Abstract
When it comes to installing mobile applications on Android devices, users tend to ignore privacy warning messages about permissions being requested. Warning messages are often shown too late and are hard to interpret for normal users. To improve users’ awareness of potential privacy implications of installing an application, we designed a “privacy meter” that visualizes the risks (in a slider bar format) imposed by the types of permissions being requested. Interpreting and understanding privacy risks become quick and easy.
Our lab study shows that the privacy meter is the most effective solution compared to Google’s existing permission screens and privacy fact feature. With the privacy meter in place, only about 26% of participants recommended applications that have high privacy risks to their friends and family members. That is a significant improvement from the 61% of participants who recommended high risk applications when Google’s permission screens were used. The time taken to make recommendation decisions, on average, also dropped from 72 seconds to 26 seconds when the privacy meter was used.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
AV-Comparatives. Mobile security review. Technical report (2012)
Biswas, D., Aad, I., Perrucci, G.P.: Privacy Panel: Usable and Quantifiable Mobile Privacy. In: Proceedings of the 8th IEEE International Conference on Availability, Reliability and Security (2013)
Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A.: Timing is Everything?: the Effects of Timing and Placement of Online Privacy Indicators. In: Proceedings of the 27th SIGCHI Conference on Human Factors in Computing Systems (2009)
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (2014)
Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (2011)
Felt, A.P., Greenwood, K., Wagner, D.: The Effectiveness of Application Permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development (2011)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android Permissions: User Attention, Comprehension, and Behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security (2012)
Gates, C.S., Chen, J., Li, N., Proctor, R.W.: Effective Risk Communication for Android Apps. IEEE Transactions on Dependable and Secure Computing 11(3), 252–265 (2014)
Harbach, M., Hettig, M., Weber, S., Smith, M.: Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions. In: Proceedings of the 32nd SIGCHI Conference on Human Factors in Computing Systems (2014)
Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as Part of the App Decision-Making Process. In: Proceedings of the 31st SIGCHI Conference on Human Factors in Computing Systems (2013)
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A Conundrum of Permissions: Installing Applications on an Android Smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012)
Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing (2012)
Papamartzivanos, D., Damopoulos, D., Kambourakis, G.: A Cloud-Based Architecture to Crowdsource Mobile App Privacy Leaks. In: Proceedings of the 18th Panhellenic Conference on Informatics (2014)
Lin, J., Sadeh, B.L.N., Hong, J.I.: Modeling users Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission settings. In: Proceedings of the 10th Symposium on Usable Privacy and Security (2014)
Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M.L., Passaro, T., Shay, R., Vidas, T., Bauer, L., et al.: How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In: Proceedings of the 21st USENIX Conference on Security Symposium (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kang, J., Kim, H., Cheong, Y.G., Huh, J.H. (2015). Visualizing Privacy Risks of Mobile Applications through a Privacy Meter. In: Lopez, J., Wu, Y. (eds) Information Security Practice and Experience. ISPEC 2015. Lecture Notes in Computer Science(), vol 9065. Springer, Cham. https://doi.org/10.1007/978-3-319-17533-1_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-17533-1_37
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17532-4
Online ISBN: 978-3-319-17533-1
eBook Packages: Computer ScienceComputer Science (R0)