Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions
Bin Liu
Mads Schaarup Andersen
Florian Schaub
Hazim Almuhimedi
Shikun (Aerin) Zhang
Norman Sadeh
Alessandro Acquisti
Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)

Abstract

Modern smartphone platforms have millions of apps, many of which request permissions to access private data and resources, like user accounts or location. While these smartphone platforms provide varying degrees of control over these permissions, the sheer number of decisions that users are expected to manage has been shown to be unrealistically high. Prior research has shown that users are often unaware of, if not uncomfortable with, many of their permission settings. Prior work also suggests that it is theoretically possible to predict many of the privacy settings a user would want by asking the user a small number of questions. However, this approach has neither been operationalized nor evaluated with actual users before. We report on a field study (n=72) in which we implemented and evaluated a Personalized Privacy Assistant (PPA) with participants using their own Android devices. The results of our study are encouraging. We find that 78.7{\%} of the recommendations made by the PPA were adopted by users. Following initial recommendations on permission settings, participants were motivated to further review and modify their settings with daily “privacy nudges.” Despite showing substantial engagement with these nudges, participants only changed 5.1{\%} of the settings previously adopted based on the PPA's recommendations. The PPA and its recommendations were perceived as useful and usable. We discuss the implications of our results for mobile permission management and the design of personalized privacy assistant solutions.

Bibtex

@inproceedings{197297,
    author = "Liu, Bin and Andersen, Mads Schaarup and Schaub, Florian and Almuhimedi, Hazim and Zhang, Shikun (Aerin) and Sadeh, Norman and Agarwal, Yuvraj and Acquisti, Alessandro",
    year = "2016",
    pages = "27--41",
    title = "Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions",
    booktitle = "Twelfth Symposium on Usable Privacy and Security ({\{}SOUPS{\}} 2016)",
    month = "06"
}

Plain Text

Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun (Aerin) Zhang, Norman Sadeh, Yuvraj Agarwal, and Alessandro Acquisti. Follow my recommendations: a personalized privacy assistant for mobile app permissions. In Twelfth Symposium on Usable Privacy and Security (\SOUPS\ 2016), 27–41. 06 2016.