Research Article
No technical understanding required: Helping users make informed choices about access to their personal data
@INPROCEEDINGS{10.4108/icst.mobiquitous.2014.258066, author={Ilaria Liccardi and Joseph Pato and Daniel Weitzner and Hal Abelson and David De Roure}, title={No technical understanding required: Helping users make informed choices about access to their personal data}, proceedings={11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services}, publisher={ICST}, proceedings_a={MOBIQUITOUS}, year={2014}, month={11}, keywords={privacy android apps personal information}, doi={10.4108/icst.mobiquitous.2014.258066} }- Ilaria Liccardi
Joseph Pato
Daniel Weitzner
Hal Abelson
David De Roure
Year: 2014
No technical understanding required: Helping users make informed choices about access to their personal data
MOBIQUITOUS
ICST
DOI: 10.4108/icst.mobiquitous.2014.258066
Abstract
Many smartphone apps collect personal information used for a variety of purposes. Users, however, are often unaware of this kind of access even though they must grant the required permissions upon app installation. We have identified three reasons for this unawareness. First, relevant permissions can be missed in long lists of permissions. Second, apps that access personal information for functionality may appear suspicious even if they don't have the ability to disclose that information. Finally, updates to apps can lead to new permissions, accessing personal data, being granted.
We modified the Google Play permissions interface to include a quantitative measure (sensitivity score) of an app's ability to disclose personal information and to highlight the relevant permissions that contributed to this score in order to focus the user's attention on permissions that have the ability to access personal data. These improvements are easily integratable within the current structures and policies of the Android permissions interface and have been designed to allow inexperienced users to understand the permission interface and make informed and conscious decisions about access to their personal data.
We validated the effectiveness of this approach with a study of 125 Android smartphone users. We compared the current and improved versions of the interface and found that our improved permission interface led participants - especially inexperienced ones - to choose apps with less possible access to their personal data.
