Abstract
Smartphone security research has produced many useful tools to analyze the privacy-related behaviors of mobile apps. However, these automated tools cannot assess people's perceptions of whether a given action is legitimate, or how that action makes them feel with respect to privacy. For example, automated tools might detect that a blackjack game and a map app both use one's location information, but people would likely view the map's use of that data as more legitimate than the game. Our work introduces a new model for privacy, namely privacy as expectations. We report on the results of using crowdsourcing to capture users' expectations of what sensitive resources mobile apps use. We also report on a new privacy summary interface that prioritizes and highlights places where mobile apps break people's expectations. We conclude with a discussion of implications for employing crowdsourcing as a privacy evaluation technique.
| Original language | English |
|---|---|
| Title of host publication | UbiComp'12 - Proceedings of the 2012 ACM Conference on Ubiquitous Computing |
| Pages | 501-510 |
| Number of pages | 10 |
| DOIs | |
| Publication status | Published - 19 Oct 2012 |
| MoE publication type | A4 Conference publication |
| Event | ACM International Joint Conference on Pervasive and Ubiquitous Computing - Pittsburgh, United States Duration: 5 Sept 2012 → 8 Sept 2012 Conference number: 14 |
Conference
| Conference | ACM International Joint Conference on Pervasive and Ubiquitous Computing |
|---|---|
| Abbreviated title | UbiComp |
| Country/Territory | United States |
| City | Pittsburgh |
| Period | 05/09/2012 → 08/09/2012 |
Keywords
- Android permissions
- Crowdsourcing
- Mental model
- Mobile app
- Privacy as expectations
- Privacy summary