Patrick Gage Kelley
Lorrie Faith Cranor
Norman Sadeh
ABSTRACT
Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have only the Android permissions display, which appears after they have selected an app to download, to help them understand how applications access their information. We investigate how permissions and privacy could play a more active role in app-selection decisions. We designed a short "Privacy Facts' display, which we tested in a 20-participant lab study and a 366-participant online experiment. We found that by bringing privacy information to the user when they were making the decision and by presenting it in a clearer fashion, we could assist users in choosing applications that request fewer permissions.
- Au, K., Zhou, Y., Huang, Z., Gill, P., and Lie, D. Short paper: a look at smartphone permission models. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (SPSM '11) (2011). Google Scholar
Digital Library
- Barrera, B., Kayacik, H., van Oorschot, P., and Somayaji, A. A methodology for empirical analysis of permission-based security models and its application to android. In In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10) (2010). Google ScholarDigital Library
- Barrera, D., Clark, J., McCarney, D., and van Oorschot, P. C. Understanding and improving app installation security mechanisms through empirical analysis of android. In 2nd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012). Google ScholarDigital Library
- Egelman, S., Tsai, J., Cranor, L., and Acquisti, A. Timing is everything?: the effects of timing and placement of online privacy indicators. In Proceedings of the 27th international conference on Human factors in computing systems, ACM (2009), 319--328. Google ScholarDigital Library
- Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., and Sheth, A. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In In Proceedings of the 9th USENIX conference on Operating systems design and implementation (OSDI'10) (2010). Google ScholarDigital Library
- Felt, A., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In In Proceedings of the 18th ACM conference on Computer and communications security (CCS '11) (2011). Google ScholarDigital Library
- Felt, A. P., Egelman, S., Finifter, M., Akhawe, D., and Wagner, D. How to ask for permission. In USENIX Workshop on Hot Topics in Security (HotSec) 2012 (2012). Google ScholarDigital Library
- Felt, A. P., Egelman, S., and Wagner, D. I've got 99 problems, but vibration ain't one: A survey of smartphone users' concerns. In 2nd Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (2012). Google ScholarDigital Library
- Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android permissions: User attention, comprehension, and behavior. In Symposium on Usable Privacy and Security (SOUPS) 2012 (2012). Google ScholarDigital Library
- Good, N., Dhamija, R., Grossklags, J., Thaw, D., Aronowitz, S., Mulligan, D., and Konstan, J. Stopping spyware at the gate: A user study of privacy, notice and spyware. In In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS 05) (2005). Google ScholarDigital Library
- Juniper Networks. Mobile malware development continues to rise, android leads the way, 2011. http://globalthreatcenter.com/?p=2492.Google Scholar
- Kelley, P., Consolvo, S., Cranor, L., Jung, J., Sadeh, N., and Wetherall, D. A conundrum of permissions: Installing applications on an android smartphone. In Financial Cryptography and Data Security, vol. 7398. 2012, 68--79. Google ScholarDigital Library
- Kelley, P. G., Bresee, J., Cranor, L. F., and Reeder, R. W. A "Nutrition Label" for Privacy. In Proceedings of the 2009 Symposium On Usable Privacy and Security (SOUPS) (2009). Google ScholarDigital Library
- King, J. "How come i'm allowing strangers to go through my phone?" Smartphones and privacy expectations, 2013. http://jenking.net/mobile/.Google Scholar
- Kleimann Communication Group Inc. Evolution of a prototype financial privacy notice., February 2006. http://www.ftc.gov/privacy/privacyinitiatives/ftcfinalreport060228.pdf.Google Scholar
- Labs, M. Mcafee threats report: Third quarter 2011, 2011. http://www.mcafee.com/us/resources/reports/rpquarterly-threat-q3-2011.pdf.Google Scholar
- Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J. I., and Zhang, J. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. UbiComp '12, ACM (2012), 501--510. Google ScholarDigital Library
- Lockheimer, H. Android and security, 2012. http://googlemobile.blogspot.com/2012/02/android-and-security.html.Google Scholar
- Lunden, I. Google play about to pass 15 billion app downloads? pssht! it did that weeks ago, 2012. http://techcrunch.com/2012/05/07/google-play-about-to-pass15-billion-downloads-pssht-it-did-that-weeks-ago/.Google Scholar
- Namestnikov, Y. It threat evolution: Q3 2011, 2011. http://www.securelist.com/en/analysis/204792201/IT_Threat_Evolution_Q3_2011.Google Scholar
- Rashid, F. Y. Black hat: Researchers find way to "bounce" malware into google app store, 2012. http://www.scmagazine.com/blackhat-researchers-find-way-to-bounce-malware-intogoogle-app-store/article/252098/.Google Scholar
- Smetters, D., and Good, N. How users use access control. In In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS 09) (2009). Google ScholarDigital Library
- Staddon, J., Huffaker, D., Brown, L., and Sedley, A. Are privacy concerns a turn-off? engagement and privacy in social networks. In Symposium on Usable Privacy and Security (SOUPS) (2012). Google ScholarDigital Library
- Stevens, G., and Wulf, V. Computer-supported access control. ACM Trans. Comput.-Hum. Interact. 16, 3 (Sept. 2009), 12:1--12:26. Google ScholarDigital Library
- Vidas, T., Christin, N., and Cranor, L. F. Curbing android permission creep. In W2SP 2011 (2011).Google Scholar
Index Terms
- Privacy as part of the app decision-making process
Recommendations
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and ServicesPreventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...
Notify Assist: Balancing Privacy and Convenience in Delivery of Notifications on Android Smartphones
WPES '17: Proceedings of the 2017 on Workshop on Privacy in the Electronic SocietyToday, notifications have become a popular medium for mobile applications to inform users about a variety of events. Android supports lock screen notifications to aid the convenience of users in viewing notification content. To address privacy concerns, ...
Comments