Visualizing Privacy Risks of Mobile Applications through a Privacy Meter

  • Jina Kang
  • Hyoungshick Kim
  • Yun Gyung Cheong
  • Jun Ho Huh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9065)


When it comes to installing mobile applications on Android devices, users tend to ignore privacy warning messages about permissions being requested. Warning messages are often shown too late and are hard to interpret for normal users. To improve users’ awareness of potential privacy implications of installing an application, we designed a “privacy meter” that visualizes the risks (in a slider bar format) imposed by the types of permissions being requested. Interpreting and understanding privacy risks become quick and easy.

Our lab study shows that the privacy meter is the most effective solution compared to Google’s existing permission screens and privacy fact feature. With the privacy meter in place, only about 26% of participants recommended applications that have high privacy risks to their friends and family members. That is a significant improvement from the 61% of participants who recommended high risk applications when Google’s permission screens were used. The time taken to make recommendation decisions, on average, also dropped from 72 seconds to 26 seconds when the privacy meter was used.

Index Terms

Permission Android Mobile Decision-making 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    AV-Comparatives. Mobile security review. Technical report (2012)Google Scholar
  2. 2.
    Biswas, D., Aad, I., Perrucci, G.P.: Privacy Panel: Usable and Quantifiable Mobile Privacy. In: Proceedings of the 8th IEEE International Conference on Availability, Reliability and Security (2013)Google Scholar
  3. 3.
    Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A.: Timing is Everything?: the Effects of Timing and Placement of Online Privacy Indicators. In: Proceedings of the 27th SIGCHI Conference on Human Factors in Computing Systems (2009)Google Scholar
  4. 4.
    Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation (2014)Google Scholar
  5. 5.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android Permissions Demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (2011)Google Scholar
  6. 6.
    Felt, A.P., Greenwood, K., Wagner, D.: The Effectiveness of Application Permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development (2011)Google Scholar
  7. 7.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android Permissions: User Attention, Comprehension, and Behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security (2012)Google Scholar
  8. 8.
    Gates, C.S., Chen, J., Li, N., Proctor, R.W.: Effective Risk Communication for Android Apps. IEEE Transactions on Dependable and Secure Computing 11(3), 252–265 (2014)CrossRefGoogle Scholar
  9. 9.
    Harbach, M., Hettig, M., Weber, S., Smith, M.: Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions. In: Proceedings of the 32nd SIGCHI Conference on Human Factors in Computing Systems (2014)Google Scholar
  10. 10.
    Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as Part of the App Decision-Making Process. In: Proceedings of the 31st SIGCHI Conference on Human Factors in Computing Systems (2013)Google Scholar
  11. 11.
    Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A Conundrum of Permissions: Installing Applications on an Android Smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing (2012)Google Scholar
  13. 13.
    Papamartzivanos, D., Damopoulos, D., Kambourakis, G.: A Cloud-Based Architecture to Crowdsource Mobile App Privacy Leaks. In: Proceedings of the 18th Panhellenic Conference on Informatics (2014)Google Scholar
  14. 14.
    Lin, J., Sadeh, B.L.N., Hong, J.I.: Modeling users Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission settings. In: Proceedings of the 10th Symposium on Usable Privacy and Security (2014)Google Scholar
  15. 15.
    Ur, B., Kelley, P.G., Komanduri, S., Lee, J., Maass, M., Mazurek, M.L., Passaro, T., Shay, R., Vidas, T., Bauer, L., et al.: How Does Your Password Measure Up? The Effect of Strength Meters on Password Creation. In: Proceedings of the 21st USENIX Conference on Security Symposium (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jina Kang
    • 1
  • Hyoungshick Kim
    • 1
  • Yun Gyung Cheong
    • 1
  • Jun Ho Huh
    • 2
  1. 1.Department of Computer Science and EngineeringSungkyunkwan UniversitySeoulKorea
  2. 2.Honeywell ACS LabsMorristownUSA

Personalised recommendations