Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University)

Apple's App Privacy Report (``privacy report''), released in 2021, aims to
inform iOS users about apps' access to their data and sensors (e.g., contacts,
camera) and, unlike other privacy dashboards, what domains are contacted by apps and websites. To evaluate the
effectiveness of the privacy report, we conducted semi-structured interviews
(textit{n} = 20) to examine users' reactions to the information, their understanding of relevant privacy
implications, and how they might change
their behavior to address privacy concerns. Participants easily understood which
apps accessed data and sensors at certain times on their phones, and knew how to
remove an app's permissions in case of unexpected access. In contrast,
participants had difficulty understanding apps' and websites' network
activities. They were confused about how and why network activities occurred,
overwhelmed by the number of domains their apps contacted, and uncertain about
what remedial actions they could take against potential privacy threats. While
the privacy report and similar tools can increase transparency by presenting
users with details about how their data is handled, we recommend providing more
interpretation or aggregation of technical details, such as the purpose of
contacting domains, to help users make informed decisions.

View More Papers

WAVEN: WebAssembly Memory Virtualization for Enclaves

Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)

Read More

Truman: Constructing Device Behavior Models from OS Drivers to...

Zheyu Ma (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University; EPFL; JCSS, Tsinghua University (INSC) - Science City (Guangzhou) Digital Technology Group Co., Ltd.), Qiang Liu (EPFL), Zheming Li (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University; JCSS, Tsinghua University (INSC) - Science City (Guangzhou) Digital Technology Group Co., Ltd.), Tingting Yin (Zhongguancun…

Read More

Diffence: Fencing Membership Privacy With Diffusion Models

Yuefeng Peng (University of Massachusetts Amherst), Ali Naseh (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)

Read More

type++: Prohibiting Type Confusion with Inline Type Information

Nicolas Badoux (EPFL), Flavio Toffalini (Ruhr-Universität Bochum, EPFL), Yuseok Jeon (UNIST), Mathias Payer (EPFL)

Read More