HATS
HATS

Human and Technical Security

Mobile Privacy

The services offered by mobile apps are useful but these apps can also be privacy invasive, meaning that they compile and share more information than is needed for the task the app performs. For example, researchers at University of California Berkeley analyzed 940 apps and found that one third of them requested permissions for resources that were far beyond what was required for the functionality of the app. Such over-permissioning creates risk to both user security and privacy. These risks exist even in apps for the most vulnerable users, such as those that are designed for children. Currently, Android and iOS privacy ecosystems are grounded in permissions which control access to sensitive resources. These systems explicitly ask users for authorization to allow apps to access sensitive information. Therefore, in is important that permission requests effectively communicate privacy risk to the user so that they can make informed decisions.

As permissions manifests play a critical role in informing participants about the privacy risks associated with the apps, we conducted a study to evaluate their effectiveness. The results from our study indicated that majority of the participants were unaware of the implications of the permissions presented to them. Presenting them with additional textual warnings did not help either. Participants just ignored the permissions manifests and primarily made app choices based on the perceived popularity of the apps. These finding signified the need for cognitively simple indicators for privacy risk associated with the app in the PlayStore. So, we designed a series of visual indicators to communicate aggregate privacy risk associated with the app and evaluated their impact on app choices. We found that when participants were presented with positively framed risk indicators using the padlock icon, they consistently made risk-averse app choices. A follow up study compared the distribution of apps installed using the actual PlayStore with that of participants using a version of the PlayStore that had visual indicators privacy. The distributions were different and participants with visual indicators for privacy made more privacy preserving app choices. We also introduced sound notifications and evaluated their ability to prime users for privacy when selecting apps. The results from this experiment showed that participant with both visual indicators for privacy risk and priming though sound notifications made more privacy preserving choices.

Visual Cue
Figure 1 - Visual cues used to communicate privacy risk


Audio Cues
Figure 2 - Illustration of audio feedback


Simulator
Figure 3 - Screenshot of the PlayStore simulator agumented with privacy rating
Publications
Articles in journals or book chapters (2)
  1. Shakthidhar Reddy Gopavaram, Omkar Bhide, and L. Jean Camp. Can You Hear Me Now? Audio and Visual Interactions That Change App Choices. Frontiers in Psychology, 11:2227, 2020.
    Keywords: Mobile Privacy, Marketplace. [bibtex-entry]

  2. Shakthidhar Reddy Gopavaram, Jayati Dev, Sanchari Das, and Jean Camp. IoTMarketplace: Informing Purchase Decisions with Risk Communication. 2019.
    Keywords: IoT, Mental Models, Mobile Privacy. [bibtex-entry]

Conference publications (4)
  1. Behnood Momenzadeh, Shakthidhar Gopavaram, Sanchari Das, and L Jean Camp. Bayesian Evaluation of User App Choices in the Presence of Risk Communication on Android Devices. In International Symposium on Human Aspects of Information Security and Assurance, pages 211--223, 2020. Springer.
    Keywords: Mobile Privacy, Usable Privacy, Usability. [bibtex-entry]

  2. Jonathan Schubauer, Anjanette Raymond, and Dhruv Madappa. Over-Priviliged Permission: Using Technology and Design to Create Privacy Compliance. In , June 2019. IACL.
    Keywords: Mobile Privacy, Governance, Privacy. [bibtex-entry]

  3. Prashanth Rajivan and L. Jean Camp. Influence of Privacy Attitude and Privacy Cue Framing on Android App Choices. In Symposium on Usable Privacy and Security (SOUPS), 2016.
    Keywords: Mobile Privacy. [bibtex-entry]

  4. Kevin Benton, L. Jean Camp, and Vaibhav Garg. Studying the effectiveness of android application permissions requests. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2013 IEEE International Conference on, pages 291--296, March 2013. IEEE.
    Keywords: Mental Models, Mobile Privacy. [bibtex-entry]

Posters and Presentations (1)
  1. Jonathan Schubauer, David Argast, and L. Jean Camp. Lessig was Right: Influences on Android Permissions. United States Federal Trade Commission PrivacyCon Conference, February 2018.
    Keywords: Mobile Privacy, Governance. [bibtex-entry]

© 2015-2024 HATS. All Rights Reserved.