Expectation and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing

UbiComp'12 - Proceedings of the 2012 ACM Conference on Ubiquitous Computing

Volumn , Issue , 2012, Pages 501-510

  Lin, Jialiu ^a   Amini, Shahriyar ^a   Hong, Jason I ^a   Sadeh, Norman ^a   Lindqvist, Janne ^b   Zhang, Joy ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b RUTGERS UNIVERSITY   (United States)

Author keywords

Android permissions; Crowdsourcing; Mental model; Mobile app; Privacy as expectations; Privacy summary

Indexed keywords

ANDROID PERMISSIONS; AUTOMATED TOOLS; CROWDSOURCING; LOCATION INFORMATION; MENTAL MODEL; MOBILE APP; SECURITY RESEARCH;

UBIQUITOUS COMPUTING;

EID: 84867459428     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2370216.2370290     Document Type: Conference Paper

References (39)

1. "Katz v United States 389 U.S. 347." Available: http://en.wikipedia.org/wiki/Katz-v.-United-States.
2. S. Amini, et al., "Towards Scalable Evaluation of Mobile Applications through Crowdsourcing and Automation, " CMU-CyLab-12-006, Carnegie Mellon University, 2012.
3. D. Barrera, et al., "A methodology for empirical analysis of permission-based security models and its application to android, " In Proc. CCS, 2010.
4. A. Barth, et al., "Privacy and Contextual Integrity: Framework and Applications, " In Proc. IEEE Symposium on Security and Privacy, 2006.
5. M. Benisch, et al., "Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs, " Personal and Ubiquitous Computing, 2010.
6. A. Beresford, et al., "MockDroid: trading privacy for application functionality on smartphones, " In Proc. HotMobile, 2011.
7. M. S. Bernstein, et al., "Soylent: a word processor with a crowd inside, " In Proc. UIST, 2010.
8. C. Bravo-Lillo, et al., "Bridging the gap in computer security warnings: a mental model approach, " IEEE Security & Privacy Magazine, 2010.
9. L. J. Camp, "Mental models of privacy and security, " Technology and Society Magazine, IEEE, vol. 28, 2009.
10. E. Chin, et al., "Analyzing inter-application communication in Android, " In Proc. MobiSys, 2011.
11. K. Craik, the nature of explanation, Cambridge University Press, 1943.
12. M. Egele, et al., "PiOS: Detecting Privacy Leaks in iOS Applications, " In Proc. NDSS, 2011.
13. W. Enck, "Defending Users against Smartphone Apps: Techniques and Future Directions, " in LNCS. vol. 7093, ed, 2011.
14. W. Enck, et al., "TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, " In Proc. OSDI 2010.
15. W. Enck, et al., "A Study of Android Application Security, " In Proc. USENIX Security Symposium, 2011.
16. A. P. Felt, et al., "Android permissions demystified, " In Proc. CCS, 2011.
17. A. P. Felt, et al., "A survey of mobile malware in the wild, " In Proc. SPSM, 2011.
18. A. P. Felt, et al., "Android Permissions: User Attention, Comprehension, and Behavior, " UCB/EECS-2012-26, University of California, Berkeley, 2012.
19. A. P. Felt, et al., "Permission re-delegation: attacks and defenses, " In Proc. USENIX conference on Security, 2011.
20. N. Good, et al., "Stopping spyware at the gate: a user study of privacy, notice and spyware, " In Proc. SOUPS, 2005.
21. S. Grobart. "The Facebook Scare That Wasn't." Available: http://gadgetwise.blogs.nytimes.com/2011/08/10/thefacebook-scare-that-wasnt/.
22. P. Hornyack, et al., "These aren't the droids you're looking for: retrofitting android to protect data from imperious applications, " In Proc. CCS, 2011.
23. C. Jensen and C. Potts, "Privacy policies as decision-making tools: an evaluation of online privacy notices, " In Proc. CHI, 2004.
24. J. Jeon, et al., "Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android, " 2012.
25. P. G. Kelley, et al., "A "nutrition label" for privacy, " In Proc. SOUPS, 2009.
26. P. G. Kelley, et al., "A Conundrum of permissions: Installing Applications on an Android Smartphone, " In Proc. USEC, 2012.
27. G. Liu, et al., "Smartening the crowds: computational techniques for improving human verification to fight phishing scams, " In Proc. SOUPS, 2011.
28. M. Nauman, et al., "Apex: extending Android permission model and enforcement with user-defined runtime constraints, " In Proc. ASIACCS, 2010.
29. D. Norman, The design of everyday things: Basic Books, 2002.
30. L. Palen and P. Dourish, "Unpacking "privacy" for a networked world, " In Proc. CHI, 2003.
31. S. Patil, et al., "With a little help from my friends: can social navigation inform interpersonal privacy preferences?, " In Proc. Proceedings of the ACM 2011 conference on Computer supported cooperative work, 2011.
32. N. Sadeh, et al., "Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application, " The Journal of Personal and Ubiquitous Computing, 2009.
33. D. J. Solove, "A Taxonomy of Privacy, " University of Pennsylvania Law Review, Vol. 154, No. 3, January 2006.
34. A. Thampi. "Path uploads your entire iPhone address book to its servers." Available: http://mclov.in/2012/02/08/pathuploads-your-entire- address-book-to-their-servers.html.
35. S. Thurm and Y. I. Kane, "Your Apps are Watching You, " WSJ, 2011.
36. T. Vidas, et al., "Curbing android permission creep, " Proceedings of the Web, vol. 2, 2011.
37. A. Wagner. "Google Posts Refreshed Android Distribution Numbers." Available: http://www.twylah.com/surfingislander/tweets/ 177040176181288960.
38. R. Wash, "Folk models of home computer security, " In Proc. SOUPS, 2010.
39. Y. Zhou, et al., "Taming Information-Stealing Smartphone Applications (on Android), " In Proc. TRUST, 2011.