetical risk resulting in the collection of realistic actual information disclosure decisions. As a result, the increased realism allowed us to generate stronger practical and

References (62)

I. Ajzen
The theory of planned behavior
Organizational Behavior and Human Decision Processes
(1991)
F. Bélanger et al.
Trustworthiness in electronic commerce: the role of privacy, security, and site attributes
Journal of Strategic Information Systems
(2002)
B. Jiang et al.
Location-based services and GIS in perspective
Computers, Environment and Urban Systems
(2006)
C. Paine et al.
Internet users' perceptions of ‘privacy concerns’ and ‘privacy actions’
International Journal of Human–Computer Studies
(2007)
M. Turner et al.
Does the technology acceptance model predict actual use? A systematic literature review
Information and Software Technology
(2010)
J.H. Wu et al.
What drives mobile commerce?: an empirical evaluation of the revised technology acceptance model
Information and Management
(2005)
A. Acquisti et al.
Imagined communities: awareness, information sharing, and privacy on the facebook
Acquisti, A., Grossklags, J., 2003. Losses, Gains, and Hyperbolic Discounting: An Experimental Approach to Information...
A. Acquisti et al.
Privacy attitudes and privacy behavior
A. Acquisti et al.
Privacy and rationality in individual decision making
IEEE Security and Privacy
(2005)

I. Ajzen et al.

Understanding attitudes and predicting social behavior

(1980)

N.F. Awad et al.

The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization

MIS Quarterly

(2006)

Barkhuus, L., 2004. Privacy in Location-based Services: Concern vs. Coolness. In: Proceedings of the Mobile HCI 2004...

G.S. Becker

The Economic Approach to Human Behavior

(1978)

G.S. Becker et al.

A theory of rational addiction

Journal of Political Economy

(1988)

F. Belanger et al.

Privacy in the digital age: a review of information privacy research in information systems

MIS Quarterly

(2011)

P.M. Blau

Exchange and Power in Social Life

(1964)

W.W. Chin et al.

A partial least squares latent variable modeling approach for measuring interaction effects: results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study

Information Systems Research

(2003)

M.J. Culnan et al.

Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation

Organization Science

(1999)

S. Davies

Re-engineering the right to privacy: how privacy has been transformed from a right to a commodity

Decker, M., 2008. Location Privacy—An Overview. In: Proceedings of the 7th International Conference on Mobile Business,...

T. Dinev et al.

An extended privacy calculus model for e-commerce transactions

Information Systems Research

(2006)

C. Fornell et al.

Two structural equation models: Lisrel and PLS applied to consumer exit-voice theory

Journal of Marketing Research

(1982)

M. Friedman et al.

The expected-utility hypothesis and the measurability of utility

Journal of Political Economy

(1952)

D. Gefen et al.

A practical guide to factorial validity using pls-graph: tutorial and annotated example

Communications of the AIS

(2005)

A.K. Ghosh et al.

Software security and privacy risks in mobile e-commerce

Communications of the ACM

(2001)

D. Grewal et al.

The moderating effects of message framing and source credibility on the price-perceived risk relationship

Journal of Consumer Research

(1994)

Jaiswal, J., 2010. Location-aware Mobile Applications, Privacy Concerns and Best Practices,...

Jentzsch, N., Preibusch, S., Harasser, A., 2012. Study on Monetising Privacy: An Economic Model for Pricing Personal...

A.N. Joinson et al.

Privacy, trust, and self-disclosure online

Human–Computer Interaction

(2010)

I. Junglas et al.

Location-based services

Communications of the ACM

(2008)

Cited by (261)

Enhancing recommendation acceptance: Resolving the personalization–privacy paradox in recommender systems: A privacy calculus perspective
2024, International Journal of Information Management
The concept of recommendation acceptance intention (RAI) refers to the willingness of an individual to adopt and use recommender systems. However, contemporary recommender systems, relying solely on accuracy as an evaluation metric have demonstrated subpar performance. The evolving landscape requires the integration of multiple objectives, including relevance, diversity, novelty, and coverage. This study investigates the influence of distinct product organization formats (similar vs. related products) on consumer reactions, aiming to reduce privacy concerns while achieving objectives such as relevance and variety. Grounded in the privacy calculus theory and personalization–privacy paradox framework, this study asserts that organization formats prompt consumers to evaluate a recommender system, considering both privacy risks and personalization benefits. Findings from three experiments and one qualitative study indicate that a related product organization format effectively decreases consumer perceptions of privacy violation while enhancing their perceptions of variety compared to a similar product organization format. This result contributes to RAI and shapes consumer preferences for recommender systems. Moreover, this research distinguishes the mechanisms underlying the influence of organization formats on RAI in the context of different product types, such as durable goods and consumables. This distinction enhances implications for designing recommender systems in e-commerce.
The moderating role of e-lifestyle on disclosure intention in mobile banking: A privacy calculus perspective
2024, Electronic Commerce Research and Applications
Advancements in information and communication technologies (ICT) have transformed the financial industry into “Fintech” and mobile banking. The COVID-19 pandemic has accelerated the adoption of mobile commerce services, with privacy and security concerns arising among consumers. This study adapted the privacy calculus theory to investigate the factors influencing consumers' willingness to provide personal information in mobile banking. It also examines the moderating role of e-lifestyle in the relationship between perceived benefits and risks and the intention to use mobile banking. The results show that perceived benefits outweigh perceived risks, motivating users to provide personal data and use mobile banking. E-lifestyle clusters also moderate consumer attitudes towards mobile banking adoption, with different effects for Mobile Service Enthusiasts and Neutrals. Financial institutions can enhance user trust and adoption by understanding these factors and tailoring mobile banking experiences to users' preferences and lifestyles.
Social trust and algorithmic equity: The societal perspectives of users' intention to interact with algorithm recommendation systems
2024, Decision Support Systems
The use of algorithm recommendation systems (ARS), which collect and analyze users' personal data to generate personalized and tailored recommended items, has become widespread in the era of mobile internet. While related literature has focused on privacy issues and trust toward ARS or recommended items, societal aspects such as social trust (toward people and organizations responsible for an algorithm) and algorithmic equity have been overlooked. Drawing on the theory of social trust, we investigate the psychological mechanism between social trust and users' intention to interact with ARS (e.g., click recommended items and continuously use). Based on a survey of young mobile internet users in China, we show that, first, social trust is positively associated with perceived benefits and perceived algorithmic equity, which are further linked to intention to click recommended items and intention to continuously use ARS (i.e., continuance intention). Second, social trust is negatively related to perceived risks, in turn reducing intention to click. Further, algorithm aversion weakens the negative association between social trust and perceived risk. Our study contributes to the ARS literature from the societal aspect, by validating the importance of social trust, demonstrating the key role of perceived algorithmic equity, and examining the trait of algorithm aversion as a moderator in the formation of algorithm-related perceptions. We also offer key practical suggestions for app developers and policymakers, related to algorithmic equity, transparency, and privacy risk of ARS management and regulation.
Trust in a ‘trust-free’ system: Blockchain acceptance in the banking and finance sector
2024, Technological Forecasting and Social Change
Blockchain is a disruptive technology that revolutionizes traditional business models and revamps relationships between financial transaction counterparties. While the volume of literature on blockchains has been rapidly growing in recent years, research on the relationship between trust and blockchain acceptance at the individual level is underexplored. Our study aims to fill this research gap by investigating the determinants of blockchain acceptance in the banking and finance sector from the affordance theory. We extend UTAUT model with trust-related constructs (trust in technology and trust among communities), advocate a research framework to examine the impact of trust on blockchain acceptance. Quantitative data were collected from 218 employees at Chinese banks, and structural equation modeling was applied to analyze the data. Our empirical analysis revealed that these trust relationships are positively associated with the intention to accept blockchain technology. The results of polynomial regressions and the response surface support the significance of the trust congruence effect. We make a theoretical contribution by extending the UTAUT with two trust relationships in a Fintech context. The results can also be used as a guideline for the practitioners, inspiring them to consider the critical determinants of blockchains acceptance in blockchain implementation.
Does displaying one's IP location influence users' privacy behavior on social media? Evidence from China's Weibo
2024, Telecommunications Policy
Internet protocol (IP) addresses are significant information that can reveal users' locations. However, users may not be aware of it since IP-related information is rarely displayed on social media around the globe. In March 2022, China unexpectedly implemented a regulation that compulsorily displays users' IP locations on a wide range of social media platforms such as Weibo. To explore how users perceive the new function and potential consequences of such policies, this study adopts a qualitative approach by applying privacy calculus theory to examine the factors that influence users’ privacy behavior in this context. The results suggest that users hold different privacy perceptions regarding IP location display. Moreover, the perceived costs for many users outweigh the benefits associated with IP location display, leading them to reduce their self-disclosure and prompting the adoption of privacy management strategies on Weibo.
Balancing the commitment to the common good and the protection of personal privacy: Consumer adoption of sustainable, smart connected cars
2024, Information and Management
Sustainable, smart connected cars (SSCCs) are one of the representative sustainable products that leverage smart technologies (e.g., the internet of things, artificial intelligence, big data). Although many studies have investigated consumers’ purchase decisions regarding sustainable products, little research has addressed SSCCs and the relationship between privacy, disclosure intentions, and purchase intentions in SSCCs. These relationships are important because the use of smart technology products requires large volumes of consumers’ personal information, which can lead to severe privacy issues when adopting SSCCs. Accordingly, consumers’ preferences for features of sustainable products could conflict with their privacy concerns when they disclose personal information. Thus, we investigate the relationship between the several benefits of SSCCs and privacy-related decisions when purchasing SSCCs. We propose an extended privacy trade-off model based on three critical assumptions: two types of privacy trade-offs, bidirectional privacy reduction, and anchoring effects. We also investigate the effects of government subsidies for purchasing SSCCs regarding the relationship between governments, companies, and consumers. To validate our model, we test the effects of interaction between privacy concerns and the benefits of SSCCs on disclosure intentions and purchase intentions. Our repeated tests for the various benefits of SSCCs demonstrate the robustness of the model. Our results indicate that when consumers consider purchasing SSCCs, sustainability plays the role of the common good in trading for privacy concerns. In addition, government subsidies to encourage companies’ sustainable products increase disclosure intentions and purchase intentions. We conclude that the status of sustainability as a common goal among governments, companies, and consumers represents an opportunity to balance the privacy tensions in the sale and purchase of SSCCs.

View all citing articles on Scopus

^☆: This paper has been recommended for acceptance by T. Henderson.

View full text

Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior☆

Highlights

Abstract

Introduction

Section snippets

Conceptualizing information privacy and disclosure

Design

Pre-analysis, factorial validity, and reliabilities

Summary of results

Conclusion

Organizational Behavior and Human Decision Processes

Journal of Strategic Information Systems

Computers, Environment and Urban Systems

International Journal of Human–Computer Studies

Information and Software Technology

Information and Management

Imagined communities: awareness, information sharing, and privacy on the facebook

Privacy attitudes and privacy behavior

Privacy and rationality in individual decision making

IEEE Security and Privacy

Understanding attitudes and predicting social behavior

The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization

MIS Quarterly

The Economic Approach to Human Behavior

A theory of rational addiction

Journal of Political Economy

Privacy in the digital age: a review of information privacy research in information systems

MIS Quarterly

Exchange and Power in Social Life

A partial least squares latent variable modeling approach for measuring interaction effects: results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study

Information Systems Research

Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation

Organization Science

Re-engineering the right to privacy: how privacy has been transformed from a right to a commodity

An extended privacy calculus model for e-commerce transactions

Information Systems Research

Two structural equation models: Lisrel and PLS applied to consumer exit-voice theory

Journal of Marketing Research

The expected-utility hypothesis and the measurability of utility

Journal of Political Economy

A practical guide to factorial validity using pls-graph: tutorial and annotated example

Communications of the AIS

Software security and privacy risks in mobile e-commerce

Communications of the ACM

The moderating effects of message framing and source credibility on the price-perceived risk relationship

Journal of Consumer Research

Privacy, trust, and self-disclosure online

Human–Computer Interaction

Location-based services

Communications of the ACM