Rebecca Balebako
Alessandro Acquisti
Lorrie Cranor
ABSTRACT
In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz app, either virtually or on their phone. After a distraction or delay they were asked to recall the privacy notice's content. Recall was used as a proxy for the attention paid to and salience of the notice. Showing the notice during app use significantly increased recall rates over showing it in the app store. In a follow-up web survey, we tested alternative app store notices, which improved recall but did not perform as well as notices shown during app use. The results suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store.
- A. Acquisti. Nudging Privacy: The Behavioral Economics of Personal Information. Security & Privacy, IEEE, 7(6):82--85, 2009. Google Scholar
Digital Library
- A. Acquisti and J. Grossklags. Privacy and Rationality in Individual Decision Making. Security & Privacy, IEEE, 3(1):26--33, 2005. Google ScholarDigital Library
- A. Adams and M. Sasse. Users Are Not the Enemy. Communications of the ACM, 42(12):40--46, 1999. Google ScholarDigital Library
- I. Adjerid, A. Acquisti, L. Brandimarte, and G. Loewenstein. Sleights of Privacy: Framing, Disclosures, and the Limits of Transparency. In Proc. of SOUPS. ACM, 2013. Google ScholarDigital Library
- H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. Cranor, and Y. Agarwal. Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging. In Proc. of CHI. ACM, 2015. Google ScholarDigital Library
- J. J. Argo and K. J. Main. Meta-analyses of the Effectiveness of Warning Labels. Journal of Public Policy and Marketing, 23(2):193--208, 2004.Google ScholarCross Ref
- R. Balebako, J. Jung, W. Lu, L. Cranor, and C. Nguyen. "A Lot of Little Brothers:" Measuring User Confidence in Smartphone Security and Privacy. In Proc. of SOUPS, 2013.Google Scholar
- R. Balebako, A. Marsh, J. Lin, J. Hong, and L. F. Cranor. The Privacy and Security Behaviors of Smartphone App Developers. Workshop on Usable Security, 2014.Google Scholar
- R. Balebako, R. Shay, and L. F. Cranor. Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories. Cylab Tech. Report, 2013.Google Scholar
- R. Böhme and J. Grossklags. The Security Cost of Cheap User Interaction. In Workshop on New Security Paradigms, pages 67--82. ACM, 2011. Google ScholarDigital Library
- R. Böhme and S. Köpsell. Trained to Accept?: A Field Experiment on Consent Dialogs. In Proc. of CHI. ACM, 2010. Google ScholarDigital Library
- L. F. Cranor. A Framework for Reasoning About the Human in the Loop. UPSEC, 8:1--15, 2008. Google ScholarDigital Library
- S. Egelman, A. Felt, and D. Wagner. Choice Architecture and Smartphone Privacy: There's A Price For That. In Proc. of WEIS, 2012.Google Scholar
- S. Egelman, J. Tsai, L. Cranor, and A. Acquisti. Timing is Everything?: The Effects of Timing and Placement of Online Privacy Indicators. In Proc. of CHI. ACM, 2009. Google ScholarDigital Library
- A. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner. How to Ask For Permission. HOTSEC 2012, 2012. Google ScholarDigital Library
- A. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. Proc. of SOUPS, 2012. Google ScholarDigital Library
- H. Fu, Y. Yang, N. Shingte, J. Lindqvist, and M. Gruteser. A Field Study of Run-Time Location Access Disclosures on Android Smartphones. In Workshop on Usable Security (USEC), 2014.Google ScholarCross Ref
- C. Gates, J. Chen, N. Li, and R. Proctor. Effective Risk Communication for Android Apps. IEEE Trans Depend. Sec. Comp., 11(3):252--265, May 2014. Google ScholarDigital Library
- C. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy. Generating Summary Risk Scores for Mobile Applications. IEEE Trans. Depend. Sec. Comp., 11(3):238--251, 2014. Google ScholarDigital Library
- N. S. Good, J. Grossklags, D. K. Mulligan, and J. A. Konstan. Noticing Notice: A Large-scale Experiment on the Timing of Software License Agreements. In Proc. of CHI. ACM, 2007. Google ScholarDigital Library
- J. L. Hall. NTIA Multistakeholder Process Delivers Increased App Transparency. https://cdt.org/blog/ntia-multistakeholder-process-delivers-increased-app-transparency/.Google Scholar
- M. Harbach, M. Hettig, S. Weber, and M. Smith. Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions. In Proc of CHI '14, pages 2647--2656. ACM, 2014. Google ScholarDigital Library
- M. M. Jan Boyles, Aaron Smith. Privacy and Data Management on Mobile Devices. Pew Internet and American Life Project, August 2012.Google Scholar
- P. Kelley, L. F. Cranor, and N. Sadeh. Privacy as Part of the App Decision-Making Process. In Proc. of CHI. ACM, 2013. Google ScholarDigital Library
- I. Liccardi, J. Pato, and D. J. Weitzner. Improving User Choice Through Better Mobile Apps Transparency and Permissions Analysis. Journal of Privacy and Confidentiality, 5(2):1, 2014.Google ScholarCross Ref
- J. Lin. Understanding and Capturing People's Mobile App Privacy Preferences. Technical Report Ph.D Thesis Carnegie Mellon University-CS-13--127. Google ScholarDigital Library
- J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy through Crowdsourcing. Proc. of UbiComp 2012, 2012. Google ScholarDigital Library
- N. K. Malhotra, S. S. Kim, and J. Agarwal. Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model. Information Systems Research, 15(4):336--355, 2004. Google ScholarDigital Library
- National Telecommunication and Information Administration. Privacy Multistakeholder Process: Mobile Application Transparency. http://www.ntia.doc.gov/category/privacy/u, Jul. 2013.Google Scholar
- F. Schaub, R. Balebako, A. L. Durity, and L. F. Cranor. A Design Space for Effective Privacy Notices. Proc. of SOUPS, 2015.Google Scholar
- J. Tan, K. Nguyen, M. Theodorides, H. Negrón-Arroyo, C. Thompson, S. Egelman, and D. Wagner. The Effect of Developer-Specified Explanations for Permission Requests on Smartphone User Behavior. In Proc. of CHI, pages 91--100. ACM, 2014. Google ScholarDigital Library
- M. S. Wogalter, D. DeJoy, and K. R. Laughery. Warnings and Risk Communication. CRC Press, 2005.Google Scholar
Index Terms
- The Impact of Timing on the Salience of Smartphone App Privacy Notices
Recommendations
Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging
CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing SystemsSmartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data ...
Privacy as part of the app decision-making process
CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsSmartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have ...
Should You Use the App for That?: Comparing the Privacy Implications of App- and Web-based Online Services
IMC '16: Proceedings of the 2016 Internet Measurement ConferenceMany popular, free online services provide cross-platform interfaces via Web browsers as well as apps on iOS and Android. To monetize these services, many additionally include tracking and advertising libraries that gather information about users with ...
Comments