A Comparative Study of Android Users' Privacy Preferences Under the Runtime Permission Model

Android users recently were given the ability to selectively grant access to sensitive resources of their mobile devices when apps request them at runtime. The Android fine-grained runtime permission model has been gracefully accepted by the majority of users, who also seem to be consistent regarding their privacy and security preferences. In this paper we analyse permission data collected by Android devices that were utilising the runtime permission model. The reconstructed data represent apps’ settings snapshots. We compare behavioural insights extracted from the acquired data with users’ privacy preferences reported in our previous work. In addition, compared with the responses received from another group of mobile device users, users’ privacy settings seem to be affected by the functionality of apps. Furthermore, we advise visual schemata that describe users’ privacy settings and point out a usability issue regarding the installation process of Android apps under the runtime permission model.

[1]  Claudio Bettini,et al.  Privacy protection in pervasive systems: State of the art and technical challenges , 2015, Pervasive Mob. Comput..

[2]  Gianluca Stringhini,et al.  Permissions snapshots: Assessing users' adaptation to the Android runtime permission model , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[3]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[4]  Seungyeop Han,et al.  Short paper: enhancing mobile application permissions with runtime feedback and constraints , 2012, SPSM '12.

[5]  Atsuhiro Takasu,et al.  Smartphone Message Sentiment Analysis , 2014, IFIP Int. Conf. Digital Forensics.

[6]  Theodore Tryfonas,et al.  Impact of User Data Privacy Management Controls on Mobile Device Investigations , 2016, IFIP Int. Conf. Digital Forensics.

[7]  David A. Wagner,et al.  AdDroid: privilege separation for applications and advertisers in Android , 2012, ASIACCS '12.

[8]  Ahmad-Reza Sadeghi,et al.  Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies , 2013, USENIX Security Symposium.

[9]  Patrick D. McDaniel,et al.  Semantically rich application-centric security in Android , 2012 .

[10]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[11]  David A. Wagner,et al.  Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[12]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.