Abstract
Initially, Android and iOS took different approaches to protect users’ privacy from third-party apps by means of permissions. The old Android permission model has been repeatedly criticized for its poor usability, whereas the runtime permission model of iOS received relatively low attention in the usable security community. Since October 2015, Android also implements the runtime permission model. We compare perception and usefulness of the respective permission models by three groups: users of old Android, runtime Android and iOS permissions. To this end, we conducted a survey with over 800 respondents. The results indicate that both permission types are reportedly utilized by users for decision making regarding app usage. However, runtime permissions in Android and iOS are perceived as more useful than the old Android permissions. Users also show a more positive attitude towards the runtime permission model independently of the smartphone operating system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Previous iOS versions asked for runtime permissions for location data, but most other data types could be accessed freely by the apps.
- 2.
“Reportedly” means that we ask users how they utilize permissions, but do not measure their actual behavior, which is out of scope of this study.
- 3.
We were concerned that users that recently switched from Android to iOS or vice versa might confound both permission models in their answers, and thus might not be able to provide consistent answers regarding permissions. However, this threat to validity was later mitigated by the data analysis, see Sect. 3.3.
- 4.
We took special care to guide participants through the process of finding out the version of their operating system, accounting for different interfaces of various Android manufacturers.
- 5.
The study was conducted in October 2016, such that users that have been using OS since 2014 have more than 1,5 years of experience with it.
References
Almuhimedi, H., et al.: Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)
Andriotis, P., Sasse, M.A., Stringhini, G.: Permissions snapshots: assessing users’ adaptation to the android runtime permission model. In: IEEE International Workshop on Information Forensics and Security (WIFS) (2016)
Benton, K., Camp, L.J., Garg, V.: Studying the effectiveness of android application permissions requests. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 291–296, March 2013
Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with android’s runtime permission dialogs using in-context surveys. USENIX Association (2017)
Cohen, J.: Statistical Power Analysis for the Behavioral Sciences, pp. 20–26. Lawrence Earlbaum Associates, Hillsdale (1988)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 3:1–3:14. ACM, New York (2012)
Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2647–2656. ACM (2014)
Jung, J., Han, S., Wetherall, D.: Short paper: enhancing mobile application permissions with runtime feedback and constraints. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 45–50. ACM (2012)
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6
Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2013, pp. 3393–3402. ACM, New York (2013)
Kraus, L., Wechsung, I., Möller, S.: Using statistical information to communicate android permission risks to users. In: 2014 Workshop on Socio-Technical Aspects in Security and Trust, pp. 48–55, July 2014
Micinski, K., Votipka, D., Stevens, R., Kofinas, N., Mazurek, M.L., Foster, J.S.: User interactions and permission use on android. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 362–373. ACM (2017)
Tan, J., et al.: The effect of developer-specified explanations for permission requests on smartphone user behavior. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 91–100. ACM (2014)
Thompson, C., Johnson, M., Egelman, S., Wagner, D., King, J.: When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 1. ACM (2013)
Tsai, L., et al.: Turtle Guard: helping android users apply contextual privacy preferences. In: Symposium on Usable Privacy and Security (SOUPS) (2017)
Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions Remystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC 2015, pp. 499–514. USENIX Association, Berkeley (2015)
Zawacki-Richter, O., Hohlfeld, G., Müskens, W.: Mediennutzung im studium. Schriftenreihe zum Bildungs-und Wissenschaftsmanagement 1(1) (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Reinfelder, L., Schankin, A., Russ, S., Benenson, Z. (2018). An Inquiry into Perception and Usage of Smartphone Permission Models. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-98385-1_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98384-4
Online ISBN: 978-3-319-98385-1
eBook Packages: Computer ScienceComputer Science (R0)