ABSTRACT
Albeit offering many benefits, smartphones can pose a severe privacy threat to users. While some users might simply be not aware of privacy issues, others are highly motivated to protect their data, but lack the ability and knowledge to do so. We developed an Android-based application called "FoxIT", which provides users with several education modules as well as a static smartphone and app permission analysis to increase both, privacy awareness and knowledge of mobile users. We conducted a first evaluation of FoxIT in a two-week field study with 31 users and were able to show that use of FoxIT not only leads to increased privacy awareness, but also improves knowledge about privacy related topics. Participants also reported to have improved the privacy conditions on their smartphone, actively informed themselves about privacy related topics, and prompted others to protect their data after using FoxIT. Our results indicate that it might be a promising approach to improve mobile users' privacy behavior by raising awareness and providing background information about privacy related topics.
- {n. d.}. Badgeville: Game mechanics (http://badgeville.com/wiki/Game_Mechanics). ({n. d.}).Google Scholar
- 2010. What they know- Mobile (http://blogs.wsj.com/wtk-mobile/). (2010).Google Scholar
- Mark S Ackerman, Lorrie Faith Cranor, and Joseph Reagle. 1999. Privacy in e-commerce: examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on Electronic commerce. ACM, 1--8. Google ScholarDigital Library
- Alessandro Acquisti and Ralph Gross. 2006. Imagined communities: Awareness, information sharing, and privacy on the Facebook. In International Workshop on Privacy Enhancing Technologies. Springer, 36--58. Google ScholarDigital Library
- Paarijaat Aditya, Bobby Bhattacharjee, Peter Druschel, Viktor Erdélyi, and Matthew Lentz. 2014. Brave New World : Privacy Risks for Mobile Users. SPME '14 Proceedings of the ACM MobiCom workshop on Security and privacy in mobile environments (2014), 7--12. http://dl.acm.org/citation.cfm?id=2646585 Google ScholarDigital Library
- Yuvraj Agarwal and Malcolm Hall. 2013. ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing. In Proceeding of the 11th annual international conference on Mobile systems, applications, and services. ACM, 97--110. Google ScholarDigital Library
- Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems - CHI '15. ACM Press, New York, New York, USA, 787--796. Google ScholarDigital Library
- Don Alsafi, Julia Bernd, Serge Egelman, Gerald Friedland, Dan Garcia, Lara McConnaughey, Irwin Reyes, and Ketrina Yim. {n. d.}. Teaching Privacy (https://dhttp://www.teachingprivacy.org). ({n. d.}).Google Scholar
- Young Min Baek. 2014. Solving the privacy paradox: A counter-argument experimental approach. Computers in Human Behavior 38 (2014), 33--42. Google ScholarDigital Library
- R Balebako and L Cranor. 2014. Improving App Privacy: Nudging App Developers to Protect User Privacy. IEEE Security Privacy 12, 4 (2014), 55--58.Google ScholarCross Ref
- Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. "Little Brothers Watching You": Raising Awareness of Data Leaks on Smartphones. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, 12:1. Google ScholarDigital Library
- Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason I Hong, and Lorrie Faith Cranor. 2014. The privacy and security behaviors of smartphone app developers. In Proceedings of Workshop on Usable Security (USEC).Google ScholarCross Ref
- Rebecca Balebako, Florian Schaub, Idris Adjerid, Alessandro Acquisti, and Lorrie Cranor. 2015. The Impact of Timing on the Salience of Smartphone App Privacy Notices. Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices - SPSM '15 (2015), 63--74. Google ScholarDigital Library
- David Barrera, H Güne \ cs Kayacik, Paul C van Oorschot, and Anil Somayaji. 2010. A Methodology for Empirical Analysis of Permission-based Security Models and Its Application to Android. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS '10). ACM, New York, NY, USA, 73--84. Google ScholarDigital Library
- BreakAwayGames. 2013. Vital Signs. (2013). http://www.breakawaygames.com/vitalsigns/Google Scholar
- BreakAwayGames. 2015. Virtual Dental Implant Trainer. (2015). http://www.breakawaygames.com/Google Scholar
- Eun Kyoung Choe, Jaeyeon Jung, Bongshin Lee, and Kristie Fisher. 2013. Nudging people away from privacy-invasive mobile apps through visual framing. In IFIP Conference on Human-Computer Interaction. Springer, 74--91.Google ScholarCross Ref
- ChronicLogic. 2006. Bridge Builder. (2006). http://www.bridgebuilder-game.com/Google Scholar
- Drew Davidson, Matt Fredrikson, and Benjamin Livshits. 2014. MoRePriv: mobile OS support for application personalization and privacy. ACSAC '14 Proceedings of the 30th Annual Computer Security Applications Conference (2014), 236--245. http://dl.acm.org/citation.cfm?id=2664243.2664266 Google ScholarDigital Library
- André Deuker. 2010. Addressing the Privacy Paradox by Expanded Privacy Awareness - The Example of Context-Aware Services. In Privacy and Identity Management for Life, Michele Bezzi, Penny Duquenoy, Simone Fischer-Hübner, Ge Zhang, and Marit Hansen (Eds.). Springer, 275--283.Google Scholar
- Android Developers. 2017. Requesting Permissions. (2017). https://developer.android.com/guide/topics/permissions/requesting.html#normal-dangerousGoogle Scholar
- William Enck, Peter Gilbert, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2010. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (OSDI'10). USENIX Association, Berkeley, CA, USA, 393--407. http://dl.acm.org/citation.cfm?id=1924943.1924971 Google ScholarDigital Library
- Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security. ACM, 627--638. Google ScholarDigital Library
- Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner. 2012. How to Ask for Permission. In Presented as part of the 7th USENIX Workshop on Hot Topics in Security. USENIX, Bellevue, WA. https://www.usenix.org/conference/hotsec12/workshop-program/presentation/Felt Google ScholarDigital Library
- Adrienne Porter Felt, Serge Egelman, and David Wagner. 2012. I've Got 99 Problems, but Vibration Ain't One: A Survey of Smartphone Users' Concerns. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '12). ACM, New York, NY, USA, 33--44. Google ScholarDigital Library
- Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android Permissions: User Attention, Comprehension, and Behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12). ACM, New York, NY, USA, 3:1--3:14. Google ScholarDigital Library
- Simone Fischer-Hübner and Hans Hedbom. 2008. Benefits of privacy-enhancing identity management. Asia Pacific Business Review 4, 4 (2008), 3--13.Google ScholarCross Ref
- Drew Fisher, Leah Dorner, and David Wagner. 2012. Short Paper: Location Privacy: User Behavior in the Field. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM '12). ACM, New York, NY, USA, 51--56. Google ScholarDigital Library
- Huiqing Fu, Yulong Yang, Nileema Shingte, Janne Lindqvist, and Marco Gruteser. 2014. A field study of run-time location access disclosures on android smartphones. Proc. USEC 14 (2014).Google ScholarCross Ref
- James Paul Gee. 2003. What video games have to teach us about learning and literacy. Computers in Entertainment (CIE) 1, 1 (2003), 20--20. Google ScholarDigital Library
- Paul Gerber, Melanie Volkamer, and Karen Renaud. 2016. The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions. Journal of Information Security and Applications (nov 2016).Google Scholar
- Google. {n. d.}. System permissions (https://developer.android.com/guide/topics/permissions/requesting.html#normal-dangerous). ({n. d.}).Google Scholar
- Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using personal examples to improve risk communication for security & privacy decisions. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems. ACM, 2647--2656. Google ScholarDigital Library
- Peter Hornyack, Seungyeop Han, Jaeyeon Jung, Stuart Schechter, and David Wetherall. 2011. These Aren'T the Droids You'Re Looking for: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS '11). ACM, New York, NY, USA, 639--652. Google ScholarDigital Library
- Shubham Jain and Janne Lindqvist. 2014. Should I protect you? Understanding developers' behavior to privacy-preserving APIs. In Workshop on Usable Security (USEC' 14).Google ScholarCross Ref
- Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. "My data just goes everywhere:" user mental models of the internet and implications for privacy and security. In Symposium on Usable Privacy and Security (SOUPS). 39--52. Google ScholarDigital Library
- M Kankaanranta and P Neittaanmäki. 2009. Design and Use of Serious Games, Intelligent Systems Control and Automation. Science and Engineering 37 (2009). Google ScholarDigital Library
- Patrick Gage Kelley, Sunny Consolvo, Lorrie Faith Cranor, Jaeyeon Jung, Norman Sadeh, and David Wetherall. 2012. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In Proceedings of the 16th International Conference on Financial Cryptography and Data Security (FC '12). Springer-Verlag, Berlin, Heidelberg, 68--79. Google ScholarDigital Library
- Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy As Part of the App Decision-making Process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). ACM, New York, NY, USA, 3393--3402. Google ScholarDigital Library
- Bart P Knijnenburg. 2017. Privacy? I Can't Even! Making a Case for User-Tailored Privacy. IEEE Security & Privacy 15, 4 (2017), 62--67.Google ScholarDigital Library
- Lydia Kraus, Ina Wechsung, and Sebastian Möller. 2014. Using statistical information to communicate android permission risks to users. In Socio-Technical Aspects in Security and Trust (STAST), 2014 Workshop on. IEEE, 48--55. Google ScholarDigital Library
- Hui Liang and Min Yong Shi. 2013. Design and Implement a Computer Network Security Education Game on iOS for University Students. Applied Mechanics and Materials 373--375 (2013), 1815--1820.Google Scholar
- Ilaria Liccardi, Joseph Pato, and Daniel J Weitzner. 2014. Improving user choice through better mobile apps transparency and permissions analysis. Journal of Privacy and Confidentiality 5, 2 (2014), 1--55.Google ScholarCross Ref
- Ilaria Liccardi, Joseph Pato, Daniel J Weitzner, Hal Abelson, and David De Roure. 2014. No technical understanding required: Helping users make informed choices about access to their personal data. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 140--150. Google ScholarDigital Library
- Jialiu Lin, Shahriyar Amini, Jason I Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang. 2012. Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy Through Crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp '12). ACM, New York, NY, USA, 501--510. Google ScholarDigital Library
- Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I. Hong. 2014. Modeling users' mobile app privacy preferences: Restoring usability in a sea of permission settings. In Symposium on Usable Privacy and Security (SOUPS), Vol. 40. 199--212. Google ScholarDigital Library
- Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, S A Zhang, Norman Sadeh, Y Agarwal, and A Acquisti. 2016. Follow my recommendations: A personalized privacy assistant for mobile app permissions. In Symposium on Usable Privacy and Security. 27--41. Google ScholarDigital Library
- Mary Madden, Lee Rainie, Kathryn Zickuhr, Maeve Duggan, and Aaron Smith. 2014. Public Perceptions of Privacy and Security in the Post-Snowden Era. Pew Research Center (2014), 3--57. https://doi.org/202.419.4372Google Scholar
- Delfina Malandrino, Andrea Petta, Vittorio Scarano, Luigi Serra, Raffaele Spinelli, and Balachander Krishnamurthy. 2013. Privacy awareness about information leakage. Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society - WPES '13 (2013), 279--284. Google ScholarDigital Library
- Naresh K Malhotra, Sung S Kim, and James Agarwal. 2004. Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research 15, 4 (2004), 336--355. Google ScholarDigital Library
- Microsoft. 2012. Visual Studio Achievements Program. (2012). https://blogs.technet.microsoft.com/microsoftGoogle Scholar
- George R Milne, Andrew J Rohm, and Shalini Bahl. 2004. Consumers' protection of online privacy and identity. Journal of Consumer Affairs 38, 2 (2004), 217--232.Google ScholarCross Ref
- Curtiss Murphy. 2012. Why Games Work and the Science of Learning. In Selected Papers Presented at MODSIM World 2011 Conference and Expo. 383--392.Google Scholar
- Nintendo. 2010. Fluidity. (2010). https://www.nintendo.com/games/detail/r1QM8ZnIi2Gku-gAVPoAq3Rc-iL0t4hMGoogle Scholar
- P. A. Norberg, D. R. Horne, and D. A Horne. 2007. The Privacy Paradox : Personal Information Disclosure Intentions vers us Behaviors. The Journal of Consumer Affairs 41, 1 (2007), 100--126.Google ScholarCross Ref
- Yong Jin Park and S Mo Jang. 2014. Understanding Privacy Knowledge and Skill in Mobile Communication. Comput. Hum. Behav. 38 (sep 2014), 296--303. Google ScholarDigital Library
- Anand Paturi, Patrick Gage Kelley, and Subhasish Mazumdar. 2015. Introducing privacy threats from ad libraries to android users through privacy granules. Proc. USEC'15 (2015).Google ScholarCross Ref
- Maija E Poikela and Felix Kaiser. 2016. "It Is a Topic That Confuses Me"-Privacy Perceptions in Usage of Location-Based Applications. In European Workshop on Usable Security (EuroUSEC).Google ScholarCross Ref
- Stefanie Pötzsch. 2009. Privacy Awareness: A Means to Solve the Privacy Paradox? In The Future of Identity in the Information Society, V. Matyáš, S. Fischer-Hübner, D. Cvrček, and P. Švenda (Eds.). Vol. 298. Springer, Berlin, Heidelberg, 226--236.Google Scholar
- Lee Rainie, Sara Kiesler, Ruogu Kang, and Mary Madden. 2013. Anonymity, Privacy, and Security Online. Pew Research Center (2013), 1--35. http://www.pewinternet.org/Reports/2013/Anonymity-online.aspxGoogle Scholar
- Andreas Josef Rieb, Marko Hofmann, Alexander Laux, Steffi Rudel, and Ulrike Lechner. 2017. Wie IT-Security Matchplays als Awarenessmaßnahme die IT-Sicherheit verbessern können. (2017).Google Scholar
- Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, 1--17. Google ScholarDigital Library
- Florian Schaub, Aditya Marella, Pranshu Kalvani, Blase Ur, Chao Pan, Emily Forney, and Lorrie Faith Cranor. 2016. Watching Them Watching Me: Browser Extensions' Impact on User Privacy Awareness and Concern. In Proc. USEC.Google ScholarCross Ref
- Fuming Shih, Ilaria Liccardi, and Daniel Weitzner. 2015. Privacy Tipping Points in Smartphones Privacy Preferences. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, New York, NY, USA, 807--816. Google ScholarDigital Library
- Irina Shklovski, Scott D. Mainwaring, Halla Hrund Skúladóttir, and Höskuldur Borgthorsson. 2014. Leakiness and creepiness in app space:Perceptions of privacy and mobile app use. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems - CHI '14. ACM Press, New York, New York, USA, 2347--2356. Google ScholarDigital Library
- Simon Stockhardt, Benjamin Reinheimer, Melanie Volkamer, Peter Mayer, Alexandra Kunz, Philipp Rack, and Daniel Lehmann. 2016. Teaching Phishing-Security: Which Way is Best?. In 31st International Conference on ICT Systems Security and Privacy Protection - IFIP SEC 2016. Springer, 135--149.Google ScholarCross Ref
- Symantec. 2015. State of privacy report 2015. Technical Report. 25 pages. https://goo.gl/7IRmu4Google Scholar
- Joshua Tan, Khanh Nguyen, Michael Theodorides, Heidi Negrón-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. 2014. The Effect of Developer-specified Explanations for Permission Requests on Smartphone User Behavior. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '14). ACM, New York, NY, USA, 91--100. Google ScholarDigital Library
- Zouheir Trabelsi, Mohammed Al Matrooshi, and Saeed Al Bairaq. 2016. A Smartphone App for Enhancing Students' Hands-on Learning on Network and DoS Attacks Traffic Generation. In Proceedings of the 17th Annual Conference on Information Technology Education (SIGITE '16). ACM, New York, NY, USA, 48--53. Google ScholarDigital Library
- Timothy Vidas, Nicolas Christin, and Lorrie Cranor. 2011. Curbing android permission creep. In Proceedings of the Web, Vol. 2. 1--5.Google Scholar
- Na Wang, Bo Zhang, Bin Liu, and Hongxia Jin. 2015. Investigating Effects of Control and Ads Awareness on Android Users' Privacy Behaviors and Perceptions. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services - MobileHCI '15. ACM Press, New York, New York, USA, 373--382. Google ScholarDigital Library
- Takuya Watanabe, Mitsuaki Akiyama, Tetsuya Sakai, Hironori Washizaki, and Tatsuya Mori. 2015. Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, 241--255. Google ScholarDigital Library
- Pamela J Wisniewski, Bart P Knijnenburg, and Heather R Lipford. 2017. Making privacy personal: Profiling social network users to inform privacy education and nudging. International Journal of Human-Computer Studies 98 (2017), 95--108. Google ScholarDigital Library
- Heng Xu, Robert E. Crossler, and France Bélanger. 2012. A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers. Decision Support Systems 54, 1 (dec 2012), 424--433. Google ScholarDigital Library
- Bo Zhang and Heng Xu. 2016. Privacy Nudges for Mobile Applications: Effects on the Creepiness Emotion and Privacy Attitudes. In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing (CSCW '16). ACM, New York, NY, USA, 1676--1690. Google ScholarDigital Library
- Yajin Zhou, Xinwen Zhang, Xuxian Jiang, and Vincent W Freeh. 2011. Taming Information-stealing Smartphone Applications (on Android). In Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST'11). Springer-Verlag, Berlin, Heidelberg, 93--107. http://dl.acm.org/citation.cfm?id=2022245.2022255 Google ScholarDigital Library
- Michael Zyda. 2005. From visual simulation to virtual reality to games. Computer 38, 9 (2005), 25--32. Google ScholarDigital Library
Index Terms
- FoxIT: enhancing mobile users' privacy behavior by increasing knowledge and awareness
Recommendations
CO-oPS: A Mobile App for Community Oversight of Privacy and Security
CSCW'22 Companion: Companion Publication of the 2022 Conference on Computer Supported Cooperative Work and Social ComputingSmartphone users install numerous mobile apps that require access to different information from their devices. Much of this information is very sensitive, and users often struggle to manage these accesses due to their lack of tech expertise and ...
RFID and privacy: what consumers really want and fear
This article investigates the conflicting area of user benefits arising through item level radio frequency identification (RFID) tagging and a desire for privacy. It distinguishes between three approaches feasible to address consumer privacy concerns. ...
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and ServicesIt is well known that apps running on mobile devices extensively track and leak users' personally identifiable information (PII); however, these users have little visibility into PII leaked through the network traffic generated by their devices, and ...
Comments