1. bookVolume 2019 (2019): Issue 2 (April 2019)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Skip, Skip, Skip, Accept!!!: A Study on the Usability of Smartphone Manufacturer Provided Default Features and User Privacy

Published Online: 04 May 2019
Page range: 209 - 227
Received: 31 Aug 2018
Accepted: 16 Dec 2018
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users’ data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard—their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smart-phone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy. We explored the following: users’ awareness of these features, why and when do they change the settings of these features, the challenges they face while configuring these features, and finally the mitigation strategies they adopt. Our findings reveal that users of both platforms have limited awareness of these features and their privacy implications. Awareness of these features does not imply that a user can easily locate and adjust them when needed. Furthermore, users attribute their failure to configure default features to hidden controls and insufficient knowledge on how to configure them. To cope with difficulties of finding controls, users employ various coping strategies, some of which are platform specific but most often applicable to both platforms. However, some of these coping strategies leave users vulnerable.

Keywords

[1] A. Acquisti, L. Brandimarte, and G. Loewenstein. Privacy and human behavior in the age of information. Science, 347(6221):509–514, 2015.Search in Google Scholar

[2] Y. Agarwal and M. Hall. Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing. In Proceeding of the 11th annual international conference on Mobile systems, applications, and services, pages 97–110. ACM, 2013.Search in Google Scholar

[3] H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, and Y. Agarwal. Your location has been shared 5,398 times#: A field study on mobile app privacy nudging. In Proceedings of the 33rd annual ACM conference on human factors in computing systems, pages 787–796. ACM, 2015.Search in Google Scholar

[4] R. Balebako, J. Jung, W. Lu, L. F. Cranor, and C. Nguyen. Little brothers watching you: Raising awareness of data leaks on smartphones. In Proceedings of the Ninth Symposium on Usable Privacy and Security, page 12. ACM, 2013.Search in Google Scholar

[5] M. H. Blackmon, P. G. Polson, M. Kitajima, and C. Lewis. Cognitive walkthrough for the web. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’02, pages 463–470, New York, NY, USA, 2002. ACM.Search in Google Scholar

[6] V. Braun and V. Clarke. Using thematic analysis in psychology. Qualitative research in psychology, 3(2):77–101, 2006.Search in Google Scholar

[7] E. Chin, A. P. Felt, V. Sekar, and D. Wagner. Measuring user confidence in smartphone security and privacy. In Proceedings of the eighth symposium on usable privacy and security, page 1. ACM, 2012.Search in Google Scholar

[8] G. Conti and E. Sobiesk. Malicious interface design: exploiting the user. In Proceedings of the 19th international conference on World wide web, pages 271–280. ACM, 2010.Search in Google Scholar

[9] S. Dufau, J. A. Duñabeitia, C. Moret-Tatay, A. McGonigal, D. Peeters, F.-X. Alario, D. A. Balota, M. Brysbaert, M. Carreiras, L. Ferrand, et al. Smart phone, smart science: how the use of smartphones can revolutionize research in cognitive science. PloS one, 6(9):e24974, 2011.Search in Google Scholar

[10] M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In NDSS, pages 177–183, 2011.Search in Google Scholar

[11] S. Egelman, A. P. Felt, and D. Wagner. Choice architecture and smartphone privacy: There’s a price for that. In The economics of information security and privacy, pages 211–236. Springer, 2013.Search in Google Scholar

[12] W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems (TOCS), 32(2):5, 2014.Search in Google Scholar

[13] I. Etikan, S. A. Musa, and R. S. Alkassim. Comparison of convenience sampling and purposive sampling. American Journal of Theoretical and Applied Statistics, 5(1):1–4, 2016.Search in Google Scholar

[14] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, pages 627–638. ACM, 2011.Search in Google Scholar

[15] A. P. Felt, S. Egelman, and D. Wagner. I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pages 33–44. ACM, 2012.Search in Google Scholar

[16] A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. In Proceedings of the eighth symposium on usable privacy and security, page 3. ACM, 2012.Search in Google Scholar

[17] R. N. from AP NEWS. AP Exclusive: Google tracks your movements, like it or not, 2018 (accessed September 12, 2018). https://www.apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not.Search in Google Scholar

[18] C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale. In S. Katzenbeisser, E. Weippl, L. J. Camp, M. Volkamer, M. Reiter, and X. Zhang, editors, Trust and Trustworthy Computing, pages 291–307, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg.Search in Google Scholar

[19] R. Gross and A. Acquisti. Information revelation and privacy in online social networks. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pages 71–80. ACM, 2005.Search in Google Scholar

[20] I. Hadar, T. Hasson, O. Ayalon, E. Toch, M. Birnhack, S. Sherman, and A. Balissa. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering, 23(1):259–289, 2018.Search in Google Scholar

[21] I. Hadar, T. Hasson, O. Ayalon, E. Toch, M. Birnhack, S. Sherman, and A. Balissa. Privacy by designers: software developers’ privacy mindset. Empirical Software Engineering, 23(1):259–289, Feb 2018.Search in Google Scholar

[22] E. Hargittai et al. Facebook privacy settings: Who cares? First Monday, 15(8), 2010.Search in Google Scholar

[23] P. Hornyack, S. Han, J. Jung, S. Schechter, and D. Wetherall. These aren’t the droids you’re looking for: Retrofitting android to protect data from imperious applications. In Proceedings of the 18th ACM conference on Computer and communications security, pages 639–652. ACM, 2011.Search in Google Scholar

[24] G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. D. Abowd. Developing privacy guidelines for social location disclosure applications and services. In Proceedings of the 2005 symposium on Usable privacy and security, pages 65–76. ACM, 2005.Search in Google Scholar

[25] Q. Ismail, T. Ahmed, K. Caine, A. Kapadia, and M. Reiter. To permit or not to permit, that is the usability question: Crowd-sourcing mobile apps’ privacy permission settings. Proceedings on Privacy Enhancing Technologies, 2017(4):119–137, 2017.Search in Google Scholar

[26] Q. Ismail, T. Ahmed, A. Kapadia, and M. K. Reiter. Crowd-sourced exploration of security configurations. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pages 467–476. ACM, 2015.Search in Google Scholar

[27] L. Jedrzejczyk, B. A. Price, A. K. Bandara, and B. Nuseibeh. On the impact of real-time feedback on users’ behaviour in mobile location-sharing applications. In Proceedings of the Sixth Symposium on Usable Privacy and Security, page 14. ACM, 2010.Search in Google Scholar

[28] J. Jung, S. Han, and D. Wetherall. Short paper: enhancing mobile application permissions with runtime feedback and constraints. In Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, pages 45–50. ACM, 2012.Search in Google Scholar

[29] P. Kelley, S. Consolvo, L. Cranor, J. Jung, N. Sadeh, and D. Wetherall. A conundrum of permissions: installing applications on an android smartphone. Financial cryptography and data security, pages 68–79, 2012.Search in Google Scholar

[30] J. Kim, Y. Yoon, K. Yi, J. Shin, and S. Center. Scandal: Static analyzer for detecting privacy leaks in android applications. MoST, 12, 2012.Search in Google Scholar

[31] J. King. How Come I’m Allowing Strangers to Go Through My Phone? Smartphones and Privacy Expectations. 2012. http://jenking.net/mobile/.Search in Google Scholar

[32] J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang. Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pages 501–510. ACM, 2012.Search in Google Scholar

[33] J. Lin, B. Liu, N. Sadeh, and J. I. Hong. Modeling users’ mobile app privacy preferences: Restoring usability in a sea of permission settings. In 10th Symposium On Usable Privacy and Security (SOUPS 2014), pages 199–212, Menlo Park, CA, 2014. USENIX Association.Search in Google Scholar

[34] B. Liu, M. S. Andersen, F. Schaub, H. Almuhimedi, S. Zhang, N. Sadeh, A. Acquisti, and Y. Agarwal. Follow my recommendations: A personalized privacy assistant for mobile app permissions. In Symposium on Usable Privacy and Security, 2016.Search in Google Scholar

[35] B. Liu, J. Lin, and N. Sadeh. Reconciling mobile app privacy and usability on smartphones: Could user privacy profiles help? In Proceedings of the 23rd international conference on World wide web, pages 201–212. ACM, 2014.Search in Google Scholar

[36] R. Liu, J. Cao, K. Zhang, W. Gao, J. Liang, and L. Yang. When privacy meets usability: unobtrusive privacy permission recommendation system for mobile apps based on crowdsourcing. IEEE Transactions on Services Computing, 2016.Search in Google Scholar

[37] A. M. McDonald and L. F. Cranor. The cost of reading privacy policies. ISJLP, 4:543, 2008.Search in Google Scholar

[38] K. Micinski, D. Votipka, R. Stevens, N. Kofinas, M. L. Mazurek, and J. S. Foster. User interactions and permission use on android. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, CHI ’17, pages 362–373, New York, NY, USA, 2017. ACM.Search in Google Scholar

[39] G. Misra and J. M. Such. React: Recommending access control decisions to social media users. In Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017, ASONAM ’17, pages 421–426, New York, NY, USA, 2017. ACM.Search in Google Scholar

[40] J. Nielsen. Usability engineering. Elsevier, 1994.Search in Google Scholar

[41] J. Nielsen. Usability inspection methods. In Conference Companion on Human Factors in Computing Systems, CHI ’94, pages 413–414, New York, NY, USA, 1994. ACM.Search in Google Scholar

[42] M. Nørgaard and K. Hornbæk. What do usability evaluators do in practice?: An explorative study of think-aloud testing. In Proceedings of the 6th Conference on Designing Interactive Systems, DIS ’06, pages 209–218, New York, NY, USA, 2006. ACM.Search in Google Scholar

[43] E. L. Olmsted-Hawala, E. D. Murphy, S. Hawala, and K. T. Ashenfelter. Think-aloud protocols: a comparison of three think-aloud protocols for use in testing data-dissemination web sites for usability. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 2381–2390. ACM, 2010.Search in Google Scholar

[44] M. Raento, A. Oulasvirta, and N. Eagle. Smartphones: An emerging tool for social scientists. Sociological methods & research, 37(3):426–454, 2009.Search in Google Scholar

[45] K. M. Ramokapane, A. Rashid, and J. M. Such. “I feel stupid I can’t delete...”: A Study of Users’ Cloud Deletion Practices and Coping Strategies. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pages 241–256, Santa Clara, CA, 2017. USENIX Association.Search in Google Scholar

[46] M. Reilly. Is Facebook Targeting Ads at Sad Teens?, 2017 (accessed October 22, 2018). https://www.technologyreview.com/s/604307/is-facebook-targeting-ads-at-sad-teens/.Search in Google Scholar

[47] L. Reinfelder, Z. Benenson, and F. Gassmann. Differences between android and iphone users in their security and privacy awareness. In C. Eckert, S. K. Katsikas, and G. Pernul, editors, Trust, Privacy, and Security in Digital Business, pages 156–167, Cham, 2014. Springer International Publishing.Search in Google Scholar

[48] G. W. Ryan and H. R. Bernard. Data management and analysis methods. 2000.Search in Google Scholar

[49] B. Shebaro, O. Oluwatimi, D. Midi, and E. Bertino. Identidroid: Android can finally wear its anonymous suit. Trans. Data Privacy, 7(1):27–50, Apr. 2014.Search in Google Scholar

[50] F. Shih, I. Liccardi, and D. Weitzner. Privacy tipping points in smartphones privacy preferences. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pages 807–816. ACM, 2015.Search in Google Scholar

[51] I. Shklovski, S. D. Mainwaring, H. H. Skúladóttir, and H. Borgthorsson. Leakiness and creepiness in app space: Perceptions of privacy and mobile app use. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems, pages 2347–2356. ACM, 2014.Search in Google Scholar

[52] K. Strater and H. R. Lipford. Strategies and struggles with privacy in an online social networking community. In Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction-Volume 1, pages 111–119. British Computer Society, 2008.Search in Google Scholar

[53] C. Thompson, M. Johnson, S. Egelman, D. Wagner, and J. King. When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources. In Proceedings of the Ninth Symposium on Usable Privacy and Security, page 1. ACM, 2013.Search in Google Scholar

[54] L. Tsai, P. Wijesekera, J. Reardon, I. Reyes, S. Egelman, D. Wagner, N. Good, and J.-W. Chen. Turtle guard: Helping android users apply contextual privacy preferences. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pages 145–162, Santa Clara, CA, 2017. USENIX Association.Search in Google Scholar

[55] L. Tsai, P. Wijesekera, J. Reardon, I. Reyes, S. Egelman, D. Wagner, N. Good, and J.-W. Chen. Turtle guard: Helping android users apply contextual privacy preferences. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pages 145–162. USENIX Association, 2017.Search in Google Scholar

[56] A. Valdez. Everything You Need to Know About Face-book and Cambridge Analytica, 2018 (accessed October 22, 2018). https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/.Search in Google Scholar

[57] G. Venkatadri, E. Lucherini, P. Sapiezynski, and A. Mislove. Investigating sources of pii used in facebook’s targeted advertising. Proceedings on Privacy Enhancing Technologies, 1:18, 2018.Search in Google Scholar

[58] R. Wash. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security, page 11. ACM, 2010.Search in Google Scholar

[59] R. Wash and E. Rader. Influencing mental models of security: a research agenda. In Proceedings of the 2011 workshop on New security paradigms workshop, pages 57–66. ACM, 2011.Search in Google Scholar

[60] J. Watson, H. R. Lipford, and A. Besmer. Mapping user preference to privacy default settings. ACM Transactions on Computer-Human Interaction (TOCHI), 22(6):32, 2015.Search in Google Scholar

[61] A. Westin. Opinion Surveys: What Consumers Have To Say About Information Privacy. Testimony to the Subcommittee on Commerce, Trade, and Consumer Protection, May 8, 2001., (accessed Sep 11, 2018).Search in Google Scholar

[62] T. Yarkoni. Psychoinformatics: New horizons at the interface of the psychological and computing sciences. Current Directions in Psychological Science, 21(6):391–397, 2012.Search in Google Scholar

[63] Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming information-stealing smartphone applications (on android). In International conference on Trust and trustworthy computing, pages 93–107. Springer, 2011.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo