Influence of privacy priming and security framing on mobile app selection

Chong, Isis; Ge, Huangyi; Li, Ninghui; Proctor, Robert W.

doi:10.1016/j.cose.2018.06.005

Cited by 24 publications

(43 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At this stage, app stores present app descriptions and their permission requirements to potential app users. These users are supposed to read and understand the descriptions of an app and review its permission requirements to decide whether to select and install a particular app or not [64]. Users install an app only when its perceived benefits exceed perceived risks [65].…”

Section: Designmentioning

confidence: 99%

“…For example, the authors of [39,[44][45][46] used app permissions to determine its access to sensitive user data and critical device features for calculating app risks. As Android uses a privacy self-management model and users grant or deny different permissions to an app after evaluating the costs and benefits of a function that the app is offering, users are supposed to be familiar with the sensitivity of different permissions [64].…”

Section: Designmentioning

confidence: 99%

“…The decisions and choices of Android users while evaluating an app are influenced by the information offered to them and their privacy awareness and skills [62]. However, the role of the offered information cannot be ignored [64]. Moreover, it is known that user decisions while reading app descriptions and reviewing its permission requirements for making choices at the download stage represent their expectations [67,68].…”

Section: Limitationsmentioning

confidence: 99%

See 2 more Smart Citations

On Transparency and Accountability of Smart Assistants in Smart Cities

et al. 2019

View full text Add to dashboard Cite

Smart Assistants have rapidly emerged in smartphones, vehicles, and many smart home devices. Establishing comfortable personal spaces in smart cities requires that these smart assistants are transparent in design and implementation—a fundamental trait required for their validation and accountability. In this article, we take the case of Google Assistant (GA), a state-of-the-art smart assistant, and perform its diagnostic analysis from the transparency and accountability perspectives. We compare our discoveries from the analysis of GA with those of four leading smart assistants. We use two online user studies (N = 100 and N = 210) conducted with students from four universities in three countries (China, Italy, and Pakistan) to learn whether risk communication in GA is transparent to its potential users and how it affects them. Our research discovered that GA has unusual permission requirements and sensitive Application Programming Interface (API) usage, and its privacy requirements are not transparent to smartphone users. The findings suggest that this lack of transparency makes the risk assessment and accountability of GA difficult posing risks to establishing private and secure personal spaces in a smart city. Following the separation of concerns principle, we suggest that autonomous bodies should develop standards for the design and development of smart city products and services.

show abstract

Section: Designmentioning

confidence: 99%

Section: Designmentioning

confidence: 99%

Section: Limitationsmentioning

confidence: 99%

See 1 more Smart Citation

On Transparency and Accountability of Smart Assistants in Smart Cities

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Then, the rightmost column, PII class was filled by the user choice. Therefore, based on user 'X"s opinion (1) biometric ID was given with legal consent as a result of permitting camera, record_audio, body_sensors and use_fingerprint; (2) location was given with legal consent as a result of permitting read_ext_storage, read_calendar, access_network and access_coarse_location and (3) contact number was given with legal consent as a result of permitting call_phone, send_sms, get_account and read_call_log. The dataset used by this study contained similar information like Table 6.…”

Section: Appl Sci 2019 9 X For Peer Review 11 Of 26mentioning

confidence: 99%

“…Since the media content consumption trend is concentrated on mobile devices, the risk of personal data leakage in this environment is getting higher. Once, a company receives personal data, it not only just analyzes data but also trades to other companies as a business policy [1]. Once compromised, invaders can use the data to regain personally identifiable information (PII) and potential personally identifiable information (PPII) or partial identity to harm the users by social engineering attacks.…”

Section: Introductionmentioning

confidence: 99%

Personal Information Classification on Aggregated Android Application’s Permissions

et al. 2019

View full text Add to dashboard Cite

Android is offering millions of apps on Google Play-store by the application publishers. However, those publishers do have a parent organization and share information with them. Through the ‘Android permission system’, a user permits an app to access sensitive personal data. Large-scale personal data integration can reveal user identity, enabling new insights and earn revenue for the organizations. Similarly, aggregation of Android app permissions by the app owning parent organizations can also cause privacy leakage by revealing the user profile. This work classifies risky personal data by proposing a threat model on the large-scale app permission aggregation by the app publishers and associated owners. A Google-play application programming interface (API) assisted web app is developed that visualizes all the permissions an app owner can collectively gather through multiple apps released via several publishers. The work empirically validates the performance of the risk model with two case studies. The top two Korean app owners, seven publishers, 108 apps and 720 sets of permissions are studied. With reasonable accuracy, the study finds the contact number, biometric ID, address, social graph, human behavior, email, location and unique ID as frequently exposed data. Finally, the work concludes that the real-time tracking of aggregated permissions can limit the odds of user profiling.

show abstract