Third-party apps on Facebook: privacy and the illusion of control

Little research examines the privacy threats associated with the use of third-party apps on Facebook. To address this gap in the literature, we systematically study third-party apps' current practices for privacy notice and consent by: i) collecting data from the 1800 most popular Facebook apps to record their data collection practices concerning users and their friends, and ii) developing our own Facebook app to conduct a number of tests to identify problems that exist in the current design of authentication dialogs for third-party apps on Facebook. To address these problems, we propose two new interface designs for third-party apps' authentication dialogs to: i) increase user control of apps' data access and restrict apps' publishing ability during the process of adding them to users' profiles, and ii) alert users when their global privacy settings on Facebook are violated by apps. This research provides both conceptual and empirical insights in terms of design recommendations to address privacy concerns toward third-party apps on Facebook.

[1]  Bernhard Debatin,et al.  Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences , 2009, J. Comput. Mediat. Commun..

[2]  John Millar Carroll HCI Models, Theories, and Frameworks: Toward a Multidisciplinary Science , 2003 .

[3]  Celine Latulipe,et al.  Contextual gaps: privacy issues on Facebook , 2009, Ethics and Information Technology.

[4]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[5]  G. Loewenstein,et al.  Misplaced Confidences: Privacy and the Control Paradox. , 2010 .

[6]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[7]  Heather Richter Lipford,et al.  Understanding Privacy Settings in Facebook with an Audience View , 2008, UPSEC.

[8]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[9]  Mohamed Shehab,et al.  ROAuth: recommendation based open authorization , 2011, SOUPS.

[10]  Amber Jessup,et al.  Economics of Food Labeling , 2012 .

[11]  Jennifer King,et al.  Privacy: is there an app for that? , 2011, SOUPS.

[12]  Richard Shepherd,et al.  Ergonomic factors: the clarity of food labels. , 1993 .

[13]  Deirdre K. Mulligan,et al.  Noticing notice: a large-scale experiment on the timing of software license agreements , 2007, CHI.

[14]  Heather Richter Lipford,et al.  Users' (mis)conceptions of social applications , 2010, Graphics Interface.

[15]  Rainer Böhme,et al.  Trained to accept?: a field experiment on consent dialogs , 2010, CHI.