The Contextual Integrity (CI) theory provides a benchmark for privacy protection or violation according to the appropriateness of information collection and flows in a certain context. As privacy threats and protections develop and vie in various mobile contexts, how smartphone users represent the benchmark CI in their minds deserves exploration. In this study, we inquired into 18 smartphone users’ privacy mental models of CI. We found that they verbalized and visualized three patterns of information flow (i.e., unidirectional lines, branching tree, and complex network) and two categories of information collection (i.e., monetization-oriented and monitoring-based). With these mental models, our participants expressed numerous privacy concerns, such as unstoppable information sharing, data monetization, and surveillance. We discussed these findings and concluded that even though mobile operating systems and apps have claimed to be privacy-friendly and protective, some users remain dubious about such claims even though their privacy mental models may not accurately reflect reality
