Reconciling mobile app privacy and usability on smartphones

As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users to review and possibly adjust settings related to these permissions has proven unrealistic. In this paper, we report on the results of a study analyzing people’s privacy preferences when it comes to granting permissions to different mobile apps. Our results suggest that, while people’s mobile app privacy preferences are diverse, a relatively small number of profiles can be identified that offer the promise of significantly simplifying the decisions mobile users have to make. Specifically, our results are based on the analysis of settings of 4.8 million smartphone users of a mobile security and privacy platform. The platform relies on a rooted version of Android where users are allowed to choose between “granting”, “denying ” or “requesting to be dynamically prompted ” when it comes to granting 12 different Android permissions to mobile apps they have downloaded. 1

Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?

by Google in the form of an unrestricted grant to the Mobile Commerce Laboratory. The authors would like to thank LBE Privacy Guard for sharing with them the data analyzed as part of this study. Keywords As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users to review and possibly adjust settings related to these permissions has proven unrealistic. In this paper, we report on the results of a study analyzing people’s privacy preferences when it comes to granting permissions to different mobile apps. Our results suggest that, while people’s mobile app privacy preferences are diverse, a relatively small number of profiles can be identified that offer the promise of significantly simplifying the decisions mobile users have to make. Specifically, our results are based on the analysis of settings of 4.8 million smartphone users of a mobile security and privacy platform. The platform relies on a rooted version of Android where users are allowed to choose between “granting”, “denying ” or “requesting to be dynamically prompted ” when it comes to granting 12 different Android permissions to mobile apps they have downloade

Modeling Users ’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings

In this paper, we investigate the feasibility of identifying a small set of privacy profiles as a way of helping users manage their mobile app privacy preferences. Our analysis does not limit itself to looking at permissions people feel comfortable granting to an app. Instead it relies on static code analysis to determine the purpose for which an app requests each of its permissions, distinguishing for instance between apps relying on particular permissions to deliver their core functionality and apps requesting these permissions to share information with advertising networks or social networks. Using privacy preferences that reflect people’s comfort with the purpose for which different apps request their permissions, we use clustering techniques to identify privacy profiles. A major contribution of this work is to show that, while people’s mobile app privacy preferences are diverse, it is possible to identify a small number of privacy profiles that collectively do a good job at capturing these diverse preferences

Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help? (CMU-CS-13-128, CMU-ISR-13-114)

<p>As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users to review and possibly adjust settings related to these permissions has proven unrealistic.</p> <p>In this paper, we report on the results of a study analyzing people’s privacy preferences when it comes to granting permissions to different mobile apps. Our results suggest that, while people’s mobile app privacy preferences are diverse, a relatively small number of profiles can be identified that offer the promise of significantly simplifying the decisions mobile users have to make.</p> <p>Specifically, our results are based on the analysis of settings of 4.8 million smartphone users of a mobile security and privacy platform. The platform relies on a rooted version of Android where users are allowed to choose between “granting”, “denying” or “requesting to be dynamically prompted” when it comes to granting 12 different Android permissions to mobile apps they have downloaded.</p

Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings

<p>In this paper, we investigate the feasibility of identifying a small set of privacy profiles as a way of helping users manage their mobile app privacy preferences. Our analysis does not limit itself to looking at permissions people feel comfortable granting to an app. Instead it relies on static code analysis to determine the purpose for which an app requests each of its permissions, distinguishing for instance between apps relying on particular permissions to deliver their core functionality and apps requesting these permissions to share information with advertising networks or social networks. Using privacy preferences that reflect people’s comfort with the purpose for which different apps request their permissions, we use clustering techniques to identify privacy profiles. A major contribution of this work is to show that, while people’s mobile app privacy preferences are diverse, it is possible to identify a small number of privacy profiles that collectively do a good job at capturing these diverse preferences.</p