Skip to main content
SpringerLink
Log in

Visualizing Privacy Risks of Mobile Applications through a Privacy Meter

  • Conference paper
Information Security Practice and Experience (ISPEC 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9065))

Abstract

When it comes to installing mobile applications on Android devices, users tend to ignore privacy warning messages about permissions being requested. Warning messages are often shown too late and are hard to interpret for normal users. To improve users’ awareness of potential privacy implications of installing an application, we designed a “privacy meter” that visualizes the risks (in a slider bar format) imposed by the types of permissions being requested. Interpreting and understanding privacy risks become quick and easy.

Our lab study shows that the privacy meter is the most effective solution compared to Google’s existing permission screens and privacy fact feature. With the privacy meter in place, only about 26% of participants recommended applications that have high privacy risks to their friends and family members. That is a significant improvement from the 61% of participants who recommended high risk applications when Google’s permission screens were used. The time taken to make recommendation decisions, on average, also dropped from 72 seconds to 26 seconds when the privacy meter was used.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AV-Comparatives. Mobile security review. Technical report (2012)

    Google Scholar 

  2. Biswas, D., Aad, I., Perrucci, G.P.: Privacy Panel: Usable and Quantifiable Mobile Privacy. In: Proceedings of the 8th IEEE International Conference on Availability, Reliability and Security (2013)

    Google Scholar 

  3. Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A.: Timing is Everything?: the Effects of Timing and Placement of Online Privacy Indicators. In: Proceedings of the 27th SIGCHI Conference on Human Factors in Computing Systems (2009)

    Google Scholar 

  4. Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (2014)

    Google Scholar 

  5. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (2011)

    Google Scholar 

  6. Felt, A.P., Greenwood, K., Wagner, D.: The Effectiveness of Application Permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development (2011)

    Google Scholar 

  7. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android Permissions: User Attention, Comprehension, and Behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security (2012)

    Google Scholar 

  8. Gates, C.S., Chen, J., Li, N., Proctor, R.W.: Effective Risk Communication for Android Apps. IEEE Transactions on Dependable and Secure Computing 11(3), 252–265 (2014)

    Article  Google Scholar 

  9. Harbach, M., Hettig, M., Weber, S., Smith, M.: Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions. In: Proceedings of the 32nd SIGCHI Conference on Human Factors in Computing Systems (2014)

    Google Scholar 

  10. Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as Part of the App Decision-Making Process. In: Proceedings of the 31st SIGCHI Conference on Human Factors in Computing Systems (2013)

    Google Scholar 

  11. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A Conundrum of Permissions: Installing Applications on an Android Smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing (2012)

    Google Scholar 

  13. Papamartzivanos, D., Damopoulos, D., Kambourakis, G.: A Cloud-Based Architecture to Crowdsource Mobile App Privacy Leaks. In: Proceedings of the 18th Panhellenic Conference on Informatics (2014)

    Google Scholar 

  14. Lin, J., Sadeh, B.L.N., Hong, J.I.: Modeling users Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission settings. In: Proceedings of the 10th Symposium on Usable Privacy and Security (2014)

    Google Scholar 

  15. Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M.L., Passaro, T., Shay, R., Vidas, T., Bauer, L., et al.: How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In: Proceedings of the 21st USENIX Conference on Security Symposium (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Sungkyunkwan University, Seoul, Korea

    Jina Kang, Hyoungshick Kim & Yun Gyung Cheong

  2. Honeywell ACS Labs, Morristown, USA

    Jun Ho Huh

Authors
  1. Jina Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyoungshick Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yun Gyung Cheong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jun Ho Huh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Malaga, Malaga, Spain

    Javier Lopez

  2. Institute for Infocomm Research, Singapore, Singapore

    Yongdong Wu

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kang, J., Kim, H., Cheong, Y.G., Huh, J.H. (2015). Visualizing Privacy Risks of Mobile Applications through a Privacy Meter. In: Lopez, J., Wu, Y. (eds) Information Security Practice and Experience. ISPEC 2015. Lecture Notes in Computer Science(), vol 9065. Springer, Cham. https://doi.org/10.1007/978-3-319-17533-1_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17533-1_37

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17532-4

  • Online ISBN: 978-3-319-17533-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation