Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users

Over the years, the wide-spread usage of smartphones leads to large amounts of personal data being stored by them. These data, in turn, can be accessed by the apps installed on the smartphones, and potentially misused, jeopardizing the privacy of smartphone users. While the app stores provide indicators that allow an estimation of the privacy risks of individual apps, these indicators have repeatedly been shown as too confusing for the lay users without technical expertise. We have developed an information flyer with the goal of providing decision support for these users and enabling them make more informed decisions regarding their privacy upon choosing and installing smartphone apps. Our flyer is based on previous research in mental models of smartphone privacy and security and includes heuristics for choosing privacy-friendlier apps used by IT-Security experts. It also addresses common misconceptions of users regarding smartphones. The flyer was evaluated in a user study. The results of the study show, that the users who read the flyer tend to take privacy-relevant factors into account by relying on the heuristics in the flyer more often. Hence, the flyer succeeds in supporting users in making more informed privacy-related decisions

Expecting the Unexpected in Security Violations in Mobile Apps

personal data. This increased access and control may raise users’ perception of heightened privacy leakage and security issues. This is especially the case if users’ awareness and expectations of this external access and control is not accurately recognized through proper security declarations. This proposal thus attempts to put forth an investigation on the effect of mobile users’ privacy expectation disconfirmation on their continued usage intention of mobile apps sourced from app distribution stores. Drawing upon the APCO framework, security awareness literature and the expectation-disconfirmation perspective, two key types of security awareness information are identified; namely access annotation and modification annotation. It is noted that these types of information can be emphasized in app distribution stores to reduce subsequent privacy expectation disconfirmation. Hence, this study plans to examine the downstream effect of privacy expectation disconfirmation on users’ continued usage intention. To operationalize this research, a laboratory experiment will be conducted

Enhancing users\u27 experiences with mobile app stores: What do users see? What should they see?

Using mobile applications is one of the daily habits for most smartphone users. In order to select applications, individuals need to explore the apps stores. Apps’ exploration is disturbed by the way of illustrating the applications’ information. This dissertation consists of three studies that aimed to: 1) Investigate the users’ experience with the apps’ stores; 2) Collect the users’ needs and requirements in order to have a better experience with the interface of apps’ stores; 3) Propose and evaluate a new interface design for the apps’ stores. Different types of data collection methods were administered while proceeding with the phases of this dissertation. The first study was an exploratory study, which administered an online survey, where we had102 respondents. The second study, aimed to collect the design requirements, and we interviewed 16 individuals. The third study was the interface evaluation, where we also had 35 participants. Our results showed multiple factors that affect users’ experience while discovering applications on the apps’ store. Our findings suggested that the current interface design of apps’ stores needs revisions to help users to be aware of apps’ emerging features and issues. Moreover, we found that visual cues that illustrate apps’ information would be more effective to help users perceive specific information about apps. Furthermore, visual indicators would enhance users’ knowledge regarding some of the apps’ concerns. At the end of this research, we evaluated a proposed interface design that integrates the previous design recommendations. The evaluation results illustrated positive outputs in terms of users’ satisfaction and task-completion rate. The findings indicated that participants were delighted to experience the new way of interaction with the interface of apps’ store. We anticipate that users’ experience and their awareness towards the apps issue would be improved if apps’ stores considered adopting the proposed design concept

Enhancing Privacy through the Visual Design of Privacy Notices: Exploring the Interplay of Curiosity, Control and Affect

Privacy policies are the initial communicators of the services' data handling practices. Yet, their design seldom ensures users' privacy comprehension or provides people with choices around their information management, resulting in negative feelings associated with the sign-up process. In this paper, we investigate how to improve these conditions to enhance privacy comprehension and management, while inducing more positive feelings towards privacy notices. In an online experiment (N=620), we examine factors active during privacy interactions: curiosity, privacy concerns, trust, and time. We study how, together with framing and control incorporated in visual designs of notices, these factors influence privacy comprehension, intention to disclose, and affect (negative-positive valence). Our results show that, depending on an individual's level of curiosity, control can influence privacy comprehension, disclosure, and valence. We demonstrate the moderating ability of valence on privacy concerns, indirectly affecting disclosures. We elaborate on the results, highlighting how privacy notices designed to activate curiosity and provide control, could enhance usability and strengthen privacy-conscious behaviors. We argue that future work should study affect to further the knowledge of its role in cognitive processing resulting from privacy interactions

The Effects of Security Framing, Time Pressure, and Brand Familiarity on Risky Mobile Application Downloads

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect in both hypothetical choices in lab settings as well as with consumer purchases, and brand familiarity has been shown to affect consumers’ purchase behaviors. Neither factor has been studied in the context of risk communication for mobile app. The current study addressed this gap in the literature and examined the effects of time pressure and brand familiarity on the effectiveness of risk displays (framed as safety or risks) for mobile apps. Specifically, users’ choices were recorded as a measure of effective risk displays. The findings from this study indicated that users rely heavily on brand familiarity when downloading apps. We also showed that security scores, especially when framed as safety, were effective at guiding choice, though this advantage of safety framing was not present when users made decisions under time pressure. The implications from the study indicate that people implicitly trust brands they recognize, safety framed security can be helpful, and decision-making processes change under time pressure

Enhancing Privacy through the Visual Design of Privacy Notices: Exploring the Interplay of Curiosity, Control and Affect

Privacy policies are the initial communicators of the services' data handling practices. Yet, their design seldom ensures users' privacy comprehension or provides people with choices around their information management, resulting in negative feelings associated with the sign-up process. In this paper, we investigate how to improve these conditions to enhance privacy comprehension and management, while inducing more positive feelings towards privacy notices. In an online experiment (N=620), we examine factors active during privacy interactions: curiosity, privacy concerns, trust, and time. We study how, together with framing and control incorporated in visual designs of notices, these factors influence privacy comprehension, intention to disclose, and affect (negative-positive valence). Our results show that, depending on an individual's level of curiosity, control can influence privacy comprehension, disclosure, and valence. We demonstrate the moderating ability of valence on privacy concerns, indirectly affecting disclosures. We elaborate on the results, highlighting how privacy notices designed to activate curiosity and provide control, could enhance usability and strengthen privacy-conscious behaviors. We argue that future work should study affect to further the knowledge of its role in cognitive processing resulting from privacy interactions

Privacy Salience: Taxonomies and Research Opportunities

Privacy is a well-understood concept in the physical world, with us all desiring some escape from the public gaze. However, while individuals might recognise locking doors as protecting privacy, they have difficulty practising equivalent actions online. Privacy salience considers the tangibility of this important principle; one which is often obscured in digital environments. Through extensively surveying a range of studies, we construct the first taxonomies of privacy salience. After coding articles and identifying commonalities, we categorise works by their methodologies, platforms and underlying themes. While web browsing appears to be frequently analysed, the Internet-of-Things has received little attention. Through our use of category tuples and frequency matrices, we then explore those research opportunities which might have been overlooked. These include studies of targeted advertising and its affect on salience in social networks. It is through refining our understanding of this important topic that we can better highlight the subject of privacy

Factors Affecting Users' Disclosure Decisions in Android Runtime Permissions Model

Today, Android users are faced with several permissions' screens asking to access their personal information when using Android apps. In fact, Android users have to balance several considerations when choosing to grant or deny these data collection activities. Hence, it is important to understand how users' decisions are made and what factors play a role in users' decisions. A number of studies on the permissions' screens of Android devices have reported users discomfort and misunderstanding of the permission system. However, most studies were carried out on the old permission system where all permissions are presented at installation time, and the user has to either accept all the permissions or stop the installation. With the new permission system started with Android version 6.0 and higher, permissions are presented differently at run time. In this work, we aim to study users' disclosure decisions with the new run time system on Android. We have modeled users' disclosure decisions from three perspectives: dangerous permission type, clarity of rationale, and clarity of context. The study has been conducted on Amazon Mechanical Turk. The results show that dangerous permission type as well as clarity of the context have a statistical significant effect on users' disclosure decisions. On the other hand, clarity of dangerous permission's rationale does not contribute significantly to users' decisions. These findings shed light upon important factors that users consider in making privacy decisions in the new Android run time model. Such factors should be taken into account by Android apps developers when requesting access to users' private information