skip to main content
10.1145/2702123.2702210acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article

Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging

Published: 18 April 2015 Publication History

Abstract

Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps. Our study provides both qualitative and quantitative evidence that these approaches are complementary and can each play a significant role in empowering users to more effectively control their privacy. For instance, even after a week with access to the permission manager, participants benefited from nudges showing them how often some of their sensitive data was being accessed by apps, with 95% of participants reassessing their permissions, and 58% of them further restricting some of their permissions. We discuss how participants interacted both with the permission manager and the privacy nudges, analyze the effectiveness of both solutions, and derive some recommendations.

References

[1]
Apple denies Chinese report that location data are a security risk. http://on.ft.com/VXpZKR. Published: 2014-6-12, Accessed: 2014-9-14.
[2]
Acquisti, A. Nudging privacy: The behavioral economics of personal information. IEEE Security & Privacy 7, 6 (2009), 82--85.
[3]
Acquisti, A., and Grossklags, J. Privacy and rationality in individual decision making. IEEE Security & Privacy 3, 1 (2005), 26--33.
[4]
Adjerid, I., Acquisti, A., Brandimarte, L., and Loewenstein, G. Sleights of privacy: Framing, disclosures, and the limits of transparency. In Proc. SOUPS (2013).
[5]
Agarwal, Y., and Hall, M. ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing. In Proc. MobiSys (2013).
[6]
Balebako, R., Jung, J., Lu, W., Cranor, L. F., and Nguyen, C. Little brothers watching you: Raising awareness of data leaks on smartphones. In Proc. SOUPS (2013).
[7]
Balebako, R., Leon, P. G., Almuhimedi, H., Kelley, P. G., Mugan, J., Acquisti, A., Cranor, L. F., and Sadeh, N. Nudging users towards privacy on mobile devices. In Proc. CHI-PINC (2011).
[8]
Choe, E. K., Jung, J., Lee, B., and Fisher, K. Nudging people away from privacy-invasive mobile apps through visual framing. In Proc. INTERACT (2013).
[9]
EFF. Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental. http://goo.gl/emMQPa. Published: 2013-12-12, Accessed: 2014-9-14.
[10]
Egele, M., Kruegely, C., Kirdaz, E., and Vigna, G. PiOS: Detecting privacy leaks in iOS applications. In Proc. NDSS (2011).
[11]
Egelman, S., Felt, A., and Wagner, D. Choice architecture and smartphone privacy: There's a price for that. In Economics of Info. Sec. & Priv. Springer, 2013.
[12]
Enck, W., Gilbert, P., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. Taintdroid: An information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM 57, 3 (2014), 99--106.
[13]
Felt, A. P., Egelman, S., and Wagner, D. I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns. In Proc. SPSM (2012).
[14]
Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., and Wagner, D. Android permissions: User attention, comprehension, and behavior. In Proc. SOUPS (2012).
[15]
Fisher, D., Dorner, L., and Wagner, D. Location privacy: user behavior in the field.
[16]
Fu, H., Yang, Y., Shingte, N., Lindqvist, J., and Gruteser, M. A field study of run-time location access disclosures on android smartphones. Proc. USEC (2014).
[17]
Gates, C., Chen, J., Li, N., and Proctor, R. Effective risk communication for android apps. IEEE Trans. Depend. Secure Comp. 11, 3 (May 2014), 252--265.
[18]
Harbach, M., Hettig, M., Weber, S., and Smith, M. Using personal examples to improve risk communication for security & privacy decisions. In Proc. CHI (2014).
[19]
Hornyack, P., Han, S., Jung, J., Schechter, S., and Wetherall, D. These aren't the droids you're looking for: Retrofitting android to protect data from imperious applications. In Proc. CCS (2011).
[20]
Jensen, C., and Potts, C. Privacy policies as decision-making tools: an evaluation of online privacy notices. In Proc. CHI (2004).
[21]
Jeon, J., Micinski, K., Vaughan, J., Reddy, N., Zhu, Y., Foster, J., and Millstein, T. Dr. Android and Mr. Hide: Fine-grained Security Policies on Unmodified Android. Tech. rep., University of Maryland, 2011.
[22]
Jung, J., Han, S., and Wetherall, D. Enhancing mobile application permissions with runtime feedback and constraints. In Proc. SPSM (2012).
[23]
Keller, P. A., Harlam, B., Loewenstein, G., and Volpp, K. G. Enhanced active choice: A new method to motivate behavior change. J. Consum. Psychol. 21, 4 (2011), 376--383.
[24]
Kelley, P. G., Bresee, J., Cranor, L. F., and Reeder, R. W. A nutrition label for privacy. In Proc. SOUPS (2009).
[25]
Kelley, P. G., Cranor, L. F., and Sadeh, N. Privacy as part of the app decision-making process. In Proc. CHI (2013).
[26]
Lin, J., Amini, S., Hong, J. I., Sadeh, N., Lindqvist, J., and Zhang, J. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. In Proc. UbiComp (2012).
[27]
Lin, J., Liu, B., Sadeh, N., and Hong, J. I. Modeling users' mobile app privacy preferences: Restoring usability in a sea of permission settings. In Proc. SOUPS (2014).
[28]
Liu, B., Lin, J., and Sadeh, N. Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help? In Proc. WWW (2014), 201--212.
[29]
Nauman, M., Khan, S., and Zhang, X. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proc. CCS (2010).
[30]
Shklovski, I., Mainwaring, S. D., Skúladóttir, H. H., and Borgthorsson, H. Leakiness and creepiness in app space: Perceptions of privacy and mobile app use. In Proc. CHI (2014).
[31]
Spiekermann, S., Grossklags, J., and Berendt, B. E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In Proc. EC (2001).
[32]
Thaler, R. H., and Sunstein, C. R. Nudge: Improving decisions about health, wealth, and happiness. Yale University Press, 2008.
[33]
Wall Street Journal. Apple Bows to iPhone Privacy Pressures. http://on.wsj.com/160kjhv. Published: 2012-2-16, Accessed: 2014-9-14.
[34]
Wang, Y., Leon, P. G., Acquisti, A., Cranor, L. F., Forget, A., and Sadeh, N. A field trial of privacy nudges for facebook. In Proc. CHI (2014).

Cited By

View all
  • (2025)A systematic review on design-based nudges for adolescent online safetyInternational Journal of Child-Computer Interaction10.1016/j.ijcci.2024.10070243(100702)Online publication date: Mar-2025
  • (2025)Information Privacy AwarenessEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1484(1228-1230)Online publication date: 8-Jan-2025
  • (2024)"I do (not) need that feature!"Proceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696923(453-472)Online publication date: 12-Aug-2024
  • Show More Cited By

Index Terms

  1. Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems
    April 2015
    4290 pages
    ISBN:9781450331456
    DOI:10.1145/2702123
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 18 April 2015

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. mobile
    2. privacy
    3. privacy decision making
    4. privacy nudges

    Qualifiers

    • Research-article

    Funding Sources

    Conference

    CHI '15
    Sponsor:
    CHI '15: CHI Conference on Human Factors in Computing Systems
    April 18 - 23, 2015
    Seoul, Republic of Korea

    Acceptance Rates

    CHI '15 Paper Acceptance Rate 486 of 2,120 submissions, 23%;
    Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

    Upcoming Conference

    CHI 2025
    ACM CHI Conference on Human Factors in Computing Systems
    April 26 - May 1, 2025
    Yokohama , Japan

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)396
    • Downloads (Last 6 weeks)47
    Reflects downloads up to 10 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)A systematic review on design-based nudges for adolescent online safetyInternational Journal of Child-Computer Interaction10.1016/j.ijcci.2024.10070243(100702)Online publication date: Mar-2025
    • (2025)Information Privacy AwarenessEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1484(1228-1230)Online publication date: 8-Jan-2025
    • (2024)"I do (not) need that feature!"Proceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696923(453-472)Online publication date: 12-Aug-2024
    • (2024)"I would not install an app with this label"Proceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696921(413-432)Online publication date: 12-Aug-2024
    • (2024)Exploring expandable-grid designs to make iOS app privacy labels more usableProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696907(139-157)Online publication date: 12-Aug-2024
    • (2024)IMPROVING SECURITY OF IOT DEVICE COMMUNICATION USING MODIFIED HASHING SOLUTIONShodhKosh: Journal of Visual and Performing Arts10.29121/shodhkosh.v5.i5.2024.18855:5Online publication date: 31-May-2024
    • (2024)IMPLEMENTING TOKEN-BASED AUTHENTICATION AND MODIFIED HASHING FOR IOT SECURITYShodhKosh: Journal of Visual and Performing Arts10.29121/shodhkosh.v5.i1.2024.18805:1Online publication date: 31-Jan-2024
    • (2024)Scoping review of data privacy risks in COVID-19 apps with digital vaccination certificationsDIGITAL HEALTH10.1177/2055207624123917110Online publication date: 18-Mar-2024
    • (2024)The Impact of Data Privacy on Users' Smartphone App Adoption DecisionsProceedings of the ACM on Human-Computer Interaction10.1145/36765258:MHCI(1-23)Online publication date: 24-Sep-2024
    • (2024)Privacy Slider: Fine-Grain Privacy Control for SmartphonesProceedings of the ACM on Human-Computer Interaction10.1145/36765198:MHCI(1-31)Online publication date: 24-Sep-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media