User Comfort with Android Background Resource Accesses in Different Contexts

Android apps ask users to allow or deny access to sensitive resources the first time the app needs them. Prior work has shown that users decide whether to grant these requests based on the context. In this work, we investigate user comfort level with resource accesses that happen in a background context, meaning they occur when there is no visual indication of a resource use. For example, accessing the device location after a related button click would be considered an interactive access, and accessing location whenever it changes would be considered a background access. We conducted a 2,198-participant fractional-factorial vignette study, showing each participant a resource-access scenario in one of two mock apps, varying what event triggers the access (when) and how the collected data is used (why). Our results show that both when and why a resource is accessed are important to users’ comfort. In particular, we identify multiple meaningfully different classes of accesses for each these factors, showing that not all background accesses are regarded equally. Based on these results, we make recommendations for how designers of mobile-privacy systems can take these nuanced distinctions into account.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Tao Xie,et al.  AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[3]  Eszter Hargittai,et al.  Succinct Survey Measures of Web-Use Skills , 2012 .

[4]  Laura A. Dabbish,et al.  Privacy Attitudes of Mechanical Turk Workers and the U.S. Public , 2014, SOUPS.

[5]  A. Raftery Bayesian Model Selection in Social Research , 1995 .

[6]  Barbara G. Ryder,et al.  User-Centric Dependence Analysis For Identifying Malicious Mobile Apps , 2012 .

[7]  P. McCullagh Regression Models for Ordinal Data , 1980 .

[8]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[9]  Nina Taft,et al.  Exploring decision making with Android's runtime permission dialogs using in-context surveys , 2017, SOUPS.

[10]  Aniket Kittur,et al.  Crowdsourcing user studies with Mechanical Turk , 2008, CHI.

[11]  David A. Wagner,et al.  Contextualizing Privacy Decisions for Better Prediction (and Protection) , 2018, CHI.

[12]  E. Langer,et al.  The Mindlessness of Ostensibly Thoughtful Action: The Role of "Placebic" Information in Interpersonal Interaction , 1978 .

[13]  Rainer Böhme,et al.  The security cost of cheap user interaction , 2011, NSPW '11.

[14]  David A. Wagner,et al.  When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources , 2013, SOUPS.

[15]  James A. Landay,et al.  Utility of human-computer interactions: toward a science of preference measurement , 2011, CHI.

[16]  Hui Xiong,et al.  Mobile app recommendations with security and privacy awareness , 2014, KDD.

[17]  R. Zeckhauser,et al.  Insurance, Information, and Individual Action , 1971 .

[18]  Irina Shklovski,et al.  Leakiness and creepiness in app space: perceptions of privacy and mobile app use , 2014, CHI.

[19]  Dawn Xiaodong Song,et al.  Contextual Policy Enforcement in Android Applications with Permission Event Graphs , 2013, NDSS.

[20]  Harold Abelson,et al.  No technical understanding required: helping users make informed choices about access to their personal data , 2014, MobiQuitous.

[21]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[22]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[23]  Yuan Zhang,et al.  AppIntent: analyzing sensitive data transmission in android for privacy leakage detection , 2013, CCS.

[24]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[25]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[26]  Daniel Votipka,et al.  User Interactions and Permission Use on Android , 2017, CHI.

[27]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[28]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[29]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[30]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[31]  David A. Wagner,et al.  The effect of developer-specified explanations for permission requests on smartphone user behavior , 2014, CHI.

[32]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[33]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[34]  Dan Grossman,et al.  AUDACIOUS: User-Driven Access Control with Unmodified Operating Systems , 2016, CCS.

[35]  Michael D. Buhrmester,et al.  Amazon's Mechanical Turk , 2011, Perspectives on psychological science : a journal of the Association for Psychological Science.

[36]  Peter M. Steiner,et al.  Experimental Vignette Studies in Survey Research , 2010 .

[37]  Helen J. Wang,et al.  User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[38]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[39]  Klaus Krippendorff,et al.  Answering the Call for a Standard Reliability Measure for Coding Data , 2007 .

[40]  Eric R. Ziegel,et al.  Probability and Statistics for Engineering and the Sciences , 2004, Technometrics.

[41]  Narseo Vallina-Rodriguez,et al.  Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem , 2018, NDSS.

[42]  Gianluca Stringhini,et al.  A Comparative Study of Android Users' Privacy Preferences Under the Runtime Permission Model , 2017, HCI.

[43]  Lorrie Faith Cranor,et al.  Are your participants gaming the system?: screening mechanical turk workers , 2010, CHI.

[44]  David A. Wagner,et al.  Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[45]  Gianluca Stringhini,et al.  Permissions snapshots: Assessing users' adaptation to the Android runtime permission model , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[46]  H. Nissenbaum Privacy as contextual integrity , 2004 .