Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions
نویسندگان
چکیده
Modern smartphone platforms have millions of apps, many of which request permissions to access private data and resources, like user accounts or location. While these smartphone platforms provide varying degrees of control over these permissions, the sheer number of decisions that users are expected to manage has been shown to be unrealistically high. Prior research has shown that users are often unaware of, if not uncomfortable with, many of their permission settings. Prior work also suggests that it is theoretically possible to predict many of the privacy settings a user would want by asking the user a small number of questions. However, this approach has neither been operationalized nor evaluated with actual users before. We report on a field study (n=72) in which we implemented and evaluated a Personalized Privacy Assistant (PPA) with participants using their own Android devices. The results of our study are encouraging. We find that 78.7% of the recommendations made by the PPA were adopted by users. Following initial recommendations on permission settings, participants were motivated to further review and modify their settings with daily “privacy nudges.” Despite showing substantial engagement with these nudges, participants only changed 5.1% of the settings previously adopted based on the PPA’s recommendations. The PPA and its recommendations were perceived as useful and usable. We discuss the implications of our results for mobile permission management and the design of personalized privacy assistant solutions.
منابع مشابه
To Deny, or Not to Deny: A Personalized Privacy Assistant for Mobile App Permissions [Draft]
Many smartphone users are uncomfortable with the permissions requested by their mobile apps. The sheer number of permissions can be so overwhelming that many users are unable to adequately manage their permission settings. We present a methodology for building personalized privacy assistants to recommend permission settings to users. We conducted two field studies with Android users: the first ...
متن کاملTo Permit or Not to Permit, That is the Usability Question: Crowdsourcing Mobile Apps' Privacy Permission Settings
Millions of apps available to smartphone owners request various permissions to resources on the devices including sensitive data such as location and contact information. Disabling permissions for sensitive resources could improve privacy but can also impact the usability of apps in ways users may not be able to predict. We study an efficient approach that ascertains the impact of disabling per...
متن کاملDoes the Android Permission System Provide Adequate Information Privacy Protection for End-users of Mobile Apps?
This paper investigates the Android permission system and its adequacy in alerting end-users of potential information privacy risks in an app. When an end-user seeks to install an app, they are presented with the required permissions and make a supposedly informed decision as to whether to install that app based on the permissions presented. The results from an analysis of ten popular apps indi...
متن کاملModeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings
In this paper, we investigate the feasibility of identifying a small set of privacy profiles as a way of helping users manage their mobile app privacy preferences. Our analysis does not limit itself to looking at permissions people feel comfortable granting to an app. Instead it relies on static code analysis to determine the purpose for which an app requests each of its permissions, distinguis...
متن کاملReconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help? (CMU-CS-13-128, CMU-ISR-13-114)
As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users to review and possibly adjust settings related t...
متن کامل