Won't You Think of Others?: Interdependent Privacy in Smartphone App Permissions

The ever increasing amount of data on smartphones often contains private information of others that people interact with via the device. As a result, one user's decisions regarding app permissions can expose the information of other parties. However, research typically focuses on consequences of privacy-related decisions only for the user who makes the decisions. Work on the impact of these decisions on the privacy of others is still relatively scant. We fill this gap with an online study that extends prior work on interdependent privacy in social networking sites to the context of smartphone permissions. Our findings indicate that people typically give less consideration to the implications of their actions for the privacy of others compared to the impact on themselves. However, we found that priming people with information that features others can help reduce this discrepancy. We apply this insight to offer suggestions for enhancing permission-specification interfaces and system architectures to accommodate interdependent privacy.

[1]  H. Cabral,et al.  Multiple Comparisons Procedures , 2008, Circulation.

[2]  Yu Pu,et al.  Using Conjoint Analysis to Investigate the Value of Interdependent Privacy in Social App Adoption Scenarios , 2015, ICIS.

[3]  Annie Lang,et al.  Something for Nothing: Is Visual Encoding Automatic? , 1999 .

[4]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[5]  L. G. Doak,et al.  The role of pictures in improving health communication: a review of research on attention, comprehension, recall, and adherence. , 2006, Patient education and counseling.

[6]  Jens Grossklags,et al.  Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20 , 2021, Proc. Priv. Enhancing Technol..

[7]  Sven Laumer,et al.  THE INFLUENCE OF RESIGNATION ON THE PRIVACY CALCULUS IN THE CONTEXT OF SOCIAL NETWORKING SITES: AN EMPIRICAL ANALYSIS , 2018 .

[8]  Alessandro Acquisti,et al.  Nudging Privacy: The Behavioral Economics of Personal Information , 2009, IEEE Security & Privacy.

[9]  Bart Preneel,et al.  Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence , 2016, SEC.

[10]  Yunan Chen,et al.  Using contextual integrity to examine interpersonal information boundary on social network sites , 2013, CHI.

[11]  Jin Chen,et al.  Information Privacy Concern About Peer Disclosure in Online Social Networks , 2015, IEEE Transactions on Engineering Management.

[12]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[13]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[14]  Pamela J. Wisniewski,et al.  Predicting smartphone location-sharing decisions through self-reflection on past privacy behavior , 2020, J. Cybersecur..

[15]  Peter Buxmann,et al.  Does This App Ask For Too Much Data? The Role Of Privacy Perceptions In User Behavior Towards Facebook Applications And Permission Dialogs , 2013, ECIS.

[16]  Annie Lang,et al.  Encoding Systems and Evolved Message Processing: Pictures Enable Action, Words Enable Thinking , 2015 .

[17]  Christian Pieter Hoffmann,et al.  Privacy cynicism: A new approach to the privacy paradox , 2016 .

[18]  A Note on Dropping Experimental Subjects who Fail a Manipulation Check , 2019, Political Analysis.

[19]  Jens Grossklags,et al.  On Sharing Intentions, and Personal and Interdependent Privacy Considerations for Genetic Data: A Vignette Study , 2019, IEEE/ACM Transactions on Computational Biology and Bioinformatics.

[20]  Sameer Patil,et al.  Will They Share? Predicting Location Sharing Behaviors of Smartphone Users through Self-Reflection on Past Privacy Behaviors , 2019, Proceedings 2019 Workshop on Usable Security.

[21]  Anna Cinzia Squicciarini,et al.  Survey on Access Control for Community-Centered Collaborative Systems , 2018, ACM Comput. Surv..

[22]  Pauline Anthonysamy,et al.  Reducing Permission Requests in Mobile Apps , 2019, Internet Measurement Conference.

[23]  Yuqiong Sun,et al.  AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings , 2017, USENIX Security Symposium.

[24]  Franziska Roesner,et al.  Who's In Control?: Interactions In Multi-User Smart Homes , 2019, CHI.

[25]  Yu Pu,et al.  An Economic Model and Simulation Results of App Adoption Decisions on Networks with Interdependent Privacy Consequences , 2014, GameSec.

[26]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[27]  Norman M. Sadeh,et al.  The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences , 2020, Proc. Priv. Enhancing Technol..

[28]  Jens Grossklags,et al.  An online experiment of privacy authorization dialogues for social applications , 2013, CSCW.

[29]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[30]  D. Schacter,et al.  Processing emotional pictures and words: Effects of valence and arousal , 2006, Cognitive, affective & behavioral neuroscience.

[31]  M. Premkumar,et al.  Resolving Multi-party Privacy Conflicts in Social Media , 2018 .

[32]  Maulahikmah Galinium,et al.  Understanding and granting android permissions: A user survey , 2017, 2017 International Carnahan Conference on Security Technology (ICCST).

[33]  Mohammad Emtiyaz Khan,et al.  SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[34]  C. Cobanoglu,et al.  A beginner’s guide and best practices for using crowdsourcing platforms for survey research: The Case of Amazon Mechanical Turk (MTurk) , 2021, Journal of Global Business Insights.

[35]  Yuqiong Sun,et al.  EnTrust: Regulating Sensor Access by Cooperating Programs via Delegation Graphs , 2019, USENIX Security Symposium.

[36]  Riccardo Russo,et al.  The Picture Superiority Effect in Recognition Memory: a developmental study , 2009 .

[37]  Matthew Smith,et al.  SoK: Lessons Learned from Android Security Research for Appified Software Platforms , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[38]  Dominik Wermke,et al.  Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites , 2020, SOUPS @ USENIX Security Symposium.

[39]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[40]  Jean-Pierre Hubaux,et al.  Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data , 2018, NDSS.

[41]  Gary P. Latham,et al.  Keen to Help? Managers' Implicit Person Theories and Their Subsequent Employee Coaching , 2006 .

[42]  Mohammed M. Alani Android Users Privacy Awareness Survey , 2017, Int. J. Interact. Mob. Technol..

[43]  Sameer Patil,et al.  Reasons, rewards, regrets: privacy considerations in location sharing as an interactive practice , 2012, SOUPS.

[44]  Mario Fritz,et al.  Automatically Detecting Bystanders in Photos to Reduce Privacy Risks , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[45]  Curtis R. Taylor,et al.  The Economics of Privacy , 2016 .

[46]  David A. Wagner,et al.  Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences , 2017, SOUPS.

[47]  Lauren E. Pinson,et al.  A Note on Dropping Experimental Subjects who Fail a Manipulation Check , 2015, Political Analysis.

[48]  Cornelia Caragea,et al.  Toward Automated Online Photo Privacy , 2017, ACM Trans. Web.

[49]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[50]  J. Finnegan,et al.  The Knowledge Gap Hypothesis: Twenty-Five Years Later , 1996 .

[51]  Robert K. Cunningham,et al.  SoK: Privacy on Mobile Devices – It’s Complicated , 2016, Proc. Priv. Enhancing Technol..

[52]  Jie Gu,et al.  Privacy concerns for mobile app download: An elaboration likelihood model perspective , 2017, Decis. Support Syst..

[53]  Dimitris Gritzalis,et al.  Delegate the smartphone user? Security awareness in smartphone platforms , 2013, Comput. Secur..

[54]  Pern Hui Chia,et al.  Interdependent Privacy: Let Me Share Your Data , 2013, Financial Cryptography.

[55]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[56]  Cornelia Caragea,et al.  Uncovering Scene Context for Predicting Privacy of Online Shared Images , 2018, AAAI.

[57]  David M. Nicol,et al.  unFriendly: Multi-party Privacy Risks in Social Networks , 2010, Privacy Enhancing Technologies.

[58]  Mariella Dimiccoli,et al.  Mitigating Bystander Privacy Concerns in Egocentric Activity Recognition with Deep Learning and Intentional Image Degradation , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[59]  Herman Aguinis,et al.  Best Practice Recommendations for Designing and Implementing Experimental Vignette Methodology Studies , 2014 .

[60]  John S. Seberger,et al.  Empowering Resignation: There’s an App for That , 2021, CHI.

[61]  Jacob Leon Kröger,et al.  How do app vendors respond to subject access requests? A longitudinal privacy study on iOS and Android Apps , 2020, ARES.

[62]  Gianclaudio Malgieri,et al.  The right to data portability in the GDPR: Towards user-centric interoperability of digital services , 2017, Comput. Law Secur. Rev..

[63]  Jens Grossklags,et al.  Third-party apps on Facebook: privacy and the illusion of control , 2011, CHIMIT '11.

[64]  Jose M. Such,et al.  When Forcing Collaboration is the Most Sensible Choice , 2021, Proc. ACM Hum. Comput. Interact..

[65]  Matthew Smith,et al.  Using personal examples to improve risk communication for security & privacy decisions , 2014, CHI.

[66]  Natalia Criado,et al.  Multiparty privacy in social media , 2018, Commun. ACM.

[67]  Joanne Gray,et al.  Creating in an age of algorithms: won’t somebody think of the children? , 2019 .

[68]  Rakibul Hasan,et al.  Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical Findings , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[69]  Yu Pu,et al.  Valuating Friends' Privacy: Does Anonymity of Sharing Personal Data Matter? , 2017, SOUPS.

[70]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[71]  Daniel M. Oppenheimer,et al.  Instructional Manipulation Checks: Detecting Satisficing to Increase Statistical Power , 2009 .

[72]  Chris Kanich,et al.  "I Saw Images I Didn't Even Know I Had": Understanding User Perceptions of Cloud Storage Privacy , 2015, CHI.

[73]  Jose M. Such,et al.  Photo Privacy Conflicts in Social Media: A Large-scale Empirical Study , 2017, CHI.

[74]  Anthony Peruma,et al.  Investigating User Perception and Comprehension of Android Permission Models , 2018, 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft).

[75]  S. Petronio Boundaries of Privacy: Dialectics of Disclosure , 2002 .

[76]  Yang Wang,et al.  Privacy nudges for social media: an exploratory Facebook study , 2013, WWW.

[77]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.