PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage - - PowerPoint PPT Presentation

privacy and mobile devices
SMART_READER_LITE
LIVE PREVIEW

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage - - PowerPoint PPT Presentation

Feb 16, 2024 310 likes •475 views

PRIVACY AND MOBILE DEVICES Elizabeth Schlieper Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as Lab study with 20 participants and a Mturk survey with 366 part of the app decision- participants making

slide-1
SLIDE 1

PRIVACY AND MOBILE DEVICES

Elizabeth Schlieper

slide-2
SLIDE 2

PRIVACY AS PART OF THE APP DECISION-MAKING PROCESS

„ Lab study with 20 participants and a Mturk survey with 366

participants

„ Comparing their Privacy Facts vs Google Play Permissions for

choosing applications

„ Also compared privacy facts against Play permissions modified to

be on the main information screen.

„ Used mostly unknown apps with between 1,000 -10,000

downloads.

„ Some compared well known brands against relatively unknown

apps (example: Spotify vs. Rdio)

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman

  • Sadeh. 2013. Privacy as

part of the app decision- making process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). ACM, New York, NY, USA, 3393-3402.

slide-3
SLIDE 3

OLD VERSUS NEW PERMISSIONS

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman

  • Sadeh. 2013. Privacy as

part of the app decision- making process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). ACM, New York, NY, USA, 3393-3402.

slide-4
SLIDE 4

PRIVACY AS PART OF THE APP DECISION-MAKING PROCESS

„ In two out of four comparisons for app selection, the participants

who saw the privacy facts checklist were more likely to pick the app with fewer required permissions

„ When privacy information was inline for both conditions, privacy

facts participants were significantly more likely to choose a lesser known application for twitter viewing.

„ While the style of privacy information given made a difference, it

was still a less important characteristic to most participants than the UI and ratings of the application.

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman

  • Sadeh. 2013. Privacy as

part of the app decision- making process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). ACM, New York, NY, USA, 3393-3402.

slide-5
SLIDE 5

DISCUSSION

„ What changes do you see to the permissions since this article was

published?

„ What are some improvements? „ Is there anything you think is worse than before?

slide-6
SLIDE 6

ANDROID PERMISSIONS: USER ATTENTION, COMPREHENSION, AND BEHAVIOR

„ 308 participant online survey „ 25 participant lab study „ Assessing whether or not the android permissions dialog prior to

installation was usable according to the C-HIP model

„ Mostly focus on the first two steps of the model because the

following steps in the model depend on success in the earlier

  • nes.

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David

  • Wagner. 2012. Android

permissions: user attention, comprehension, and

  • behavior. In Proceedings
  • f the Eighth Symposium
  • n Usable Privacy and

Security (SOUPS '12). ACM, New York, NY, USA, , Article 3 , 14 pages.

slide-7
SLIDE 7

ANDROID PERMISSIONS: USER ATTENTION, COMPREHENSION, AND BEHAVIOR

„ The first two steps, getting the user’s attention and being

understandable to the user, fail for the majority of the users.

„ They think that the few users with high understanding of the

permissions could help protect the other users by posting reviews.

„ They may have underestimated how much people understand

the permissions because for their statistics they only considered people who got every correct option and no incorrect options as understanding the permission.

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David

  • Wagner. 2012. Android

permissions: user attention, comprehension, and

  • behavior. In Proceedings
  • f the Eighth Symposium
  • n Usable Privacy and

Security (SOUPS '12). ACM, New York, NY, USA, , Article 3 , 14 pages.

slide-8
SLIDE 8

PUT IT TO THE TEST

„ Take this quiz about how well you understand the permissions

tested in this paper.

„ Does anyone think they did better than the study participants?

slide-9
SLIDE 9

ANSWERS

„ 1. a, c „ 2. a, c „ 3. d „ 4. c, d „ 5. a, b „ 6. a „ 7. b, c „ 8. b „ 9. c „ 10. a, d „ 11. a, b, c, d „ How many did you get right?

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David

  • Wagner. 2012. Android

permissions: user attention, comprehension, and

  • behavior. In Proceedings
  • f the Eighth Symposium
  • n Usable Privacy and

Security (SOUPS '12). ACM, New York, NY, USA, , Article 3 , 14 pages.

slide-10
SLIDE 10

“LITTLE BROTHERS WATCHING YOU:” RAISING AWARENESS OF DATA LEAKS ON SMARTPHONES

„ Created an application called Privacy Leaks that detects data

leaving the phone from various applications.

„ Filters the data and only presents information about presumably

unexpected data sharing, aka privacy leaks.

„ The app creates a visualization of data that is shared after the

fact and can provide notifications as data is being shared.

„ Lab study with 19 participants, playing game on android phone,

  • nce without privacy leaks app and once with it running in the

background.

Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. "Little brothers watching you": raising awareness

  • f data leaks on
  • smartphones. In

Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, , Article 12 , 11 pages.

slide-11
SLIDE 11

“LITTLE BROTHERS WATCHING YOU:” RAISING AWARENESS OF DATA LEAKS ON SMARTPHONES

„ Participants were told that the study was about android games. „ After 3-7 minutes of playing, they were asked about what kind of

data was being shared while they played the game.

„ Three levels of awareness about data sharing

„ People who think that the game is self contained, and never

expected any data to leave the phone.

„ People who thought data was being shared with the developer to

improve the game

„ People who knew that there was marketing data being shared, but

not how much.

Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. "Little brothers watching you": raising awareness

  • f data leaks on
  • smartphones. In

Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, , Article 12 , 11 pages.

slide-12
SLIDE 12

“LITTLE BROTHERS WATCHING YOU:” RAISING AWARENESS OF DATA LEAKS ON SMARTPHONES

„ People did want to know that their data was being leaked „ They would also mostly like to use an app similar to Privacy Leaks

to know what kind of data is being shared.

„ It wouldn’t change most peoples’ minds about using the apps or

recommending them to others, but they would tell people about the data leaking.

„ People weren’t sure if there were problems or benefits to data

sharing in these applications.

Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. "Little brothers watching you": raising awareness

  • f data leaks on
  • smartphones. In

Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, , Article 12 , 11 pages.

slide-13
SLIDE 13

WHEN IT’S BETTER TO ASK FORGIVENESS THAN GET PERMISSION: ATTRIBUTION MECHANISMS FOR SMARTPHONE RESOURCES

„ First conducted an online survey to understand how well people

understand attribution mechanisms and other aspects of Android.

„ People don’t understand that background apps can still use

resources and perform as usual.

„ They also conducted an in person study that corroborated the

findings from the first survey.

„ Then conducted a lab study to see if adding information to the

notification tray would help users to identify what application was causing a particular misbehavior.

Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner, and Jennifer King. 2013. When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, , Article 1 , 14 pages.

slide-14
SLIDE 14

WHEN IT’S BETTER TO ASK FORGIVENESS THAN GET PERMISSION: ATTRIBUTION MECHANISMS FOR SMARTPHONE RESOURCES

„ Only a third of participants figured out the culprit with the

additional notification.

„ People usually assumed the foreground application was

responsible for the misbehavior.

„ People assumed the permissions of an application based on

functionality and did not check the settings.

„ Essentially, once it’s on the phone users have no idea what an

app has permission to do.

Christopher Thompson, Maritza Johnson, Serge Egelman, David Wagner, and Jennifer King. 2013. When it's better to ask forgiveness than get permission: attribution mechanisms for smartphone resources. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, New York, NY, USA, , Article 1 , 14 pages.

slide-15
SLIDE 15

DISCUSSION

„ Based on the last two papers, would you rather know every

permission an application uses before it installs, or would it be better to have tools built into android that tell you as an application runs what it’s doing?

slide-16
SLIDE 16

QUESTIONS?