Abstract
Nowadays, users face an increasing range of contexts in which they may wish to control access to and share their data. This includes mobile apps accessing sensitive data, cookies tracking user activity, and social media sites targeting users for advertisement. Existing studies have determined that many ordinary users are unable to make informed permissions-related decisions when giving permissions to apps due to a lack of understanding of permissions and interface issues. Today, primary web services, such as social networks, mobile phones, web browsers and the Internet of Things, provide a vast number of privacy settings to users, aiming to provide more control. Although privacy details and permission settings are often made available, they can fall short of capturing and communicating essential considerations which users care about or offering them a meaningful level of control. As a result, the situation for many users has become unmanageable, and they do not have sufficient and proper control of all permissions on different platforms. This paper presents initial findings from ongoing research that is aimed at investigating ways to improve communication with users and support their related decision-making. The analysis leads to the following conclusions: end-users do not read and misunderstand permission requirements, demonstrating a gap between knowledge, perception and behaviours about permissions and privacy settings. Therefore, it is reasonable to assist consumers by allowing them to manage and revisit their privacy settings easily. The number of privacy decisions is growing; therefore, it is unrealistic for ordinary users to manage all these privacy settings.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 8th Symposium on Usable Privacy and Security, SOUPS 2012, pp. 1–14 (2012). https://doi.org/10.1145/2335356.2335360
Zadeh, M.E., Kambar, N., Esmaeilzadeh, A., Kim, Y., Taghva, K.: A survey on mobile malware detection methods using machine learning (2022). https://doi.org/10.1109/CCWC54503.2022.9720753
Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501–510 (2012)
Smullen, D., Feng, Y., Zhang, S., Sadeh, N.M.: The best of both worlds: mitigating trade-offs between accuracy and user burden in capturing mobile app privacy preferences. Proc. Priv. Enhancing Technol. 2020(1), 195–215 (2020)
Benton, K., Camp, L.J., Garg, V.: Studying the effectiveness of Android application permissions requests. In: IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops, pp. 291–296 (2013)
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Financial Cryptography and Data Security, FC 2012 Workshops, USEC and WECSR (2012)
Yus, F.: Smartphone Communication: Interactions in the App Ecosystem. Routledge (2021)
Betzing, J.H., Tietz, M., vom Brocke, J., Becker, J.: The impact of transparency on mobile privacy decision making. Electron. Mark. 30(3), 607–625 (2019)
Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402 (2013)
Tan, J., et al.: The effect of developer-specified explanations for permission requests on smartphone user behavior. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 91–100 (2014). https://doi.org/10.1145/2556288.2557400
Liu, X., Leng, Y., Yang, W., Wang, W., Zhai, C., Xie, T.: A large-scale empirical study on Android runtime-permission rationale messages (2018). https://doi.org/10.1109/VLHCC.2018.8506574
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on Internet of Things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125 (2017). https://doi.org/10.1109/JIOT.2017.2683200
Olejnik, K., Dacosta, I., Soares Machado, J., Huguenin, K., Khan, M.E., Hubaux, J.-P.: SmarPer: context-aware and automatic runtime-permissions for mobile devices (2017)
Ismail, Q.: Crowdsourcing permission settings for mobile apps to help users balance privacy and usability. Doctoral dissertation, Indiana University (2018)
Alepis, E., Patsakis, C.: Monkey says, monkey does: security and privacy on voice assistants. IEEE Access 5, 17841–17851 (2017)
Boroojeni, K.G., Amini, M.H., Iyengar, S.S.: Overview of the security and privacy issues in smart grids. In: Boroojeni, K.G., Amini, M.H., Iyengar, S.S. (eds.) Smart Grids: Security and Privacy Issues, pp. 1–16. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-45050-6_1
Fathi, S.: More users trust Amazon and Google to handle their personal user data than Apple, survey suggests. MacRumors (2021). https://www.macrumors.com/2021/12/22/survey-amazon-and-google-user-data-more-than-apple/
Graeff, T.R., Harmon, S.: Collecting and using personal data: consumers’ awareness and concerns. J. Consum. Mark. 19(4) (2002)
Carrascal, J.P., Riederer, C., Erramilli, V., Cherubini, M.: Your browsing behavior for a big mac: economics of personal information online (2013). http://mozilla.org/firefox
Shih, F., Liccardi, I., Weitzner, D.J., Csail, M.: Privacy tipping points in smartphones privacy preferences (2015). https://doi.org/10.1145/2702123.2702404
Lim, S.L., Bentley, P.J., Kanakam, N., Ishikawa, F., Honiden, S.: Investigating country differences in mobile app user behavior and challenges for software engineering. IEEE Trans. Softw. Eng. 41(01), 40–64 (2015)
Gu, J., Xu, Y.C., Xu, H., Zhang, C., Ling, H.: Privacy concerns for mobile app download: an elaboration likelihood model perspective. Decis. Support Syst. 94, 19–28 (2017)
Herold, R., Hertzog, C.: Data Privacy for the Smart Grid. Taylor & Francis (2015)
Chen, H.T., Kim, Y.: Problematic use of social network sites: the interactive relationship between gratifications sought and privacy concerns. Cyberpsychol. Behav. Soc. Netw. 16, 806–812 (2013)
McCay-Peet, L., Quan-Haase, A.: What is social media and what questions can social media research help us answer. In: The SAGE Handbook of Social Media Research Methods (2017)
Stieger, S., Burger, C., Bohn, M., Voracek, M.: Who commits virtual identity suicide? Differences in privacy concerns, internet addiction, and personality between Facebook users and quitters. Cyberpsychol. Behav. Soc. Netw. 16(9), 629–634 (2013). https://doi.org/10.1089/CYBER.2012.0323
Beierle, F., et al.: What data are smartphone users willing to share with researchers? J. Ambient. Intell. Humaniz. Comput. 11(6), 2277–2289 (2019). https://doi.org/10.1007/s12652-019-01355-6
Schmidtke, H.R.: Location-aware systems or location-based services: a survey with applications to Covid-19 contact tracking. J. Reliab. Intell. Environ. 6(4), 191–214 (2020)
Almuhimedi, H.: Helping Smartphone Users Manage their Privacy through Nudges (2017)
Shen, B., et al.: Can systems explain permissions better? Understanding users’ misperceptions under smartphone runtime permission model. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 751–768 (2021)
Raab, C.: The role of national privacy law in shaping privacy attitudes and behaviors. Priv. Secur. Law Rep. 13(7), 1–6 (2017)
Nguyen, L.T., Gligor, D.V.: Privacy attitudes and behaviors in the context of emerging technologies. J. Am. Soc. Inf. Sci. 66(10), 2040–2049 (2015)
Pankowski, N., Kaminska, A.: The impact of national privacy laws on privacy behaviors in mobile applications. Priv. Secur. Law Rep. 16(4), 1–6 (2020)
Wijesekera, P., et al.: The feasibility of dynamically granted permissions: aligning mobile privacy with user preferences (2017)
Mendes, R., Brandão, A., Vilela, J.P., Beresford, A.R.: Effect of user expectation on mobile app privacy: a field study. In: 2022 IEEE International Conference on Pervasive Computing and Communications (PerCom), pp. 207–214 (2022)
Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)
Barth, S., De Jong, M.D.: The privacy paradox–Investigating discrepancies between expressed privacy concerns and actual online behavior–a systematic literature review. Telemat. Inform. 34, 1038–1058 (2017)
Woodruff, A., Pihur, V., Consolvo, S., Schmidt, L., Brandimarte, L., Acquisti, A.: Would a privacy fundamentalist sell their DNA for $1000... if nothing bad happened as a result? The Westin categories, behavioral intentions, and consequences. In: Symposium on Usable Privacy and Security (SOUPS), vol. 5, p. 1 (2014)
Woźniak, P.W., et al.: Creepy technology: what is it and how do you measure it? In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (2021)
Wijesekera, P., et al.: Android permissions remystified: a field study on contextual integrity. In: 24th USENIX Security Symposium (USENIX Security 2015) (2015)
Madden, M., Rainie, L.: Americans’ attitudes about privacy, security and surveillance (2015)
Solove, D.J.: Introduction: privacy self-management and the consent dilemma. Harv. L. Rev. 126, 1880 (2012)
Jesus, V., Pandit, H.J.: Consent receipts for a usable and auditable web of personal data. IEEE Access 10, 28545–28563 (2022). https://doi.org/10.1109/ACCESS.2022.3157850
Linden, T., Khandelwal, R., Harkous, H., Fawaz, K.: The privacy policy landscape after the GDPR. In: Proceedings on Privacy Enhancing Technologies, pp. 47–64 (2020). https://doi.org/10.2478/popets-2020-0004
School of Computer Science Research Ethics Committee. Application for ethics approval - Online Privacy and Permissions Survey - Ref no. CS-2021-R49. Ethicsadmin@cs.nott.ac.uk (2022)
Acknowledgements
The authors would like to acknowledge the input from Julie Haney of the Visualisation and Usability Group at the National Institute of Standards and Technology (NIST) for her valuable input and comments into the design of the questionnaire instrument.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alshomrani, N., Furnell, S., He, Y. (2023). Assessing User Understanding, Perception and Behaviour with Privacy and Permission Settings. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_36
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_36
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)