A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research

Distler, Verena; Fassl, Matthias; Habib, Hana; Krombholz, Katharina; Lenzini, Gabriele; Lallemand, Carine; Cranor, Lorrie Faith; Koenig, Vincent

doi:10.1145/3469845

Cited by 29 publications

(10 citation statements)

References 115 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3.2.1 End-User Participant Recruitment. We recruited 309 3 enduser participants using Prolific [63], a typical crowdsourcing platform for recruiting participants for empirical privacy studies [20]. We decided to recruit participants residing in the U.K. because (1) privacy is a cultural and contextual topic, and people's interpretation of what privacy means can vary based on where they are located [14,69,70,97]; 4 (2) Prolific offers representative samples only for two countries, the U.S. and the U.K. [64]; (3) we had limited resources and budget; and (4) a simple translation from English into other languages could have caused different interpretations of our questions.…”

Section: Survey Study With End-usersmentioning

confidence: 99%

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Tahaei,

Abu-Salma,

Rashid

2023

Preprint

View full text Add to dashboard Cite

While the literature on permissions from the end-user perspective is rich, there is a lack of empirical research on why developers request permissions, their conceptualization of permissions, and how their perspectives compare with end-users' perspectives. Our study aims to address these gaps using a mixed-methods approach.Through interviews with 19 app developers and a survey of 309 Android and iOS end-users, we found that both groups shared similar concerns about unnecessary permissions breaking trust, damaging the app's reputation, and potentially allowing access to sensitive data. We also found that developer participants sometimes requested multiple permissions due to confusion about the scope of certain permissions or third-party library requirements. Additionally, most end-user participants believed they were responsible for granting a permission request, and it was their choice to do so, a belief shared by many developer participants. Our findings have implications for improving the permission ecosystem for both developers and end-users. CCS CONCEPTS• Security and privacy → Software and application security;Human and societal aspects of security and privacy; Usability in security and privacy; • Human-centered computing → Human computer interaction (HCI); HCI design and evaluation methods; • Software and its engineering;

show abstract

Section: Survey Study With End-usersmentioning

confidence: 99%

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Tahaei,

Abu-Salma,

Rashid

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…However, findings from a review conducted in 2011 on UX research from 2005 to 2009 show that such practice is uncommon, with 51% of studies using self-developed scales not reporting any items (Bargas-Avila & Hornbaek, 2011). A recent literature review by Distler et al (2021) within the context of usable privacy and security research also showed that papers sometimes contain insufficient details on the study procedure and methods, including how tasks and questions were framed when presented to the participants of a study. The authors suggested that such reporting standards need to be improved, and publishers should request or require such information to increase both how understandable and how replicable research is (Distler et al, 2021).…”

Section: Transparent Reporting Of Scale Itemsmentioning

confidence: 99%

“…A recent literature review by Distler et al (2021) within the context of usable privacy and security research also showed that papers sometimes contain insufficient details on the study procedure and methods, including how tasks and questions were framed when presented to the participants of a study. The authors suggested that such reporting standards need to be improved, and publishers should request or require such information to increase both how understandable and how replicable research is (Distler et al, 2021). Given the importance of sharing items (Flake & Fried, 2020) and the rising interest in fostering replication in research (Wacharamanotham et al, 2020), we want to investigate if the practice of sharing items has become more common in recent years.…”

Section: Transparent Reporting Of Scale Itemsmentioning

confidence: 99%

Measurement Practices in UX Research: A Systematic Quantitative Literature Review

Perrig¹,

Aeschbach²,

Scharowski³

et al. 2022

Preprint

View full text Add to dashboard Cite

User experience research relies heavily on survey scales as an essential method for measuring users' subjective experiences with technology. However, repeatedly raised concerns regarding the improper use of survey scales in UX research and adjacent fields call for a systematic review of current measurement practice. Until now, no such systematic investigation on survey scale use in UX research exists. We, therefore, conducted a systematic literature review, screening 707 papers from CHI 2019 to 2021, of which 207 were eligible empirical studies using survey scales. Results show that papers frequently lacked rationales for scale selection (70.05%) and rarely provided all scale items used (21.74%). Nearly half of all scales were adapted (44.69%), while only one-fifth of papers reported any sort of scale quality investigation (19.32%). Furthermore, we identified 224 different scales and 287 distinct constructs measured. Most scales were used once (76.79%), and most constructs were measured once (81.88%). Results highlight questionable measurement practices in UX research and suggest opportunities to improve scale use for UX-related constructs. We provide recommendations to promote improved rigor in following best practices for scale-based UX research. This research was funded internally. All materials are available on OSF: https://osf.io/dgq6b/

show abstract

“…The goal of our literature review was to identify relevant work that has (1) empirically examined information privacy in the employer-employee relationship, (2) significantly contributed to the theoretical foundation of empirical research, and (3) applied methods of privacy engineering to the employment context. Although similar literature reviews have been conducted before, they are either focusing on non-employment contexts [112,113,114,115,116,160,161,162,163,168,268], are outdated [69], or the underlying methodology is unclear and not comprehensible [25].…”

Section: Literature Review Proceduresmentioning

confidence: 99%

“…To include articles from engineering research areas on the topic of (usable) privacy, we used the following repositories based on previous literature reviews [163,268]: The ACM Digital Library, the IEEE Xplore Digital Library, the USENIX Papers Search, the Sciendo search, the Springer Link repository, and the Web of Science. 1 However, because technical research areas tend to conceptualize "information privacy" simply as "privacy", the articles had to meet the following basic requirements to be considered: article ∋ (employee privacy ∧ (employee ∨ worker) ∧ (workplace ∨ employer))…”

Section: Literature Review Proceduresmentioning

confidence: 99%

Investigation of Information Privacy in Employment: Fundamental Knowledge and Practical Solutions for the Human-Centered Design of Measures to Preserve the Right to Informational Self-Determination in Employment

Tolsdorf¹

View full text Add to dashboard Cite

A Systematic Literature Review of Empirical Methods and Risk Representation in Usable Privacy and Security Research

Cited by 29 publications

References 115 publications

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Measurement Practices in UX Research: A Systematic Quantitative Literature Review

Investigation of Information Privacy in Employment: Fundamental Knowledge and Practical Solutions for the Human-Centered Design of Measures to Preserve the Right to Informational Self-Determination in Employment

Contact Info

Product

Resources

About