What provokes Android users into revealing private information? – Paper accepted at HICCS

Eric | September 15, 2015

permissionRequest

 

In a joined work together with Nicole Eling and Prof. Buxmann from TU Darmstadt, we published a very interesting market experiment on users’ reaction to fine-grained permission requests. This work thus explores the following research questions using a self-developed mobile application:

 

  1. How does the precision of an information request influence users’ disclosure of personal information?
  2. Is this effect different for users with different security backgrounds?


These research questions are investigated using data obtained through a smartphone app offered in Google Play. By doing so, we meet the call for measuring real behavior instead of stated willingness to disclose. This is important as users’ intentions often differ from user behavior in the context of privacy. In the paper we discuss the following hypothesis:

  1. A fine-grained permission request during runtime is less likely to be accepted than a generic permission request before installation.
  2. A data request containing concrete user information reduces the user’s likelihood to accept it.
  3. Security aware users are less likely to accept data requests.
  4. Security awareness moderates the effect of the level of detail of the information requests on information disclosure.

Title: Investigating Users’ Reaction to Fine-Grained Data Requests: A Market Experiment
Abstract: The market for smartphone applications is steadily growing. Unfortunately, along with this growth, the number of malicious applications is increasing as well. To identify this malware, various automatic code-analysis tools have been developed. These tools are able to assess the risk associated with a specific app. However, informing users about these findings is often difficult. Currently, on Android, users decide about applications based on coarse- grained permission dialogs during installation. As these dialogs are quite abstract, many users do not read or understand them. Thus, to make the more detailed findings from security research accessible, new mechanisms for privacy communication need to be assessed. In our market experiment, we investigate how fine-grained data requests during runtime affect users’ information disclosure. We find that many users reverse their decision when prompted with a fine-grained request. Additionally, an effect of security awareness and level of detail on disclosure was found.

Cross-posted from SEEBlog

Comments
Comments Off on What provokes Android users into revealing private information? – Paper accepted at HICCS
Categories
Research

ISC Best Student Paper Award

Eric | September 15, 2015

All join me in congratulating my Ph.D. student Kevin Falzon for receiving the Best Student Paper Award at ISC this year! His paper Dynamically Provisioning Isolation in Hierarchical Architectures describes how live migration may be used to dynamically isolate process, for instance to hinder them from forming side channels or covert channels.

Cross-posted from SEEBlog

Comments
Comments Off on ISC Best Student Paper Award
Categories
Research