Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University)

Apple's App Privacy Report (``privacy report''), released in 2021, aims to
inform iOS users about apps' access to their data and sensors (e.g., contacts,
camera) and, unlike other privacy dashboards, what domains are contacted by apps and websites. To evaluate the
effectiveness of the privacy report, we conducted semi-structured interviews
(textit{n} = 20) to examine users' reactions to the information, their understanding of relevant privacy
implications, and how they might change
their behavior to address privacy concerns. Participants easily understood which
apps accessed data and sensors at certain times on their phones, and knew how to
remove an app's permissions in case of unexpected access. In contrast,
participants had difficulty understanding apps' and websites' network
activities. They were confused about how and why network activities occurred,
overwhelmed by the number of domains their apps contacted, and uncertain about
what remedial actions they could take against potential privacy threats. While
the privacy report and similar tools can increase transparency by presenting
users with details about how their data is handled, we recommend providing more
interpretation or aggregation of technical details, such as the purpose of
contacting domains, to help users make informed decisions.

View More Papers

Work-in-Progress: Uncovering Dark Patterns: A Longitudinal Study of Cookie...

Zihan Qu (Johns Hopkins University), Xinyi Qu (University College London), Xin Shen, Zhen Liang, and Jianjia Yu (Johns Hopkins University)

Read More

BinEnhance: An Enhancement Framework Based on External Environment Semantics...

Yongpan Wang (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Xiaojie Zhu (King Abdullah University of Science and Technology, Thuwal, Saudi Arabia), Siyuan Li (Institute of Information Engineering Chinese…

Read More

TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption

Martin Unterguggenberger (Graz University of Technology), Lukas Lamster (Graz University of Technology), David Schrammel (Graz University of Technology), Martin Schwarzl (Cloudflare, Inc.), Stefan Mangard (Graz University of Technology)

Read More

Generating API Parameter Security Rules with LLM for API...

Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of…

Read More