What provokes Android users into revealing private information? – Paper accepted at HICCS

permissionRequest

 

In a joined work together with Nicole Eling and Prof. Buxmann from TU Darmstadt, we published a very interesting market experiment on users’ reaction to fine-grained permission requests. This work thus explores the following research questions using a self-developed mobile application:

 

  1. How does the precision of an information request influence users’ disclosure of personal information?
  2. Is this effect different for users with different security backgrounds?


These research questions are investigated using data obtained through a smartphone app offered in Google Play. By doing so, we meet the call for measuring real behavior instead of stated willingness to disclose. This is important as users’ intentions often differ from user behavior in the context of privacy. In the paper we discuss the following hypothesis:

  1. A fine-grained permission request during runtime is less likely to be accepted than a generic permission request before installation.
  2. A data request containing concrete user information reduces the user’s likelihood to accept it.
  3. Security aware users are less likely to accept data requests.
  4. Security awareness moderates the effect of the level of detail of the information requests on information disclosure.

Title: Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment
Abstract: The market for smartphone applications is steadily growing. Unfortunately, along with this growth, the number of malicious applications is increasing as well. To identify this malware, various automatic code-analysis tools have been developed. These tools are able to assess the risk associated with a specific app. However, informing users about these findings is often difficult. Currently, on Android, users decide about applications based on coarse- grained permission dialogs during installation. As these dialogs are quite abstract, many users do not read or understand them. Thus, to make the more detailed findings from security research accessible, new mechanisms for privacy communication need to be assessed. In our market experiment, we investigate how fine-grained data requests during runtime affect users’ information disclosure. We find that many users reverse their decision when prompted with a fine-grained request. Additionally, an effect of security awareness and level of detail on disclosure was found.