Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
research-article

Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy

Published: 19 February 2015 Publication History

Abstract

A smartphone is an indispensible device that also holds a great deal of personal and private data. Contact details, party or holiday photos and emails --- all carried around in our pockets and easily lost. On Android, the most widely-used smartphone operating system, access to this data is regulated by permissions. Apps request these permissions at installation, and they ideally only ask for permission to access data they really need to carry out their functions. The user is expected to check, and grant, requested permissions before installing the app. Their privacy can potentially be violated if they fail to check the permissions carefully. In June 2014 Google changed the Android permission screen, perhaps attempting to improve its usability. Does this mean that all is well in the Android eco-system, or was this update a retrograde move? This article discusses the new permission screen and its possible implications for smartphone owner privacy.

References

[1]
Android.com. Manifest.permission. Retrieved December 15th, 2014. http://developer.android.com/reference/android/Manifest.permission.html.
[2]
androidnext. Google Play Store: Jüngstes Update sorgt für laxere Handhabung von App-Berechtigungen. Retrieved December 1st, 2014. http://www.androidnext.de/news/google-play-store-juengstes-update-sorgt-fuer-laxere-handhabung-von-app-berechtigungen/.
[3]
areamobile. Google erschwert Prüfen von App-Berechtigungen. Retrieved October 1st, 2014. http://www.areamobile.de/news/27347-android-google-erschwert-pruefen-von-app-berechtigungen.
[4]
S. Egelman, J. Tsai, L. F. Cranor, and A. Acquisti. Timing is everything? In Proceedings of the 27th international conference on Human factors in computing systems - CHI 09, page 319, New York, New York, USA, 2009. ACM Press.
[5]
Fachbereich Informatik Technische Universität Darmstadt. Forschungsgruppe Security, Usability and Society: Privacy friendly QR Scanner App. Retrieved December 15th, 2014. https://www.secuso.informatik.tu-darmstadt.de/de/research/results/privacy-friendly-qr-scanner-app/.
[6]
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. Proceedings of the 18th ACM conference on Computer and communications security - CCS '11, page 627, 2011.
[7]
A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android Permissions: User Attention, Comprehension, and Behavior. In Symposium on Usable Privacy and Security (SOUPS) 2012, Washington, DC, USA, 2012.
[8]
golem.de. Android-Apps erhalten leichter mehr Berechtigungen. Retrieved October 1st, 2014. http://www.golem.de/news/google-play-store-android-apps-erhalten-leichter-mehr-berechtigungen-1406-106856.html.
[9]
Google. Check app permissions. Retrieved September 29th, 2014. https://support.google.com/googleplay/answer/6014972?hl=dehttps://support.google.com/googleplay/answer/6014972?hl=de.
[10]
M. Harbach, M. Hettig, S. Weber, and M. Smith. Using personal examples to improve risk communication for security & privacy decisions. Proceedings of the 32nd annual ACM conference on Human factors in computing systems - CHI '14, pages 2647--2656, 2014.
[11]
heise online. Play Store ermöglicht Apps mehr Rechte ohne Nachfragen. Retrieved October 1st, 2014. http://heise.de/-2211827. retrieval date: May 30, 2014.
[12]
P. G. Kelley, S. Consolvo, L. F. Cranor, J. Jung, N. Sadeh, and D. Wetherall. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In J. Blyth, S. Dietrich, and L. J. Camp, editors, Financial Cryptography and Data Security, volume 7398 of Lecture Notes in Computer Science, pages 68--79. Springer Berlin Heidelberg, Berlin, Heidelberg, 2012.
[13]
P. G. Kelley, L. F. Cranor, and N. Sadeh. Privacy as part of the app decision-making process. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13, page 3393, 2013.
[14]
L. Kraus, I. Wechsung, and S. Möller. Using Statistical Information to Communicate Android Permission Risks to Users. In G. Lenzini and G. Bella, editors, Proc. of 4th Int. Worshop on Socio-Technical Aspects in Security and Trust (STAST). IEEE, 2014.
[15]
H. S. L. Z. Lin, Amini. Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy through Crowdsourcing. pages 501--510, 2012.
[16]
T. Vidas, N. Christin, and L. F. Cranor. Curbing Android Permission Creep. In W2SP, 2011.

Cited By

View all
  • (2024)Disposable identities: Solving web trackingJournal of Information Security and Applications10.1016/j.jisa.2024.10382184(103821)Online publication date: Aug-2024
  • (2024)Digitaler VerbraucherschutzVerbraucherinformatik10.1007/978-3-662-68706-2_4(135-201)Online publication date: 25-Mar-2024
  • (2023)User-Centered Privacy to Improve User Quantification using Smartphone SensingProceedings of the 25th International Conference on Mobile Human-Computer Interaction10.1145/3565066.3609737(1-4)Online publication date: 26-Sep-2023
  • Show More Cited By

Index Terms

  1. Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM SIGCAS Computers and Society
      ACM SIGCAS Computers and Society  Volume 45, Issue 1
      February 2015
      39 pages
      ISSN:0095-2737
      DOI:10.1145/2738210
      Issue’s Table of Contents

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 19 February 2015
      Published in SIGCAS Volume 45, Issue 1

      Check for updates

      Author Tags

      1. Android permissions
      2. psychology of security
      3. risk communication
      4. risk perception
      5. security education and usable security
      6. usable privacy

      Qualifiers

      • Research-article

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)36
      • Downloads (Last 6 weeks)3
      Reflects downloads up to 28 Dec 2024

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Disposable identities: Solving web trackingJournal of Information Security and Applications10.1016/j.jisa.2024.10382184(103821)Online publication date: Aug-2024
      • (2024)Digitaler VerbraucherschutzVerbraucherinformatik10.1007/978-3-662-68706-2_4(135-201)Online publication date: 25-Mar-2024
      • (2023)User-Centered Privacy to Improve User Quantification using Smartphone SensingProceedings of the 25th International Conference on Mobile Human-Computer Interaction10.1145/3565066.3609737(1-4)Online publication date: 26-Sep-2023
      • (2023)Going Beyond Usability and UX: Adding Dependability, Safety and Security to Interactive Systems and Interactive TechnologiesExtended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544549.3574186(1-3)Online publication date: 19-Apr-2023
      • (2022)The Influence of Transparency and Control on the Willingness of Data Sharing in Adaptive Mobile AppsProceedings of the ACM on Human-Computer Interaction10.1145/35467246:MHCI(1-26)Online publication date: 20-Sep-2022
      • (2021)A Consumer Perspective on Privacy Risk Awareness of Connected Car Data UseProceedings of Mensch und Computer 202110.1145/3473856.3473891(294-302)Online publication date: 5-Sep-2021
      • (2019)Sicherheitsempfinden in der DigitalitätACC Journal10.15240/tul/004/2019-3-00525:3(63-69)Online publication date: 31-Dec-2019
      • (2019)A Characterization of Digital Native Approaches To Mobile Privacy and SecurityProceedings of the South African Institute of Computer Scientists and Information Technologists 201910.1145/3351108.3351131(1-9)Online publication date: 17-Sep-2019
      • (2019)It Is About What They Could Do with the DataACM Transactions on Computer-Human Interaction10.1145/328144426:1(1-44)Online publication date: 30-Jan-2019
      • (2019)TPII: tracking personally identifiable information via user behaviors in HTTP trafficFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-018-7451-z14:3Online publication date: 19-Dec-2019
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media