The Impact of Timing on the Salience of Smartphone App Privacy Notices

In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz app, either virtually or on their phone. After a distraction or delay they were asked to recall the privacy notice's content. Recall was used as a proxy for the attention paid to and salience of the notice. Showing the notice during app use significantly increased recall rates over showing it in the app store. In a follow-up web survey, we tested alternative app store notices, which improved recall but did not perform as well as notices shown during app use. The results suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store.

[1]  Deirdre K. Mulligan,et al.  Noticing notice: a large-scale experiment on the timing of software license agreements , 2007, CHI.

[2]  Kenneth R. Laughery,et al.  Warnings and risk communication , 1999 .

[3]  Alessandro Acquisti,et al.  Sleights of privacy: framing, disclosures, and the limits of transparency , 2013, SOUPS.

[4]  David A. Wagner,et al.  How to Ask for Permission , 2012, HotSec.

[5]  Lorrie Faith Cranor,et al.  Is Your Inseam a Biometric? Evaluating the Understandability of Mobile Privacy Notice Categories , 2013 .

[6]  Naresh K. Malhotra,et al.  Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model , 2004, Inf. Syst. Res..

[7]  Rainer Böhme,et al.  The security cost of cheap user interaction , 2011, NSPW '11.

[8]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[9]  Lorrie Faith Cranor,et al.  A Design Space for Effective Privacy Notices , 2015, SOUPS.

[10]  Lorrie Faith Cranor,et al.  The Privacy and Security Behaviors of Smartphone App Developers , 2014 .

[11]  Norman Sadeh,et al.  Understanding and capturing people's mobile app privacy preferences , 2013 .

[12]  Ilaria Liccardi,et al.  Improving User Choice Through Better Mobile Apps Transparency and Permissions Analysis , 2014, J. Priv. Confidentiality.

[13]  Alessandro Acquisti,et al.  Nudging Privacy: The Behavioral Economics of Personal Information , 2009, IEEE Security & Privacy.

[14]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[15]  Lorrie Faith Cranor,et al.  A Framework for Reasoning About the Human in the Loop , 2008, UPSEC.

[16]  Jennifer J. Argo,et al.  Meta-Analyses of the Effectiveness of Warning Labels , 2004 .

[17]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[18]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[19]  Marco Gruteser,et al.  A Field Study of Run-Time Location Access Disclosures on Android Smartphones , 2014 .

[20]  Rainer Böhme,et al.  Trained to accept?: a field experiment on consent dialogs , 2010, CHI.

[21]  Matthew Smith,et al.  Using personal examples to improve risk communication for security & privacy decisions , 2014, CHI.

[22]  Ninghui Li,et al.  Generating Summary Risk Scores for Mobile Applications , 2014, IEEE Transactions on Dependable and Secure Computing.

[23]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[24]  David A. Wagner,et al.  Choice Architecture and Smartphone Privacy: There's a Price for That , 2012, WEIS.

[25]  Ninghui Li,et al.  Effective Risk Communication for Android Apps , 2013, IEEE Transactions on Dependable and Secure Computing.

[26]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[27]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[28]  Lorrie Faith Cranor,et al.  Timing is everything?: the effects of timing and placement of online privacy indicators , 2009, CHI.

[29]  David A. Wagner,et al.  The effect of developer-specified explanations for permission requests on smartphone user behavior , 2014, CHI.

[30]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.