Author(s): Anand Paturi, Patrick Gage Kelley, Subhasish Mazumdar

Download: Paper (PDF)

Date: 7 Feb 2015

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2015

Abstract:

Android mobile users are provided with a permissions list before installing an app that displays the list of resources available to that app. Users can review the permissions list and decide to install the app if they trust the app with their information. However, this information is accessible not only to the app provider but may also be available to third party ad libraries included in the app, which users are unaware of. In this paper, we propose a novel icon-based privacy threat representation as an alternative to permissions list that shows privacy threats to users from both app providers and associated ad libraries. Our approach considers users’ privacy in terms of three granules: location, identity and query. Our proposed interface aims to educate users about which particular app providers and third parties have access to their privacy granules. We obtained user feedback on our technique in two user surveys (n = 137; 294), one each for testing the icons and the icon-based privacy threat display. We present our findings for ease of use and effectiveness of the novel privacy threat interface and further evaluate its impact on users’ installation decision.