I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns

Smartphone operating systems warn users when third-party applications try to access sensitive functions or data. However, all of the major smartphone platforms warn users about different application actions. To our knowledge, their selection of warnings was not grounded in user research; past research on mobile privacy has focused exclusively on the risks pertained to sharing location. To expand the scope of smartphone security and privacy research, we surveyed 3,115 smartphone users about 99 risks associated with 54 smartphone privileges. We asked participants to rate how upset they would be if given risks occurred and used this data to rank risks by levels of user concern. We then asked 41 smartphone users to discuss the risks in their own words; their responses confirmed that people find the lowest-ranked risks merely annoying but might seek legal or financial retribution for the highest-ranked risks. In order to determine the relative frequency of risks, we also surveyed the 3,115 users about experiences with "misbehaving" applications. Our ranking and frequency data can be used to guide the selection of warnings on smartphone platforms.

[1]  Konstantin Beznosov,et al.  Understanding Users' Requirements for Data Protection in Smartphones , 2012, 2012 IEEE 28th International Conference on Data Engineering Workshops.

[2]  Anind K. Dey,et al.  Location-Based Services for Mobile Telephony: a Study of Users' Privacy Concerns , 2003, INTERACT.

[3]  David A. Wagner,et al.  Choice Architecture and Smartphone Privacy: There's a Price for That , 2012, WEIS.

[4]  Jessica Staddon,et al.  Indirect content privacy surveys: measuring privacy without asking about it , 2011, SOUPS.

[5]  Lorrie Faith Cranor,et al.  When are users comfortable sharing locations with advertisers? , 2011, CHI.

[6]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[7]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[8]  Helen J. Wang,et al.  User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[9]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[10]  Gregory D. Abowd,et al.  Developing privacy guidelines for social location disclosure applications and services , 2005, SOUPS '05.

[11]  John Zimmerman,et al.  Are you close with me? are you nearby?: investigating social groups, closeness, and willingness to share , 2011, UbiComp '11.

[12]  Tristan Henderson,et al.  Privacy in Location-Aware Computing Environments , 2007, IEEE Pervasive Computing.

[13]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[14]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[15]  Anind K. Dey,et al.  Who wants to know what when? privacy preference determinants in ubiquitous computing , 2003, CHI Extended Abstracts.

[16]  Louise Barkhuus Privacy in Location-Based Services , Concern vs . Coolness , 2004 .