A Multi-Pronged Empirical Approach to Mobile Privacy Investigation

2014

As mobile computing applications have become commonplace, it is increasingly important for them to address end-users' privacy requirements. Mobile privacy requirements depend on a number of contextual socio-cultural factors to which mobility adds another level of contextual variation. However, traditional requirements elicitation methods do not sufficiently account for contextual factors and therefore cannot be used effectively to represent and analyse the privacy requirements of mobile end users. On the other hand, methods that investigate contextual factors tend to produce data which can be difficult to use for requirements modelling. To address this problem, we have developed a Distillation approach that employs a problem analysis model to extract and refine privacy requirements for mobile applications from raw data gathered through empirical studies involving real users. Our aim was to enable the extraction of mobile privacy requirements that account for relevant contextual ...

2013

We use the legal framework of captive audience to examine the FTC’s 2012 privacy guidelines as applied to mobile marketing. We define captive audiences as audiences without functional opt-out mechanisms to avoid situations of coercive communication. By analyzing the current mobile marketing ecosystem, we show that the FTC’s privacy guidelines inspired by the Canadian “privacy by design” paradigm fall short of protecting consumers against invasive mobile marketing in at least three respects: (a) the guidelines ignore how, in the context of data monopolies, the combination of location and personal history data threatens autonomy of choice; (b) the guidelines focus exclusively on user control over data sharing, while ignoring control over communicative interaction; (c) the reliance on market mechanisms to produce improved privacy policies may actually increase opt-out costs for consumers. We conclude by discussing two concrete proposals for improvement: a “home mode” for mobile privacy and target-specific privacy contract negotiation.

Advances in E-Business Research

The development of smart phones and other smart devices has led to the development of mobile applications, which are in use frequently by the users. It is also anticipated that the number of mobile applications will grow rapidly in the next years. This topic has, therefore, been researched highly in the past years. Mobile applications gather user data and that is why privacy and security in mobile applications is a very important research topic. In this chapter we give an overview of the current research on privacy and security issues of mobile applications.

2009

2009). Studying location privacy in mobile applications: 'predator vs. prey' probes.

Proceedings of the 36th International Conference on Software Engineering, 2014

As mobile computing applications have become commonplace, it is increasingly important for them to address end-users' privacy requirements. Privacy requirements depend on a number of contextual socio-cultural factors to which mobility adds another level of contextual variation. However, traditional requirements elicitation methods do not sufficiently account for contextual factors and therefore cannot be used effectively to represent and analyse the privacy requirements of mobile end users. On the other hand, methods that do investigate contextual factors tend to produce data that does not lend itself to the process of requirements extraction. To address this problem we have developed a Privacy Requirements Distillation approach that employs a problem analysis framework to extract and refine privacy requirements for mobile applications from raw data gathered through empirical studies involving end users. Our approach introduces privacy facets that capture patterns of privacy concerns which are matched against the raw data. We demonstrate and evaluate our approach using qualitative data from an empirical study of a mobile social networking application.

Mobile Networks and Applications

Our smartphone is full of applications and data that analytically organize, facilitate and describe our lives. We install applications for the most varied reasons, to inform us, to have fun and for work, but, unfortunately, we often install them without reading the terms and conditions of use. The result is that our privacy is increasingly at risk. Considering this scenario, in this paper, we analyze the user's perception towards privacy while using smartphone applications. In particular, we formulate two different hypotheses: 1) the perception of privacy is influenced by the knowledge of the data used by the installed applications; 2) applications access to much more data than they need. The study is based on two questionnaires (within-subject experiments with 200 volunteers) and on the lists of installed apps (30 volunteers). Results show a widespread abuse of data related to location, personal contacts, camera, Wi-Fi network list, running apps list, and vibration. An in-depth analysis shows that some features are more relevant to certain groups of users (e.g., adults are mainly worried about contacts and Wi-Fi connection lists; iOS users are sensitive to smartphone vibration; female participants are worried about possible misuse of the smartphone camera).

2013

Abstract The evolution of mobile network technologies and smartphones has provided mobile consumers with unprecedented access to Internet and value-added services while on the move. Privacy issues in such context become critically important because vendors may access a large volume of personal information.

Proceedings of the …, 2009

Mobile privacy concerns are central to Ubicomp and yet remain poorly understood. We advocate a diversified approach, enabling the cross-interpretation of data from complementary methods. However, mobility imposes a number of limitations on the methods that can be effectively employed. We discuss how we addressed this problem in an empirical study of mobile social networking. We report on how, by combining a variation of experience sampling and contextual interviews, we have started focusing on a notion of ...

The evolution of mobile network technologies and smartphones has provided mobile consumers with unprecedented access to Internet and value-added services while on the move. Privacy issues in such context become critically important because vendors may access a large volume of personal information. Although several pioneering studies have examined general privacy risks, few systematic attempts have been made to provide a theory-driven framework on the specific nature of privacy concerns among mobile consumers. To fill the gap in the literature, this article introduced a 9-item scale, which was shown to reasonably represent the dimensionality of mobile users' information privacy concerns (MUIPC), categorized as perceived surveillance, perceived intrusion, and secondary use of personal information. Through a survey study (n=310), the three-factor structure of MUIPC as revealed in exploratory factor analysis was further confirmed through confirmatory factor analysis. Further analysis revealed that the second-order model of MUIPC performed better than its first-order model.

El Profesional de la Información

This article aims to offer a guide of observed practices based on the main results obtained after the two-year European Feder project (April 2013-15) 'Public and private in mobile communications' carried out at LabCom.IFP, Beira Interior University in Portugal. Both quantitative and qualitative methods were used (surveys, interviews, focus groups, content analysis, digital ethnography, observation ethnography, workshops, etc.) in order to describe how users manage their public, private, intimate and personal spheres within the mobile media ecosystem. Results obtained showed an increased awareness of the risks without a concomitant exploration of consequences, an extensively circumstantial behaviour pattern influenced by interface design and volatile policies, terms and conditions, and a lack of rational user behaviours and performances.

CHI Conference on Human Factors in Computing Systems, 2022

We conducted a user study with 380 Android users, profling them according to two key privacy behaviors: the number of apps installed and the Dangerous permissions granted to those apps. We identifed four unique privacy profles: 1) Privacy Balancers (49.74% of participants), 2) Permission Limiters (28.68%), 3) App Limiters (14.74%), and 4) the Privacy Unconcerned (6.84%). App and Permission Limiters were signifcantly more concerned about perceived surveillance than Privacy Balancers and the Privacy Unconcerned. App Limiters had the lowest number of apps installed on their devices with the lowest intention of using apps and sharing information with them, compared to Permission Limiters who had the highest number of apps installed and reported higher intention to share information with apps. The four profles refect the difering privacy management strategies, perceptions, and intentions of Android users that go beyond the binary decision to share or withhold information via mobile apps. CCS CONCEPTS • Security and privacy → Usability in security and privacy; • Human-centered computing → Human computer interaction (HCI); • Empirical studies in HCI;

Proceedings on Privacy Enhancing Technologies

Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users’ data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard—their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smart-phone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy. We explored the following: users’ awareness of these features, why and when do they change the settings of these features, the challenges they face while configuring these features, and finally the mitigation strategies they adopt. Our findings reveal t...

2007

Ubiquitous computing is about making computers and computerized artefacts a pervasive part of our everyday lifes, bringing more and more activities into the realm of information. The computationalization, informationalization of everyday activities increases not only our reach, efficiency and capabilities but also the amount and kinds of data gathered about us and our activities. In this thesis, I explore how information systems can be constructed so that they handle this personal data in a reasonable manner. The thesis provides two kinds of results: on one hand, tools and methods for both the construction as well as the evaluation of ubiquitous and mobile systems-on the other hand an evaluation of the privacy aspects of a ubiquitous social awareness system. The work emphasises real-world experiments as the most important way to study privacy. Additionally, the state of current information systems as regards data protection is studied.

International Journal of Human-Computer Studies

The use of mobile applications continues to experience exponential growth. Using mobile apps typically requires the disclosure of location data, which often accompanies requests for various other forms of private information. Existing research on information privacy has implied that consumers are willing to accept privacy risks for relatively negligible benefits, and the offerings of mobile apps based on location-based services (LBS) appear to be no different. However, until now, researchers have struggled to replicate realistic privacy risks within experimental methodologies designed to manipulate independent variables. Moreover, minimal research has successfully captured actual information disclosure over mobile devices based on realistic risk perceptions. The purpose of this study is to propose and test a more realistic experimental methodology designed to replicate real perceptions of privacy risk and capture the effects of actual information disclosure decisions. As with prior research, this study employs a theoretical lens based on privacy calculus. However, we draw more detailed and valid conclusions due to our use of improved methodological rigor. We report the results of a controlled experiment involving consumers (n=1025) in a range of ages, levels of education, and employment experience. Based on our methodology, we find that only a weak, albeit significant, relationship exists between information disclosure intentions and actual disclosure. In addition, this relationship is heavily moderated by the consumer practice of disclosing false data. We conclude by discussing the contributions of our methodology and the possibilities for extending it for additional mobile privacy research.

Proceedings on Privacy Enhancing Technologies, 2016

Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users’ lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications and features, in many cases without a full appreciation of the nature and extent of the information that they are exposing to a variety of third parties. Nevertheless, studies show that users remain concerned about their privacy and vendors have similarly been increasing their utilization of privacy-preserving technologies in these devices. Still, despite significant efforts, these technologies continue to fail in fundamental ways, leaving users’ private data exposed.In this work, we survey the numerous components of mobile devices, giving particular attention to those that collect, process, or protect users’ private data. Whereas the individual compon...