research-article

Protecting Privacy on Mobile Apps: A Principal–Agent Perspective

Authors:

Jun LiuAuthors Info & Claims

ACM Transactions on Computer-Human Interaction (TOCHI), Volume 29, Issue 1

Article No.: 7, Pages 1 - 32

https://doi.org/10.1145/3475797

Published: 07 January 2022 Publication History

Abstract

Although individuals increasingly use mobile applications (apps) in their daily lives, uncertainty exists regarding how the apps will use the information they request, and it is necessary to protect users from privacy-invasive apps. Recent literature has begun to pay much attention to the privacy issue in the context of mobile apps. However, little attention has been given to designing the permission request interface to reduce individuals’ perceived uncertainty and to support their informed decisions. Drawing on the principal–agent perspective, our study aims to understand the effects of permission justification, certification, and permission relevance on users’ perceived uncertainty, which in turn influences their permission authorization. Two studies were conducted with vignettes. Our results show that certification and permission relevance indeed reduce users’ perceived uncertainty. Moreover, permission relevance moderates the relationship between permission justification and perceived uncertainty. Implications for theory and practice are discussed.

References

[1]

Sameh Al-Natour, Hasan Cavusoglu, Izak Benbasat, and Usman Aleem. 2020. An empirical investigation of the antecedents and consequences of privacy uncertainty in the context of mobile apps. Information Systems Research 31, 4 (2020), 1037–1063.

[2]

Naveen Farag Awad and M. S. Krishnan. 2006. The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Quarterly 30, 1 (2006), 13–28.

Digital Library

[3]

Alessandro Acquisti1, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509–514.

[4]

George A. Akerlof. 1970. The market for “lemons”: Quality uncertainty and the market mechanism. Quarterly Journal of Economics 84, 3 (1970), 488–500.

[5]

Cheryl S. Alexander and Henry Jay Becker. 1978. The use of vignettes in survey research. Public Opinion Quarterly 42, 1 (1978), 93–104.

[6]

Kenneth J. Arrow. 1985. The economics of agency. In Principals and Agents: The Structure of Business. J. Pratt and R. Zeckhauser, (Eds.). Harvard Business School Press, Cambridge, MA, 37–51.

[7]

Reuben M. Baron and David A. Kenny. 1986. The moderator-mediator variable distinction in social psychological research: Conceptual, strategic, and statistical considerations. Journal of Personality and Social Psychology 51, 6 (1986), 1173–1182.

[8]

France Bélanger and Robert E. Crossler. 2011. Privacy in the digital age: A review of information privacy research in information systems. MIS Quarterly 35, 4 (2011), 1017–1041.

Digital Library

[9]

Timothy A. Brown 2014. Confirmatory Factor Analysis for Applied Research. Guilford Publications, New York, NY.

[10]

Huseyin Cavusoglu, Tuan Q. Phan, Hasan Cavusoglu, and Edoardo M. Airoldi. 2016. Assessing the impact of granular privacy controls on content sharing and disclosure on Facebook. Information Systems Research 27, 4 (2016), 848–978.

Digital Library

[11]

Kenan Degirmenci. 2020. Mobile users’ information privacy concerns and the role of app permission requests. International Journal of Information Management 50 (2020), 261–272.

Digital Library

[12]

Justin A. DeSimone and P. D. Harms. 2017. Dirty data: The effects of screening respondents who provide low-quality data in survey research. Journal of Business and Psychology 33 (2017), 559–577.

[13]

Tamara Dinev and Paul Hart. 2006. An extended privacy calculus model for e-commerce transaction. Information Systems Research 17, 1 (2006), 61–80.

Digital Library

[14]

Serge Egelman, Adrienne Porter Felt, and David Wagner. 2013. Choice architecture and smartphone privacy: There's a price for that. In The Economics of Information Security and Privacy. R. Böhme (Ed.). Springer, Germany, 211–236.

[15]

Kathleen M. Eisenhardt. 1989. Agency theory: An assessment and review. Academy of Management Review 14, 1 (1989), 57–74.

[16]

Adrienne Porter Felt, Serge Egelman, Matthew Finifter, Devdatta Akhawe, and David Wagner. 2012. How to ask for permission. In Proceedings of the 7th USENIX conference on Hot Topics in Security.

Digital Library

[17]

Mark Fodor and Alexander Brem. 2015. Do privacy concerns matter for millennials? Results from an empirical analysis of location-based services adoption in Germany. Computers in Human Behavior 53, C (2015), 344–353.

Digital Library

[18]

Jie Gu, Yunjie Xu, Heng Xu, and Hong Ling. 2015. Interaction effects of contextual cues on privacy concerns: the case of android applications. In Proceedings of the 48th Hawaii International Conference on System Sciences. 3498–3507.

Digital Library

[19]

Jie Gu, Yunjie (Calvin) Xu, Heng Xu, Cheng Zhang, and Hong Ling. 2017. Privacy concerns for mobile app download: An elaboration likelihood model perspective. Decision Support Systems 94 (2017), 19–28.

Digital Library

[20]

Oliver Günther and Sarah Spiekermann. 2005. RFID and the perception of control: the consumer's view. Communications of the ACM 48, 9 (2005), 73–76.

Digital Library

[21]

Joseph F. Hair, Jr., G. Tomas M. Hult, Christian M. Ringle, and Marko Sarstedt. 2017. A Primer on Partial Least Squares Structural Equation Modeling. Sage, Thousand Oaks, CA.

Digital Library

[22]

Jörg Henseler, Christian M. Ringle and Marko Sarstedt. 2015. A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science 43, 1 (2015), 115–135.

[23]

Jon-Chao Hong, Ming-Yueh Hwang, Kai-Hsin Tai, and Yi-Ling Cheng. 2014. Using calibration to enhance students' self-confidence in English vocabulary learning relevant to their judgment of over-confidence and predicted by smartphone self-efficacy and English learning anxiety. Computers & Education 72 (2014), 313–322.

Digital Library

[24]

John Hulland. 1999. User of partial least squares (PLS) in strategic management research: A review of four recent studies. Strategic Management Journal 20, 2 (1999), 195–204.

[25]

Michael C. Jensen and William H. Meckling. 1976. The theory of the firm: Managerial behavior, agency costs and ownership structure. Journal of Financial Economics 3, 4 (1976), 305–360.

[26]

Mohsen Jozani, Emmanuel Ayaburi, Myung Ko, and Kim-Kwang Raymond Choo. 2020. Privacy concerns and benefits of engagement with social media-enabled apps: A privacy calculus perspective. Computers in Human Behavior 107 (2020), 106260.

Digital Library

[27]

Daniel Kahneman and Amos Tversky. 1979. Prospect theory: An analysis of decision under risk. Econometrica 47, 2 (1979), 263–291.

[28]

Mark Keil, Bernard C. Y. Tan, Kwok-Kee Wei, Timo Saarinen, Virpi Tuunainen, and Arjen Wassenaar. 2000. A cross-cultural study on escalation of commitment behavior in software projects. MIS Quarterly 24, 2 (2000), 299–324.

Digital Library

[29]

Mark J. Keith, Samuel C. Thompson, Joanne Hale, Paul Benjamin Lowry, and Chapman Greer. 2013. Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior. International Journal of Human-Computer Studies 71, 12 (2013), 1163–1173.

Digital Library

[30]

Patrick Gage Kelley, Sunny Consolvo, Lorrie Faith Cranor, Jaeyeon Jung, Norman Sadeh, and David Wetherall. 2012. A conundrum of permissions: Installing applications on an android smartphone. In Proceedings of the International Conference on Financial Cryptography and Data Security. 68–79

Digital Library

[31]

Kyongseok Kim and Jooyoung Kim. 2011. Third-party privacy certification as an online advertising strategy: An investigation of the factors affecting the relationship between third-party certification and initial trust. Journal of Interactive Marketing 25, 3 (2011), 145–158.

[32]

Alfred Kobsa and Max Teltzrow. 2006. Convincing users to disclose personal data. In Proceedings of the CHI 2006 Workshop on Privacy-Enhanced Personalization. 39–41.

[33]

Robert LaRose and Nora Rifon. 2006. Your privacy is assured - of being disturbed: Websites with and without privacy seals. New Media & Society 8, 6 (2006), 1009–1029.

[34]

Jin-Myong Lee and Jong-Youn Rha. 2016. Personalization - privacy paradox and consumer conflict with the use of location-based mobile commerce. Computers in Human Behavior 63 (2016), 453–462.

Digital Library

[35]

Yuan Li. 2012. Theories in online information privacy research: A critical review and an integrated framework. Decision Support Systems 54, 1 (2012), 471–481.

Digital Library

[36]

Han Li, Rathindra Sarathy, and Heng Xu. 2010. Understanding situational online information disclosure as a privacy calculus. Journal of Computer Information Systems 51, 1 (2010), 62–71.

[37]

Jialiu Lin, Shahriyar Amini, Jason I. Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang. 2012. Expectation and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing. ACM, 501–510.

Digital Library

[38]

Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I. Hong. 2014. Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In Proceedings of the 2014 Symposium on Usable Privacy and Security, Menlo Park, CA, 199–212.

Digital Library

[39]

Naresh K. Malhotra, Sung S. Kim, and James Agarwal. 2004. Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research 15, 4 (2004), 336–355.

Digital Library

[40]

Kirsten Martin and Katie Shilton. 2016. Why experience matters to privacy: How context-based experience moderates consumer privacy expectations for mobile applications. Journal of the Association for Information Science and Technology 67, 8 (2016), 1871–1882.

Digital Library

[41]

D. Harrison Mcknight, Michelle Carter, Jason Bennett Thatcher, and Paul F. Clay. 2011. Trust in a specific technology: An Investigation of Its components and measures. ACM Transactions on Management Information Systems 2, 2 (2011), 1–25.

Digital Library

[42]

D. Harrison McKnight and Norman L. Chervany. 2001. What trust means in e-commerce customer relationships: An interdisciplinary conceptual typology. International Journal of Electronic Commerce 6, 2 (2001), 35–59.

Digital Library

[43]

D. Harrison McKnight, Vivek Choudhury, and Charles Kacmar. 2002. Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research 13, 3 (2002), 334–359.

Digital Library

[44]

Paul R. Milgrom and John Donald Roberts. 1992. Economics, Organization and Management. Prentice Hall, Upper Saddle River, NJ.

[45]

Cristian Morosan and Agnes DeFranco. 2015. Disclosing personal information via hotel apps: A privacy calculus perspective. International Journal of Hospitality Management 47 (2015), 120–130.

[46]

Praveen R. Nayyar. 1990. Information asymmetries: A source of competitive advantage for diversified service firms. Strategic Management Journal 11, 7 (1990), 513–519.

[47]

Nielsen. 2011. Mobile apps beat the mobile web among US Android smartphone users. (2011). Retrieved July 15, 2021 from https://www.nielsen.com/us/en/insights/article/2011/mobile-apps-beat-the-mobile-web-among-us-android-smartphone-users/.

[48]

Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kevin Huguenin, Mohammad Emtiyaz Khan, and Jean-Pierre Hubaux. 2017. SmarPer: Context-aware and automatic runtime-permissions for mobile devices. In Proceedings of the 2017 IEEE Symposium on Security and Privacy. 1058–1076.

[49]

Paul A. Pavlou, Huigang Liang, and Yajiong Xue. 2007. Understanding and mitigating uncertainty in online exchange relationships: A principal-agent perspective. MIS Quarterly 31, 1 (2007), 105–136.

Digital Library

[50]

Iryna Pentina, Lixuan Zhang, Hatem Bata, and Ying Chen. 2016. Exploring privacy paradox in information-sensitive mobile app adoption: A cross-cultural comparison. Computers in Human Behavior 65, C (2016), 409–419.

Digital Library

[51]

Pew. 2012. Privacy and data management on mobile devices (2012). Retrieved July 15, 2021 from https://www.pewresearch.org/internet/2012/09/05/privacy-and-data-management-on-mobile-devices/.

[52]

Philip M. Podsakoff, Scott B. MacKenzie, Jeong-Yeon Lee, and Nathan P. Podsakoff. 2003. Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology 88, 5 (2003), 879–903.

[53]

Kristopher J. Preacher and Andrew F. Hayes. 2008. Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models. Behavior Research Methods 40, 3 (2008), 879–891.

[54]

Nora J. Rifon, Robert LaRose, and Sejung Marina Choi. 2006. Your privacy is sealed: Effects of web privacy seals on trust and personal disclosures. Journal of Consumer Affairs 39, 2 (2006), 339–362.

[55]

Christian M. Ringle, Sven Wende, and S. Will. 2005. SmartPLS 2.0 (M3) Beta, Hamburg. Retrieved on July 14th, 2021 from www.smartpls.de.

[56]

Michael Rothschild and Joseph Stiglitz. 1976. Equilibrium in competitive insurance markets: An essay on the economics of imperfect information. Quarterly Journal of Economics 90, 4 (1976), 629–649.

[57]

Brandy Shaul. 2016. Survey: 25% of people have at least 1 restaurant app on their phone (2016). Retrieved July 15, 2021 from http://www.adweek.com/digital/survey-25-of-users-have-at-least-one-restaurant-app-on-their-phone/.

[58]

H. Jeff Smith, Tamara Dinev, and Heng Xu. 2011. Information privacy research: An interdisciplinary review. MIS Quarterly 35, 4 (2011), 989–1015.

Digital Library

[59]

Sarah Spiekermann. 2012. The challenges of privacy by design. Communications of the ACM 55, 7 (2012), 38–40.

[60]

Yongqiang Sun, Nan Wang, Xiao-Liang Shen, and Jacky Xi Zhang. 2015. Location information disclosure in location-based social network services: Privacy calculus, benefit structure, and gender differences. Computers in Human Behavior 52, C (2015), 278–292.

Digital Library

[61]

Joshua Tan, Khanh Nguyen, Michael Theodorides, Heidi Negrón-Arroyo, Christopher Thompson, Serge Egelman, and David Wagner. 2014. The effect of developer-specified explanations for permission requests on smartphone user behavior. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 91–100.

Digital Library

[62]

Janice Y. Tsai, Patrick Kelley, Paul Drielsma, Lorrie Faith Cranor, Jason Hong, and Norman Sadeh. 2009. Who's viewed you? The impact of feedback in a mobile location-sharing application. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2003–2012.

Digital Library

[63]

Viswanath Venkatesh, James Y. L. Thong, Frank K. Y. Chan, and Paul J. H. Hu. 2016. Managing citizens’ uncertainty in e-government services: The mediating and moderating roles of transparency and trust. Information Systems Research 27, 1 (2016), 87–111.

Digital Library

[64]

Tien Wang, Trong Danh Duong, and Charlie C. Chen. 2016. Intention to disclose personal information via mobile applications: A privacy calculus perspective. International Journal of Information Management 36, 4 (2016), 531–542.

Digital Library

[65]

Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David Wagner, and Konstantin Beznosov. 2017. The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences. In Proceedings of 2017 IEEE Symposium on Security and Privacy. 1077–1093.

[66]

Verena M. Wottrich, Eva A. van Reijmersdal, and Edith G. Smit. 2018. The privacy trade-off for mobile app downloads: The roles of app value, intrusiveness, and privacy concerns. Decision Support Systems 106 (2018), 44–52.

[67]

Heng Xu, Tamara Dinev, Jeff Smith, and Paul Hart. 2011. Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems 12, 12 (2011), 798–824.

[68]

Heng Xu, Xin (Robert) Luo, John M. Carroll, and Mary BethRosson. 2011. The personalization privacy paradox: An exploratory study of decision-making process for location-aware marketing. Decision Support Systems 51, 1 (2011), 42–52.

Digital Library

[69]

Heng Xu, Hock-Hai Teo, Bernard C. Y. Tan, and Ritu Agarwal. 2009. The role of push-pull technology in privacy calculus: The case of location-based services. Journal of Management Information Systems 26, 31 (2009), 35–174.

Digital Library

[70]

Bo Zhang and Heng Xu. 2016. Privacy nudges for mobile applications: effects on the creepiness emotion and privacy attitudes. In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing. 1676–1690.

Digital Library

[71]

Christian Zimmermann and Claus-Georg Nolte. 2015. Towards balancing privacy and efficiency: A principal-agent model of data-centric business. In Proceedings of the International Workshop on Security and Trust Management. 89–104.

Digital Library

Cited By

Wang XHuang SKim EXu J(2023)Enhancing Consumers’ Repurchase Intention in Peer-to-Peer Accommodation Following a Dual Processing Model: A Principal–Agent PerspectiveJournal of Travel Research10.1177/0047287523118985963:5(1127-1149)Online publication date: 29-Jul-2023
https://doi.org/10.1177/00472875231189859
Knijnenburg BBulgurcu B(2023)Designing Alternative Form-Autocompletion Tools to Enhance Privacy Decision-making and Prevent Unintended DisclosureACM Transactions on Computer-Human Interaction10.1145/361036630:6(1-42)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1145/3610366

Index Terms

Protecting Privacy on Mobile Apps: A Principal–Agent Perspective
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI theory, concepts and models
  2. Ubiquitous and mobile computing
    1. Ubiquitous and mobile devices
      1. Mobile devices
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Privacy concerns for mobile app download

In the mobile age, protecting users' information from privacy-invasive apps becomes increasingly critical. To precaution users against possible privacy risks, a few Android app stores prominently disclose app permission requests on app download pages. ...
Privacy Preserving Collaboration in Bring-Your-Own-Apps
SoCC '16: Proceedings of the Seventh ACM Symposium on Cloud Computing

Enterprise environments limit personal device usage for corporate data within a small set of enterprise provided apps or by using a whitelist of third-party apps. Both these options provide employees with limited app features, and a whitelist can be ...
Adoption of third-party libraries in mobile apps: a case study on open-source Android applications
MOBILESoft '22: Proceedings of the 9th IEEE/ACM International Conference on Mobile Software Engineering and Systems

Third-party libraries are frequently adopted in open-source Android applications (apps). These libraries are essential to the Android app development ecosystem as they often provide vital functionality that would take significant development time to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computer-Human Interaction

ACM Transactions on Computer-Human Interaction Volume 29, Issue 1

February 2022

354 pages

ISSN:1073-0516

EISSN:1557-7325

DOI:10.1145/3505201

Editor:
Kristina Höök
KTH Royal Institute of Technology, Sweden

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 January 2022

Accepted: 01 July 2021

Revised: 01 July 2021

Received: 01 June 2020

Published in TOCHI Volume 29, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

National Natural Science Foundation of China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
1,037
Total Downloads

Downloads (Last 12 months)247
Downloads (Last 6 weeks)29

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang XHuang SKim EXu J(2023)Enhancing Consumers’ Repurchase Intention in Peer-to-Peer Accommodation Following a Dual Processing Model: A Principal–Agent PerspectiveJournal of Travel Research10.1177/0047287523118985963:5(1127-1149)Online publication date: 29-Jul-2023
https://doi.org/10.1177/00472875231189859
Knijnenburg BBulgurcu B(2023)Designing Alternative Form-Autocompletion Tools to Enhance Privacy Decision-making and Prevent Unintended DisclosureACM Transactions on Computer-Human Interaction10.1145/361036630:6(1-42)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1145/3610366

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents