SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices

Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. In this work, we address some of these limitations with SmarPer, an advanced permission mechanism for Android. First, to address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning to predict permission decisions at runtime. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. Note that the goal of SmarPer is to mimic the users decisions, not to make privacy-preserving decisions per se. With this unique data set, we show that tting an efcient Bayesian linear regression model results in a mean correct classication rate of 80% (3%). This represents a mean relative improvement of 50% over a user-dened static permission policy, i.e., the model used in current permission systems. Second, SmarPer also focuses on the suboptimal trade-off between privacy and utility; instead of only “allow” or “deny” decisions, SmarPer also offers an “obfuscate” option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users’ unique decision patterns at runtime using contextual information while supporting data obfuscation; this an important step towards automating the management of permissions in smartphones

Driving with Guidance: Exploring the Trade-Off Between GPS Utility and Privacy Concerns Among Drivers

As the reliance on GPS technology for navigation grows, so does the ethical dilemma of balancing its indispensable utility with the escalating concerns over user privacy. This study investigates the trade-offs between GPS utility and privacy among drivers, using a mixed-method approach that includes a survey of 151 participants and 10 follow-up interviews. We examine usage patterns, feature preferences, and comfort levels with location tracking and destination prediction. Our findings demonstrate that users tend to overlook potential privacy risks in favor of the utility the technology provides. We also find that users do not mind sharing inaccurate or obfuscated location data as long as their frequently visited locations aren't identified, and their full driving routes can't be recreated. Based on our findings, we explore design opportunities for enhancing privacy and utility, including adaptive interfaces, personalized profiles, and technological innovations like blockchain.Comment: Submitted to ACM CHI'24, 7 pages, 5 figure

Brave New World Reboot: Technology’s Role in Consumer Manipulation and Implications for Privacy and Transparency

Most consumers are aware that our data is being obtained and collected through the use of our devices we keep in our homes or even on our person throughout the day. But, it is understated how much data is being collected. Conversations you have with your peers – in a close proximity of a device – are being used to tailor advertising. The advertisements you receive on your devices are uniquely catered to your individual person, due to the fact it consistently uses our data to produce efficient and personal ads. On the flip side, our government is also tapping into our technology to learn more about us as well. Generation Z refers to this as “the FBI agent living in our phone.” There is a phenomenon surrounding this topic and it is becoming common knowledge that our devices are listening to us. Whether or not people want this to happen, it is inevitable. While this appears incredibly daunting: “our phones routinely collect our voice data, store it in a distant server, and use it for marketing purposes” (Komando, 2019). There are many fuzzy areas when it comes to the legality of technology and the transmission of our personal information to third parties. Fundamental privacy rights, liability, and constitutional issues are just to name a few. While GDPR is an example of data privacy law that is tackling the issue comprehensively abroad, there is surprisingly not a satisfactory legal framework currently in place within the United States (Green, 2018). This research project is designed to explore the range in which consumers deem this phenomenon acceptable and where the tipping point lies in terms of this being beneficial or creepy. I have developed a three-stage approach to this research. Because data privacy issues are rampant, listening devices are ever present, and there is a lack of extant literature in this domain, I feel it is important to extend the traditional business research approach to include a multifaceted exploration of the domain.Accordingly, I will conduct a literature review in three core areas: the rise of technology, technological devices and transparency as a whole, and global landmark situations. Within this literature review, I will evaluate legal cases surrounding the matter and accumulate all relevant information concerning our technology’s underlying purpose within the privacy realm. Finally, I will build on these foundations to develop a survey of consumer expectations, utilizing existing academic scales of privacy, expectations, preferences, comprehension and protection (Maser, 2020; Naeini et al, 2017; Custers et al, 2014;) the research design will target cross-generational respondents to explore subgroup differences that I will analyze and deliver results on. Additionally, this research was supported through funding provided by the University of Arkansas Honors College and the State Undergraduate Research Fellowship program

Mobile Privacy and Business-to-Platform Dependencies: An Analysis of SEC Disclosures

This Article systematically examines the dependence of mobile apps on mobile platforms for the collection and use of personal information through an analysis of Securities and Exchange Commission (SEC) filings of mobile app companies. The Article uses these disclosures to find systematic evidence of how app business models are shaped by the governance of user data by mobile platforms, in order to reflect on the role of platforms in privacy regulation more generally. The analysis of SEC filings documented in the Article produces new and unique insights into the data practices and data-related aspects of the business models of popular mobile apps and shows the value of SEC filings for privacy law and policy research more generally. The discussion of SEC filings and privacy builds on regulatory developments in SEC disclosures and cybersecurity of the last decade. The Article also connects to recent regulatory developments in the U.S. and Europe, including the General Data Protection Regulation, the proposals for a new ePrivacy Regulation and a Regulation of fairness in business-to-platform relations

Bliss and the mobile development business : filling the gap and taking advantage of the challenges between consumers and companies

Numerous mobile applications are available to consumers but just few survive within the competitive environment that is created by the innovative mobile industry. This study has the objective to identify the current and future needs of both companies and consumers in regards to mobile applications. This dissertation covers insights of interviews and consumer surveys held within the Portuguese market. The study intends to expose the gaps and similarities between the perspectives of companies and consumers. The purpose of this study will help Bliss, a Portuguese mobile application developer, to improve its product by taking advantage of the challenges. The main findings of the market research imply that both consumers and businesses share the idea that the importance of mobile applications will increase in the future and shape the society as we know it. Both primary and secondary data show us that the concern for data protection is substantial and poses an obstacle that needs to be overcome. More companies from other, traditional sectors start to move into the mobile development industry and relevant content and simple interface navigation remain key elements when it comes to building a successful application. Bliss Application has a substantial untapped potential for growth on the Portuguese market as the mobile development and adoption of mobile applications are still in its infancy.São inúmeras as aplicações disponíveis para os consumidores, porém somente algumas sobrevivem ao ambiente competitivo originado por um mercado em constante evolução. Este estudo tem como objetivo identificar as atuais e futuras necessidades, tanto das companhias, como dos consumidores, no que respeita às aplicações móveis. Nesta dissertação é possível encontrar, não só resultados de entrevistas individuais, mas também inquéritos ao consumidor, no contexto do mercado Português. O estudo tem como intuito expor as divergências, bem como as semelhanças entre as perspetivas das empresas e dos consumidores. A finalidade deste trabalho é contribuir para que a Bliss, empresa de aplicações móveis portuguesa, aperfeiçoe o seu produto, tirando vantagem dos diversos desafios que se impõem. As principais conclusões do estudo de mercado sugere que consumidores e negócios partilham a ideia de que a relevância das aplicações móveis irá aumentar, no futuro, e moldar a nossa sociedade. Tanto os dados primários, como os secundários, revelam que a proteção destes é substancial e apresenta-se como um obstáculo que precisa de ser ultrapassado. Cada vez mais empresas de distintos sectores de atividade de cariz tradicional começam a entrar neste mercado, no qual a facilidade de processos e a simplicidade do interface são fatores essenciais para o sucesso da indústria. Bliss Application tem um potencial inexplorado para crescer no mercado Português, uma vez que o desenvolvimento de dispositivos móveis e as suas aplicações ainda estão numa fase introdutória

Intention To Disclose Personal Information Via Mobile Applications: A Privacy Calculus Perspective

This study aimed to investigate the issue of consumer intention to disclose personal information via mobile applications (apps). Drawing on the literature of privacy calculus theory, this research examined the factors that influence the trade-off decision of receiving perceived benefits and being penalized with perceived risks through the calculus lens. In particular, two paths of the direct effects on perceived benefits and risks that induce the ultimate intention to disclose personal information via mobile apps were proposed and empirically tested. The analysis showed that self-presentation and personalized services positively influence consumers’ perceived benefits, which in turn positively affects the intention to dis- close personal information. Perceived severity and perceived control serve as the direct antecedents of perceived risks that negatively affect the intention of consumers to disclose personal information. Compared with the perceived risks, the perceived benefits more strongly influence the intention to disclose personal information. This study extends the literature on privacy concerns to consumer intention to disclose personal information by theoretically developing and empirically testing four hypotheses in a research model. Results were validated in the mobile context, and implications and discussions were presented