Brian Krupp
Emily Timko
ABSTRACT
Smartphones contain intimate details of users that are inferred from collected data or explicitly stored on the device. These details include daily travel patterns including most frequently visited locations, private photos, addresses and birthdays of their contacts, and more. Consumers have a general awareness that services they use without a financial payment are paid for in part by advertisements. Additionally, they have a general awareness that these services collect detailed information while they use the service. In iOS, applications must provide a detailed description in how they will use data that requires permission from the user. However, the provided description often only tells part of the story. Behind the scenes, consumers are unable to see how applications share information or which part of data the application utilizes. Additionally, consumers are unable to see how often applications communicate with advertisement services and if they share data gathered through permissions from the application. In this paper we created EMPAware, a system that provides users an enhanced awareness in how applications use their data. Users are able to view in real-time through a web portal how applications use their data and how they communicate with advertisement servers. Using EMPAware, we performed a study measuring the impact that an enhanced awareness has on the perception of mobile privacy with 32 participants. From this study, users became more concerned with privacy where 79% believe applications misuse data and 89% believe they have little control of their data. EMPAware demonstrates that when users have a better understanding in how applications use their data, they become more concerned with the privacy.
- 2018. Several Popular Apps Share Data With Facebook Without User Consent. https://www.ft.com/content/62f74704-0abf-11e9--9fe8-acdb36967cfcGoogle Scholar
- 2018. These Academics Spent the Last Year Testing Whether Your Phone Is Secretly Listening to You. https://gizmodo.com/these-academics-spent-the-last-year-testing-whether-you-1826961188Google Scholar
- 2019. 18,000 Android Apps Track Users by Violating Advertising ID Policies. https://www.bleepingcomputer.com/news/security/18-000-android-apps-track-users-by-violating-advertising-id-policies/Google Scholar
- 2019. Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. https://pewrsr.ch/38l7HeMGoogle Scholar
- 2019. Permission-greedy apps delayed Android 6 upgrade so they could harvest more user data. https://zd.net/2Lp3ygEGoogle Scholar
- 2019. Popular Weather App Collects Too Much User Data, Security Experts Say. https://on.wsj.com/2XgNDnfGoogle Scholar
- 2019. 'Privacy matters' in Apple's latest iPhone ad. https://www.theverge.com/2019/3/14/18266276/apple-iphone-ad-privacy-facetime-bugGoogle Scholar
- 2019. Twelve Million Phones, One Dataset, Zero Privacy. https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html?action=click&module=Opinion&pgtype=HomepageGoogle Scholar
- 2020. Age Distribution of Undergraduate Students by Type of Institution. https://www.hamiltonproject.org/charts/age_distribution_of_undergraduate_students_by_type_of_institutionGoogle Scholar
- 2020. EasyList. https://easylist.toGoogle Scholar
- Hala Assal, Stephanie Hurtado, Ahsan Imran, and Sonia Chiasson. 2015. What's the Deal with Privacy Apps? A Comprehensive Exploration of User Perception and Usability(MUM '15). Association for Computing Machinery, New York, NY, USA, 25--36. https://doi.org/10.1145/2836041.2836044Google Scholar
- Hala Assal, Stephanie Hurtado, Ahsan Imran, and Sonia Chiasson. 2015. What's the Deal with Privacy Apps? A Comprehensive Exploration of User Perception and Usability(MUM '15). Association for Computing Machinery, New York, NY, USA, 25--36. https://doi.org/10.1145/2836041.2836044Google Scholar
- Erika Chin, Adrienne Porter Felt, Vyas Sekar, and David Wagner. 2012. Measuring User Confidence in Smartphone Security and Privacy(SOUPS '12). Association for Computing Machinery, New York, NY, USA, Article Article 1, 16 pages. https://doi.org/10.1145/2335356.2335358Google Scholar
- Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using Personal Examples to Improve Risk Communication for Security and Privacy Decisions(CHI '14). Association for Computing Machinery, New York, NY, USA,2647--2656. https://doi.org/10.1145/2556288.2556978Google Scholar
- Qatrunnada Ismail, Tousif Ahmed, Kelly Caine, Apu Kapadia, and Michael K. Reiter. 2017. To Permit or Not to Permit, That is the Usability Question: Crowdsourcing Mobile Apps' Privacy Permission Settings. PoPETs 2017, 4 (2017), 119--137. https://doi.org/10.1515/popets-2017-0041Google Scholar
- Ajay Kumar Jha, Seungmin Lee, and Woo Jin Lee. 2015. Permission-based Security in Android Application: From Policy Expert to End User(RACS). ACM, New York,NY, USA, 319--320. https://doi.org/10.1145/2811411.2811493Google Scholar
- B. Krupp, D. Jesensky, and A. Szampias. 2017. SPEProxy: Enforcing fine grained security and privacy controls on unmodified mobile devices. In2017 IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference(UEMCON). 520--526. https://doi.org/10.1109/UEMCON.2017.8248985Google Scholar
- Michael Lutaaya. 2018. Rethinking App Permissions on iOS(CHI EA '18). ACM, New York, NY, USA, Article SRC 13, 6 pages. https://doi.org/10.1145/3170427.3180284Google Scholar
- Kirsten Martin and Katie Shilton. 2016. Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices. The Information Society 32 (05 2016), 200--216. https://doi.org/10.1080/01972243.2016.1153012Google ScholarDigital Library
- Kristopher Micinski, Daniel Votipka, Rock Stevens, Nikolaos Kofinas, Michelle L. Mazurek, and Jeffrey S. Foster. 2017. User Interactions and Permission Use on Android(CHI '17). ACM, New York, NY, USA, 362--373. https://doi.org/10.1145/3025453.3025706Google Scholar
- Anthony Peruma, Jeffrey Palmerino, and Daniel E. Krutz. 2018. Investigating User Perception and Comprehension of Android Permission Models(MOBILESoft'18). ACM, New York, NY, USA, 56--66. https://doi.org/10.1145/3197231.3197246Google Scholar
- Asaf Shabtai, Uri Kanonov, and Yuval Elovici. 2010. Intrusion Detection for Mobile Devices Using the Knowledge-based, Temporal Abstraction Method. J. Syst. Softw. 83, 8 (Aug. 2010), 1524--1537. https://doi.org/10.1016/j.jss.2010.03.046Google Scholar
- Statista. 2020. Statista. https://www.statista.com/statistics/300402/smartphone-usage-in-the-uk-by-age/Google Scholar
- Tilo Westermann and Ina Wechsung. 2015. Empowering Users to Make Informed Permission Request Choices(MobileHCI '15). ACM, New York, NY, USA, 1123--1125. https://doi.org/10.1145/2786567.2794333Google Scholar
- Verena M. Wottrich, Eva A. van Reijmersdal, and Edith G. Smit. 2019. App Users Unwittingly in the Spotlight: A Model of Privacy Protection in Mobile Apps. Journal of Consumer Affairs 53, 3 (2019), 1056--1083. https://doi.org/10.1111/joca.12218 arXiv: https://onlinelibrary.wiley.com/doi/pdf/10.1111/joca.12218Google ScholarCross Ref
- Hengshu Zhu, Hui Xiong, Yong Ge, and Enhong Chen. 2014. Mobile App Recommendations with Security and Privacy Awareness(KDD '14). Association for Computing Machinery, New York, NY, USA, 951--960. https://doi.org/10.1145/2623330.2623705Google Scholar
Index Terms
- EMPAware: Analyzing Changes in User Perceptions of Mobile Privacy on iOS with Enhanced Awareness
Recommendations
Investigating Effects of Control and Ads Awareness on Android Users' Privacy Behaviors and Perceptions
MobileHCI '15: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and ServicesThrough a controlled online experiment with 447 Android phone users using their own devices, we investigated how empowering users with information-disclosure control and enhancing their ads awareness affect their installation behaviors, information ...
Pricing and disseminating customer data with privacy awareness
Organizations today regularly share their customer data with their partners to gain competitive advantages. They are also often requested or even required by a third party to provide customer data that are deemed sensitive. In these circumstances, ...
Analyzing Awareness on Data Privacy
ACM SE '19: Proceedings of the 2019 ACM Southeast ConferenceThe transition away from the old way of handling and storing information on the internet has completely shifted the entire world. Unfortunately, the new method of internet storage has created a lot of issues that concern individuals on a daily basis. We ...
Comments