Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy as Part of 
the App Decision-Making Process - CHI 2013

Privacy as Part of 
the App Decision-Making Process - CHI 2013

ACM SIGCHI 2013 Talk given in Paris France on 2 May, 2013. With co-authors Lorrie Faith Cranor and Norman Sadeh. Full paper can be found at: http://patrickgagekelley.com/papers/android-decision.pdf

Patrick Gage Kelley

May 02, 2013
Tweet

More Decks by Patrick Gage Kelley

Other Decks in Research

Transcript

  1. Apps that come on the phone Apps that come from

    a trusted/ already known brand Apps that are picked from the market to fill a need 3
  2. 4 Apps that come on the phone The most used

    apps: phone, mail, text messaging, weather, directions, maps... But also includes many apps users wish they could remove
  3. Apps that come from a trusted/ already known brand: Facebook,

    Twitter, Pandora, Spotify, Angry Birds, The New York Times, Words with Friends, ESPN, etc... 5
  4. Apps that are picked from the market to fill a

    need How do users make this decision? 6
  5. 7

  6. 8

  7. 12 How users report they pick apps ratings user reviews

    price branding and design word of mouth # downloads popularity permissions size of the app developer/company advertising 0% 25% 50% 75% 100% Very important Not important
  8. Why not permissions? 14 - Users do not understand Android

    permissions - The terms used are: - vague or confusing - sometimes misleading - jargon-filled - poorly grouped - The permissions appear after the user has pressed “download,” making their decision
  9. 17

  10. 18

  11. Privacy Facts Checklist • Bold header “Privacy Facts” • Eight

    types of information • Advertising and analytics • Checkbox next to each • Immediately after the Description section • Immediately before the Reviews section 19
  12. 20 Phase 1 20-participant laboratory interview and application selection experiment

    Phase 2 250-participant MTurk application selection experiment and survey Two Phases of Testing
  13. Lab/Online Study • General Android phone use • How they

    select apps in the market • Roleplay • App selection task • Malicious applications and data sharing concerns • Privacy and permissions 21 Nathaniel Good, Rachna Dhamija, Jens Grossklags, David Thaw, Steven Aronowitz, Deirdre Mulligan, and Joseph Konstan. Stopping spyware at the gate: a user study of privacy, notice and spyware. SOUPS 2005
  14. Application Selection Task • Privacy Facts Checklist v. Android Market

    • Users select one app per category • Each category has two apps • One requests less permissions 22 — Calorie tracking — Word game — Streaming music — Twitter — Document scanning — Flight tracker
  15. 4 stars 10,000-50,000 downloads 3 similar reviews Category Differences 23

    — Calorie tracking — Word game — Twitter — Document scanning — Streaming music (brand) 50 million downloads — Flight tracker (3 stars)
  16. Application Selection (Interview) 24 Word game Nutrition Document scanning Twitter

    Music Flight tracking brand 3/4 Privacy Facts Checklist 60% 70% 90% 70% 40% 40% Permissions 50% 100% 90% 20% 30% 20%
  17. Comments on app selection “I like to download the apps

    that have a name that I can easily find. So Calorie Counter, I know where that is gonna be on my phone. I don’t have to be like, oh, what is this called.” 25
  18. Comments on app selection “And I might try things out

    and see... I just kind of see how well it works, because some things are more glitchy.” 26
  19. Application Selection (MTurk) 27 Word game Nutrition Twitter Document scanning

    Music Flight tracking n = 366 brand 3/4 Privacy Facts Checklist 61% 73% 53% 60% 29% 35% Permissions 41% 56% 25% 73% 18% 41% Permissions Inline 50% 73% 35% 63% 23% 37%
  20. With the checklist, people are more often selecting the application

    that accesses less permissions though other factors like brand and rating are stronger or remove the effect 28
  21. Reading the permissions... 29 Participants took between 4 and 47

    minutes selecting the application Privacy Facts Checklist – 11:40 Android Permissions — 10:51 Average time spent viewing the permissions display was 3.19 seconds 4 participants never looked at the permissions 1 participant compared permissions in one category
  22. With the privacy checklist • No one thought the new

    display was out of place • No one stated permissions were missing 30
  23. People said it wasn’t useful It didn’t influence my decision

    even though I noticed it. I tend to pay more attention to ratings and usefulness then anything else.” No, not really. It’s not the most important factor. I don’t keep a bunch of vital personal info on my phone, so no worries. I think people who do are really stupid.” 31 “ “
  24. People said it was useful Yes. It only influenced me

    if it seemed to be the only thing to distinguish between the two apps.” Yeah, I always check that stuff. I want to know exactly what is happening to and with my data from that program when I use it. It was useful though I wish some apps would go into greater detail about why certain things are there.” 32 “ “
  25. Not concerned with data sharing • All their data is

    already out there • Android/Google are protecting them 33 Participants wanted reasons • Watching out for apps that take too much • ...but will make up reasons when asked why an app might need a certain permission
  26. Overall, privacy information at decision time helps users • More

    likely to mention “information” or “data” • Said they would be more likely to consider privacy • The checklist influences app selection • Not just about information position, the formatting and terms used played a significant role 34 And format matters
  27. Lorrie Faith Cranor Norman Sadeh & Patrick Gage Kelley @patrickgage

    [email protected] patrickgagekelley.com S P E C I A L T H A N K S T O Alessandro Acquisti Seungyeop Han Matthew Kay Michelle Mazurek Janice Tsai David Wetherall Sunny Consolvo Jaeyeon Jung Jialiu Lin Manya Sleeper Tim Vidas