research-article

"Little brothers watching you": raising awareness of data leaks on smartphones

Authors:

Rebecca Balebako,

Lorrie Faith Cranor,

Carolyn NguyenAuthors Info & Claims

SOUPS '13: Proceedings of the Ninth Symposium on Usable Privacy and Security

Article No.: 12, Pages 1 - 11

https://doi.org/10.1145/2501604.2501616

Published: 24 July 2013 Publication History

Abstract

Today's smartphone applications expect users to make decisions about what information they are willing to share, but fail to provide sufficient feedback about which privacy-sensitive information is leaving the phone, as well as how frequently and with which entities it is being shared. Such feedback can improve users' understanding of potential privacy leakages through apps that collect information about them in an unexpected way. Through a qualitative lab study with 19 participants, we first discuss misconceptions that smartphone users currently have with respect to two popular game applications that frequently collect the phone's current location and share it with multiple third parties. To measure the gap between users' understanding and actual privacy leakages, we use two types of interfaces that we developed: just-in-time notifications that appear the moment data is shared and a visualization that summarizes the shared data. We then report on participants' perceived benefits and concerns regarding data sharing with smartphone applications after experiencing notifications and having viewed the visualization. We conclude with a discussion on how heightened awareness of users and usable controls can mitigate some of these concerns.

References

[1]

Fact sheet 2b: Privacy in the age of the smartphone. Privacy Rights Clearinghouse, Sep. 2012.

[2]

M. Böhmer, B. Hecht, J. Schöning, A. Krüger, and G. Bauer. Falling asleep with angry birds, facebook and kindle: a large scale study on mobile application usage. In Proc. of MobileHCI, 2011.

Digital Library

[3]

J. L. Boyles, A. Smith, and M. Madden. Privacy and data management on mobile devices. Pew Internet and American Life Project, Aug. 2012.

[4]

E. Chin, A. Felt, V. Sekar, and D. Wagner. Measuring user confidence in smartphone security and privacy. In Proc. of SOUPS, 2012.

Digital Library

[5]

S. Consolvo, J. Jung, B. Greenstein, P. Powledge, G. Maganis, and D. Avrahami. The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on wi-fi. In Proc. of Ubicomp, 2010.

Digital Library

[6]

L. Cranor, P. Guduru, and M. Arjula. User interfaces for privacy agents. TOCHI, 13(2):135--178, 2006.

Digital Library

[7]

W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In Proc. of OSDI, 2010.

Digital Library

[8]

A. Felt, S. Egelman, M. Finifter, D. Akhawe, and D. Wagner. How to ask for permission. In Proc. of HotSec, 2012.

Digital Library

[9]

A. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. In Proc. of SOUPS, 2012.

Digital Library

[10]

P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In Proc. of CCS, 2011.

Digital Library

[11]

C. Jensen, C. Potts, and C. Jensen. Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human-Computer Studies, 63:203--227, 2005.

Digital Library

[12]

J. Jung, S. Han, and D. Wetherall. Short paper: Enhancing mobile application permissions with runtime feedback and constraints. In Proc. of the workshop on Security and Privacy in Smartphones and Mobile devices, 2012.

Digital Library

[13]

P. Kelley, S. Consolvo, L. Cranor, J. Jung, N. Sadeh, and D. Wetherall. A conundrum of permissions: Installing applications on an android smartphone. In Proc. of USEC, 2012.

Digital Library

[14]

P. Kelley, L. F. Cranor, and N. Sadeh. Privacy as part of the app decision-making process. In Proc. of CHI, 2013.

Digital Library

[15]

P. G. Kelley, L. Cesca, J. Bresee, and L. F. Cranor. Standardizing privacy notices: an online study of the nutrition label approach. In Proc. of CHI, 2010.

Digital Library

[16]

B. Kowitz and L. Cranor. Peripheral privacy notifications for wireless networks. In Proc. of the Workshop on Privacy in the Electronic Society, 2005.

Digital Library

[17]

J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing. In Proc. of UbiComp, 2012.

Digital Library

[18]

B. Ur, P. G. Leon, L. F. Cranor, R. Shay, and Y. Wang. Smart, useful, scary, creepy: perceptions of online behavioral advertising. In Proc. of SOUPS, 2012.

Digital Library

[19]

J. Urban, C. Hoofnagle, and S. Li. Mobile phones and privacy. UC Berkeley Public Law Research Paper, 2012.

[20]

Y. Zhou, X. Zhang, X. Jiang, and V. Freeh. Taming information-stealing smartphone applications (on android). In Proc. of TRUST, 2011.

Digital Library

Cited By

Enriquez D(2024)Publishing publicly available interview data: an empirical example of the experience of publishing interview dataFrontiers in Sociology10.3389/fsoc.2024.11575149Online publication date: 5-Jun-2024
https://doi.org/10.3389/fsoc.2024.1157514
Amanda IGraffin SGrando M(2024)Scoping review of data privacy risks in COVID-19 apps with digital vaccination certificationsDIGITAL HEALTH10.1177/2055207624123917110Online publication date: 18-Mar-2024
https://doi.org/10.1177/20552076241239171
Korneeva ESalge TCichy PAntons D(2024)How Users Assess Privacy Risks in the Internet of Things: The Role of Framing, Comparing, and EducatingBusiness & Society10.1177/0007650324125508263:8(1794-1841)Online publication date: 23-Jul-2024
https://doi.org/10.1177/00076503241255082
Show More Cited By

Index Terms

"Little brothers watching you": raising awareness of data leaks on smartphones
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging
CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems

Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data ...
Privacy as part of the app decision-making process
CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have ...
Usability versus privacy instead of usable privacy: Google's balancing act between usability and privacy

A smartphone is an indispensible device that also holds a great deal of personal and private data. Contact details, party or holiday photos and emails --- all carried around in our pockets and easily lost. On Android, the most widely-used smartphone ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '13: Proceedings of the Ninth Symposium on Usable Privacy and Security

July 2013

241 pages

ISBN:9781450323192

DOI:10.1145/2501604

Conference Chairs:
Lujo Bauer
Carnegie Mellon University
,
Konstantin Beznosov
University of British Columbia
,
General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2013 Copyright is held by the owner/author(s).

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Carnegie Mellon University: Carnegie Mellon University

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 July 2013

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOUPS '13

Sponsor:

Carnegie Mellon University

SOUPS '13: Symposium On Usable Privacy and Security

July 24 - 26, 2013

Newcastle, United Kingdom

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

143
Total Citations
View Citations
1,667
Total Downloads

Downloads (Last 12 months)159
Downloads (Last 6 weeks)47

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Enriquez D(2024)Publishing publicly available interview data: an empirical example of the experience of publishing interview dataFrontiers in Sociology10.3389/fsoc.2024.11575149Online publication date: 5-Jun-2024
https://doi.org/10.3389/fsoc.2024.1157514
Amanda IGraffin SGrando M(2024)Scoping review of data privacy risks in COVID-19 apps with digital vaccination certificationsDIGITAL HEALTH10.1177/2055207624123917110Online publication date: 18-Mar-2024
https://doi.org/10.1177/20552076241239171
Korneeva ESalge TCichy PAntons D(2024)How Users Assess Privacy Risks in the Internet of Things: The Role of Framing, Comparing, and EducatingBusiness & Society10.1177/0007650324125508263:8(1794-1841)Online publication date: 23-Jul-2024
https://doi.org/10.1177/00076503241255082
Bemmann FStoll HMayer S(2024)Privacy Slider: Fine-Grain Privacy Control for SmartphonesProceedings of the ACM on Human-Computer Interaction10.1145/36765198:MHCI(1-31)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676519
Bourdoucen ALindqvist J(2024)Privacy of Default Apps in Apple’s Mobile EcosystemProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642831(1-32)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642831
Elahi HWang GJiang WBartel ALe Traon Y(2024)A Qualitative Study of App Acquisition and ManagementIEEE Transactions on Computational Social Systems10.1109/TCSS.2023.328856211:2(1907-1925)Online publication date: Apr-2024
https://doi.org/10.1109/TCSS.2023.3288562
Alashwali ECranor L(2024)Privacy Perceptions and Behaviors of Google Personal Account Holders in Saudi ArabiaHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61379-1_1(3-29)Online publication date: 1-Jun-2024
https://doi.org/10.1007/978-3-031-61379-1_1
Fischer-Hübner SKaregar FFischer-Hübner SKaregar F(2024)Challenges of Usable PrivacyThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_4(103-131)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-54158-2_4
Fischer-Hübner SKaregar FFischer-Hübner SKaregar F(2024)Overview of Usable Privacy Research: Major Themes and Research DirectionsThe Curious Case of Usable Privacy10.1007/978-3-031-54158-2_3(43-102)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-54158-2_3
Taub GElmalech AAharony NRosenfeld A(2023)Monetary Compensation and Private Information Sharing in Augmented Reality ApplicationsInformation10.3390/info1406032514:6(325)Online publication date: 8-Jun-2023
https://doi.org/10.3390/info14060325
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents