Bayesian evaluation of privacy-preserving risk communication for user android app preferences
Information and Computer Security
ISSN: 2056-4961
Article publication date: 22 June 2021
Issue publication date: 26 October 2021
Abstract
Purpose
The purpose of this paper is to propose practical and usable interactions that will allow more informed, risk-aware comparisons for individuals during app selections. The authors include an explicit argument for the role of human decision-making during app selection and close with a discussion of the strengths of a Bayesian approach to evaluating privacy and security interventions.
Design/methodology/approach
The authors focused on the risk communication in mobile marketplaceās realm, examining how risk indicators can help people choose more secure and privacy-preserving apps. Combining canonical findings in risk perception with previous work in usable security, the authors designed indicators for each app to enable decisions that prioritize risk avoidance. Specifically, the authors performed a natural experiment with N = 60 participants, where they asked them to select applications on Android tablets with accurate real-time marketplace data.
Findings
In the aggregate, the authors found that app selections changed to be more risk-averse in the presence of a user-centered multi-level warning system using visual indicators that enabled a click-thru to the more detailed risk and permissions information.
Originality/value
Privacy research in the laboratory is often in conflict with privacy decision-making in the marketplace, resulting in a privacy paradox. To better understand this, the authors implemented a research design based on clinical experimental approaches, testing the interaction in a noisy, confounded field environment.
Keywords
Acknowledgements
This research was supported in part by the National Science Foundation under CNS 1565375, Cisco Research Support, and the Comcast Innovation Fund. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s). They do not necessarily reflect the views of the US Government, NSF, Cisco, Comcast, Indiana University, or the University of Denver.
Citation
Momenzadeh, B., Gopavaram, S., Das, S. and Camp, L.J. (2021), "Bayesian evaluation of privacy-preserving risk communication for user android app preferences", Information and Computer Security, Vol. 29 No. 4, pp. 680-693. https://doi.org/10.1108/ICS-11-2020-0182
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited