Permission vs. App Limiters: Profiling Smartphone Users to Understand Differing Strategies for Mobile Privacy Management

Alsoubai, Ashwaq; Anaraky, Reza Ghaiumy; Li, Yao; Page, Xinru; Knijnenburg, Bart P.; Wiśniewski, Pamela

doi:10.1145/3491102.3517652

Cited by 15 publications

(9 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While there has been research on how to present permission requests to end-users (e.g., [72,99]), we are unaware of specific studies that have explored ways to help end-users find and then remove unused or unnecessary permissions. Although some end-user participants were aware of permission settings and tried to change these settings (e.g., 28.68% of Android participants, N=380 [4]), our findings suggest that more work is needed ( §4.4). Future research should consider informing end-users and developers of unused or unnecessary permissions periodically-one starting point could be using recommendation tools to periodically nudge and remind end-users and developers of permissions requested by apps, as inspired by Liu et al [49].…”

Section: Forgotten Permissions: Possibly Rooted In Scope Confusions A...mentioning

confidence: 82%

“…We recruited 309 3 enduser participants using Prolific [63], a typical crowdsourcing platform for recruiting participants for empirical privacy studies [20]. We decided to recruit participants residing in the U.K. because (1) privacy is a cultural and contextual topic, and people's interpretation of what privacy means can vary based on where they are located [14,69,70,97]; 4 (2) Prolific offers representative samples only for two countries, the U.S. and the U.K. [64]; (3) we had limited resources and budget; and (4) a simple translation from English into other languages could have caused different interpretations of our questions. To avoid this, we would have needed to perform a validated translation, instead of a simple translation, for consistency (as stated in [70]), requiring additional resources.…”

Section: Survey Study With End-usersmentioning

confidence: 99%

“…Prolific's minimum size of a representative sample of the U.K. is 300 [64] 4. We did not consider this for our interview study with developers because our sample was small, and our developer participants developed apps for end-users across the globe and not necessarily for end-users in the developers' home countries.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Tahaei,

Abu-Salma,

Rashid

2023

Preprint

View full text Add to dashboard Cite

While the literature on permissions from the end-user perspective is rich, there is a lack of empirical research on why developers request permissions, their conceptualization of permissions, and how their perspectives compare with end-users' perspectives. Our study aims to address these gaps using a mixed-methods approach.Through interviews with 19 app developers and a survey of 309 Android and iOS end-users, we found that both groups shared similar concerns about unnecessary permissions breaking trust, damaging the app's reputation, and potentially allowing access to sensitive data. We also found that developer participants sometimes requested multiple permissions due to confusion about the scope of certain permissions or third-party library requirements. Additionally, most end-user participants believed they were responsible for granting a permission request, and it was their choice to do so, a belief shared by many developer participants. Our findings have implications for improving the permission ecosystem for both developers and end-users. CCS CONCEPTS• Security and privacy → Software and application security;Human and societal aspects of security and privacy; Usability in security and privacy; • Human-centered computing → Human computer interaction (HCI); HCI design and evaluation methods; • Software and its engineering;

show abstract

Section: Forgotten Permissions: Possibly Rooted In Scope Confusions A...mentioning

confidence: 82%

Section: Survey Study With End-usersmentioning

confidence: 99%

See 1 more Smart Citation

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Tahaei,

Abu-Salma,

Rashid

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…But the complexity of connected devices makes effectively communicating relevant information a difficult task; research into the efficacy of smartphone permissions on platforms like Android and iOS has historically shown problems with attention and understanding [14]. Users also have more nuanced responses than just declining permissions-such as choosing different apps or minimising app installations-and these choices can be traced back to more fundamental attitudes and intentions [3].…”

Section: Permissions and Privacy Labelsmentioning

confidence: 99%

“…At the time of writing the European Commission recognises equivalent regulations in Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay as providing adequate protection to allow data flows without additional safeguards. 3…”

Section: Introductionmentioning

confidence: 99%

Legal Obligation and Ethical Best Practice: Towards Meaningful Verbal Consent for Voice Assistants

Seymour,

Cote,

Such

2023

Preprint

View full text Add to dashboard Cite

To improve user experience, Alexa now allows users to consent to data sharing via voice rather than directing them to the companion smartphone app. While verbal consent mechanisms for voice assistants (VAs) can increase usability, they can also undermine principles core to informed consent. We conducted a Delphi study with experts from academia, industry, and the public sector on requirements for verbal consent in VAs. Candidate requirements were drawn from the literature, regulations, and research ethics guidelines that participants rated based on their relevance to the consent process, actionability by platforms, and usability by end-users, discussing their reasoning as the study progressed. We highlight key areas of (dis)agreement between experts, deriving recommendations for regulators, skill developers, and VA platforms towards crafting meaningful verbal consent mechanisms. Key themes include approaching permissions according to the user's ability to opt-out, minimising consent decisions, and ensuring platforms follow established consent principles. CCS CONCEPTS• Security and privacy → Social aspects of security and privacy; Usability in security and privacy; • Human-centered computing → Natural language interfaces; • Applied computing → Law.

show abstract

Gaming the system: tetromino-based covert channel and its impact on mobile security

Vasilellis,

Botsos,

Anagnostopoulou

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Permission vs. App Limiters: Profiling Smartphone Users to Understand Differing Strategies for Mobile Privacy Management

Cited by 15 publications

References 39 publications

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

Legal Obligation and Ethical Best Practice: Towards Meaningful Verbal Consent for Voice Assistants

Gaming the system: tetromino-based covert channel and its impact on mobile security

Contact Info

Product

Resources

About