Short paper: location privacy: user behavior in the field

Current smartphone platforms provide ways for users to control access to information about their location. For instance, on the iPhone, when an application requests access to location information, the operating system asks the user whether to grant location access to this application. In this paper, we study how users are using these controls. Do iPhone users allow applications to access their location? Do their decisions differ from application to application? Can we predict how a user will respond for a particular application, given their past responses for other applications? We gather data from iPhone users that sheds new light on these questions. Our results indicate that there are different classes of users: some deny all applications access to their location, some allow all applications access to their location, and some selectively permit a fraction of their applications to access their location. We also find that apps can be separated into different classes by what fraction of users trust the app with their location data. Finally, we investigate using machine learning techniques to predict users' location-sharing decisions; we find that we are sometimes able to predict the user's actual choice, though there is considerable room for improvement. If it is possible to improve the accuracy rate further, this information could be used to relieve users of the cognitive burden of individually assigning location permissions for each application, allowing users to focus their attention on more critical matters.

[1]  John Zimmerman,et al.  Are you close with me? are you nearby?: investigating social groups, closeness, and willingness to share , 2011, UbiComp '11.

[2]  Gregory D. Abowd,et al.  Developing privacy guidelines for social location disclosure applications and services , 2005, SOUPS '05.

[3]  Lorrie Faith Cranor,et al.  When are users comfortable sharing locations with advertisers? , 2011, CHI.

[4]  Tristan Henderson,et al.  Privacy in Location-Aware Computing Environments , 2007, IEEE Pervasive Computing.

[5]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[6]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[7]  John Zimmerman,et al.  I'm the mayor of my house: examining why people use foursquare - a social-driven location sharing application , 2011, CHI.

[8]  Jordana Dym,et al.  There's a Map For That , 2012 .

[9]  Nicolas Christin,et al.  It's All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice , 2011, Financial Cryptography.

[10]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[11]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[12]  Louise Barkhuus Privacy in Location-Based Services , Concern vs . Coolness , 2004 .

[13]  David A. Wagner,et al.  The Effectiveness of Application Permissions , 2011, WebApps.

[14]  Andrea Montanari,et al.  Matrix completion from a few entries , 2009, 2009 IEEE International Symposium on Information Theory.

[15]  Lorrie Faith Cranor,et al.  Understanding and capturing people’s privacy policies in a mobile social networking application , 2009, Personal and Ubiquitous Computing.

[16]  Anind K. Dey,et al.  Location-Based Services for Mobile Telephony: a Study of Users' Privacy Concerns , 2003, INTERACT.

[17]  George Danezis,et al.  How Much Is Location Privacy Worth? , 2005, WEIS.

[18]  David A. Wagner,et al.  Choice Architecture and Smartphone Privacy: There's a Price for That , 2012, WEIS.

[19]  Anind K. Dey,et al.  Who wants to know what when? privacy preference determinants in ubiquitous computing , 2003, CHI Extended Abstracts.

[20]  George Danezis,et al.  A study on the value of location privacy , 2006, WPES '06.

[21]  Andrea Montanari,et al.  Matrix completion from a few entries , 2009, ISIT.