research-article

What's the deal with privacy apps?: a comprehensive exploration of user perception and usability

Authors:

Stephanie Hurtado,

Sonia ChiassonAuthors Info & Claims

MUM '15: Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia

Pages 25 - 36

https://doi.org/10.1145/2836041.2836044

Published: 30 November 2015 Publication History

Abstract

We explore mobile privacy through a survey and through usability evaluation of three privacy-preserving mobile applications. Our survey explores users' knowledge of privacy risks, as well as their attitudes and motivations to protect their privacy on mobile devices. We found that users have incomplete mental models of privacy risks associated with such devices. And, although participants believe they are primarily responsible for protecting their own privacy, there is a clear gap between their perceived privacy risks and the defenses they employ. For example, only 6% of participants use privacy-preserving applications on their mobile devices, but 83% are concerned about privacy. Our usability studies show that mobile privacy-preserving tools fail to fulfill fundamental usability goals such as learnability and intuitiveness---potential reasons for their low adoption rates. Through a better understanding of users' perception and attitude towards privacy risks, we aim to inform the design of privacy-preserving mobile applications. We look at these tools through users' eyes, and provide recommendations to improve their usability and increase user-acceptance.

References

[1]

ChatSecure (formerly Gibberbot). https://guardianproject.info/apps/chatsecure/. {Accessed August-2015}.

[2]

CrowdFlower. http://www.crowdflower.com. {Accessed August-2015}.

[3]

Firefox Mobile: Privacy Enhanced. https://guardianproject.info/apps/firefoxprivacy/. {Accessed August-2015}.

[4]

The Guardian Project. https://guardianproject.info. {Accessed August-2015}.

[5]

ObscuraCam: Secure Smart Camera. https://guardianproject.info/apps/obscuracam/. {Accessed August-2015}.

[6]

Orbot: Mobile Anonymity + Circumvention. https://guardianproject.info/apps/orbot/. {Accessed August-2015}.

[7]

Secure Messaging Scorecard. Which apps and tools actually keep your messages safe? https://www.eff.org/secure-messaging-scorecard. {Accessed August-2015}.

[8]

Tor Project: Anonymity Online. https://www.torproject.org. {Accessed August-2015}.

[9]

Shane Ahern, Dean Eckles, Nathaniel S. Good, Simon King, Mor Naaman, and Rahul Nair. 2007. Over-exposed?: Privacy Patterns and Considerations in Online and Mobile Photo Sharing. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '07). ACM, New York, NY, USA, 357-366.

Digital Library

[10]

Chris Alexander and Ian Goldberg. 2007. Improved User Authentication in Off-the-record Messaging. In Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (WPES '07). ACM, New York, NY, USA, 41-47.

Digital Library

[11]

Morgan Ames, Dean Eckles, Mor Naaman, Mirjana Spasojevic, and Nancy Van House. 2010. Requirements for mobile photoware. Personal and Ubiquitous Computing 14, 2 (2010), 95-109.

Digital Library

[12]

Hala Assal and Sonia Chiasson. 2014. Extended Abstract: Will this onion make you cry? A Usability Study of Tor-enabled Mobile Apps. In Tenth Symp On Usable Privacy and Security (SOUPS). https://cups.cs.cmu.edu/soups/2014/posters/soups2014_posters-paper27.pdf

[13]

Andrew Besmer and Heather Richter Lipford. 2010. Moving Beyond Untagging: Photo Privacy in a Tagged World. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 1563-1572.

Digital Library

[14]

Nikita Borisov, Ian Goldberg, and Eric Brewer. 2004. Off-the-Record Communication, or, Why Not to Use PGP. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society (WPES '04). ACM, New York, NY, USA, 77-84.

Digital Library

[15]

Danyl Bosomworth. Statistics on mobile usage and adoption to inform your mobile marketing strategy. http://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/. {Accessed August-2015}.

[16]

Jeremy Clark, Paul C Van Oorschot, and Carlisle Adams. 2007. Usability of anonymous web browsing: an examination of TOR interfaces and deployability. In Symp on Usable Privacy and Security. ACM, 41--51.

Digital Library

[17]

CMU. PrivacyGrade: Grading The Privacy Of Smartphone Apps. http://privacygrade.org/home. {Accessed August-2015}.

[18]

Gregory Conti and Edward Sobiesk. 2007. An Honest Man Has Nothing to Fear: User Perceptions on Web-based Information Disclosure. In Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS '07). ACM, New York, NY, USA, 112-121.

Digital Library

[19]

R Dingledine. 2004. Tor: The Second-Generation Onion Router. In USENIX Security Symp.

Digital Library

[20]

Gerald Friedland and Robin Sommer. 2010. Cybercasing the Joint: On the Privacy Implications of Geo-tagging. In Proceedings of the 5th USENIX Conference on Hot Topics in Security (HotSec'10). USENIX Association, Berkeley, CA, USA, 1--8.

Digital Library

[21]

Ian Goldberg. 2007. Privacy enhancing technologies for the Internet III: Ten years later. Digital Privacy: Theory, Technologies, and Practices (2007), 3--18.

[22]

Ian Goldberg, Chris Alexander, and Nikita Borisov. Off-the-Record Messaging: Authentication. http://www.cypherpunks.ca/otr/help/authenticate.php?lang=en. {Accessed August-2015}.

[23]

Ian Goldberg, Chris Alexander, and Nikita Borisov. Off-the-Record Messaging: Fingerprints. http://www.cypherpunks.ca/otr/help/fingerprints.php?lang=en. {Accessed August-2015}.

[24]

Google+ Help. Show where your photos were taken. https://support.google.com/plus/answer/6008918?hl=en. {Accessed August-2015}.

[25]

Benjamin Henne, Christian Szongott, and Matthew Smith. 2013. SnapMe if You Can: Privacy Threats of Other Peoples' Geo-tagged Media and What We Can Do About It. In Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '13). ACM, New York, NY, USA, 95-106.

Digital Library

[26]

Ruogu Kang, Stephanie Brown, and Sara Kiesler. 2013. Why Do People Seek Anonymity on the Internet?: Informing Policy and Design. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). ACM, New York, NY, USA, 2657-2666.

Digital Library

[27]

Greg Norcie, Jim Blythe, Kelly Caine, and L Jean Camp. 2014. Why Johnny Can't Blow the Whistle: Identifying and Reducing Usability Issues in Anonymity Systems. In Network and Distributed System Security Symp (NDSS) Workshop on Usable Security (USEC).

[28]

Ryan Stedman, Kayo Yoshida, and Ian Goldberg. 2008. A User Study of Off-the-record Messaging. In Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS '08). ACM, New York, NY, USA, 95-104.

Digital Library

[29]

Tor Metrics. Estimated number of clients in the Tor network. https://metrics.torproject.org/clients-data.html. {Accessed August-2015}.

[30]

Alma Whitten and J Doug Tygar. 1999. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In USENIX Security Symp.

Digital Library

[31]

Ka-Ping Yee. 2002. User Interaction Design for Secure Systems. In Information and Communications Security. Springer Berlin Heidelberg, 278-290.

Digital Library

Cited By

Saeed S(2024)Usable Privacy and Security in Mobile Applications: Perception of Mobile End Users in Saudi ArabiaBig Data and Cognitive Computing10.3390/bdcc81101628:11(162)Online publication date: 18-Nov-2024
https://doi.org/10.3390/bdcc8110162
Putz FHaesler SHollick M(2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.1145/3686964
Logas JGarg PArriaga RDas S(2024)The Subversive AI Acceptance Scale (SAIA-8): A Scale to Measure User Acceptance of AI-Generated, Privacy-Enhancing Image ModificationsProceedings of the ACM on Human-Computer Interaction10.1145/36410248:CSCW1(1-43)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3641024
Show More Cited By

Index Terms

What's the deal with privacy apps?: a comprehensive exploration of user perception and usability
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy

Recommendations

How to Deal with Third Party Apps in a Privacy System -- The PMP Gatekeeper --
MDM '15: Proceedings of the 2015 16th IEEE International Conference on Mobile Data Management - Volume 01

Nowadays, mobile devices collect a lot of private information. Therefore every vendor of a mobile platform has to provide a sufficient mechanism to secure this data. Android pursues a strategy to pass full control (and thus full responsibility) over any ...
Privacy-preserving Comparison of Cloud Exposure Induced by Mobile Apps
MobiQuitous 2017: Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services

The increasing utilization of cloud services by mobile apps on smartphones leads to serious privacy concerns. While users can quantify the cloud usage of their apps, they often cannot relate to involved privacy risks. In this paper, we apply comparison-...
Privacy Apps for Smartphones: An Assessment of Users’ Preferences and Limitations
HCI for Cybersecurity, Privacy and Trust
Abstract
Smartphones are becoming our most trusted computing devices for storing and dealing with highly sensitive information which makes smartphones an essential platform to take under control utilizing privacy-preserving applications (apps). There ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

MUM '15: Proceedings of the 14th International Conference on Mobile and Ubiquitous Multimedia

November 2015

442 pages

ISBN:9781450336055

DOI:10.1145/2836041

General Chairs:
Clemens Holzmann
University of Applied Sciences Upper Austria, Hagenberg, Austria
,
René Mayrhofer
Johannes Kepler University Linz, Linz, Austria
,
Program Chairs:
Jonna Häkkilä
University of Lapland
,
Enrico Rukzio
University of Ulm
,
Publications Chair:
Michael Roland
University of Applied Sciences Upper Austria

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

FH OOE: University of Applied Sciences Upper Austria
Johannes Kepler Univ Linz: Johannes Kepler Universität Linz

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 November 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Conference

MUM '15

Sponsor:

FH OOE
Johannes Kepler Univ Linz

MUM '15: 14th International Conference on Mobile and Ubiquitous Multimedia

November 30 - December 2, 2015

Linz, Austria

Acceptance Rates

MUM '15 Paper Acceptance Rate 33 of 89 submissions, 37%;

Overall Acceptance Rate 190 of 465 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
395
Total Downloads

Downloads (Last 12 months)77
Downloads (Last 6 weeks)4

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Saeed S(2024)Usable Privacy and Security in Mobile Applications: Perception of Mobile End Users in Saudi ArabiaBig Data and Cognitive Computing10.3390/bdcc81101628:11(162)Online publication date: 18-Nov-2024
https://doi.org/10.3390/bdcc8110162
Putz FHaesler SHollick M(2024)Sounds Good? Fast and Secure Contact Exchange in GroupsProceedings of the ACM on Human-Computer Interaction10.1145/36869648:CSCW2(1-44)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.1145/3686964
Logas JGarg PArriaga RDas S(2024)The Subversive AI Acceptance Scale (SAIA-8): A Scale to Measure User Acceptance of AI-Generated, Privacy-Enhancing Image ModificationsProceedings of the ACM on Human-Computer Interaction10.1145/36410248:CSCW1(1-43)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3641024
Saltarella MDesolda GEsposito AGreco FLanzilotti R(2024)Bridging the gap between GPDR and software development: the MATERIALIST frameworkMultimedia Tools and Applications10.1007/s11042-024-19923-0Online publication date: 10-Oct-2024
https://doi.org/10.1007/s11042-024-19923-0
Vakare GKhan FNaikwade ARautela DLamkuche H(2024)Sentiment Analysis of Crypto Currency Trading Applications in India Using Machine LearningComputing, Communication and Learning10.1007/978-3-031-56998-2_12(138-150)Online publication date: 31-Mar-2024
https://doi.org/10.1007/978-3-031-56998-2_12
Shams SReinhardt D(2023)Vision: Supporting Citizens in Adopting Privacy Enhancing TechnologiesProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617105(253-259)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3617072.3617105
Chen BDodis YGhosh EGoldin EKesavan BMarcedone AMou M(2023)Rotatable Zero Knowledge SetsAdvances in Cryptology – ASIACRYPT 202210.1007/978-3-031-22969-5_19(547-580)Online publication date: 25-Jan-2023
https://doi.org/10.1007/978-3-031-22969-5_19
Vakare GRautela DShobharam Lamkuche H(2022)User's Perception on Security and Privacy in Using Crypto Currency Trading Application in India2022 International Conference on Knowledge Engineering and Communication Systems (ICKES)10.1109/ICKECS56523.2022.10060666(1-8)Online publication date: 28-Dec-2022
https://doi.org/10.1109/ICKECS56523.2022.10060666
Tahir HBrezillon P(2022)A Context Approach to Improve the Data Anonymization Process2022 International Conference on Engineering and Emerging Technologies (ICEET)10.1109/ICEET56468.2022.10007410(1-6)Online publication date: 27-Oct-2022
https://doi.org/10.1109/ICEET56468.2022.10007410
Abazi BGegaj R(2022)A Comparative Study on the User Experience on Using Secure Messaging ToolsBig Data Privacy and Security in Smart Cities10.1007/978-3-031-04424-3_7(119-131)Online publication date: 9-Sep-2022
https://doi.org/10.1007/978-3-031-04424-3_7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents