A Longitudinal Study of Information Privacy on Mobile Devices

Mobile applications continue to experience explosive growth. Using mobile apps often requires disclosing location data-often along with various other forms of private information. Existing research has implied that consumers are willing to accept privacy risks for relatively smaller benefits and the mobile app context appears to be no different. In other words, consumers do not demonstrate perfect rationality regarding their valuation of risks and benefits regarding mobile app information disclosure. This study employs a theoretical lens based on privacy calculus, but integrated with prospect theory and intertemporal choice to explain how and why this "bounded" rationality occurs in information disclosure decisions through mobile apps. It reports the results of a controlled experiment involving consumers (n=1025) in a range of ages, education, and employment experience based on actual information disclosure. We find that consumers undervalue the probability of risks and have difficulty separating their existing risk exposure from potential new threats.

International Journal of Human-Computer Studies

The use of mobile applications continues to experience exponential growth. Using mobile apps typically requires the disclosure of location data, which often accompanies requests for various other forms of private information. Existing research on information privacy has implied that consumers are willing to accept privacy risks for relatively negligible benefits, and the offerings of mobile apps based on location-based services (LBS) appear to be no different. However, until now, researchers have struggled to replicate realistic privacy risks within experimental methodologies designed to manipulate independent variables. Moreover, minimal research has successfully captured actual information disclosure over mobile devices based on realistic risk perceptions. The purpose of this study is to propose and test a more realistic experimental methodology designed to replicate real perceptions of privacy risk and capture the effects of actual information disclosure decisions. As with prior research, this study employs a theoretical lens based on privacy calculus. However, we draw more detailed and valid conclusions due to our use of improved methodological rigor. We report the results of a controlled experiment involving consumers (n=1025) in a range of ages, levels of education, and employment experience. Based on our methodology, we find that only a weak, albeit significant, relationship exists between information disclosure intentions and actual disclosure. In addition, this relationship is heavily moderated by the consumer practice of disclosing false data. We conclude by discussing the contributions of our methodology and the possibilities for extending it for additional mobile privacy research.

AIS Transactions on Human-Computer Interaction, 2016

Mobile applications (also known as "apps") have rapidly grown into a multibillion-dollar industry. Because they are available through devices that are "always on" and often with the user, users often adopt mobile apps "on the fly" as they need them. As a result, users often base their adoption and disclosure decisions only on the information provided through the mobile app delivery platform (e.g., the Apple App Store™ or Google Play™). The fact that using a mobile app often requires one to disclose an unprecedented combination of personal information (e.g., location data, preferences, contacts, calendars, browsing history, music library) means that one makes a complex risk/benefit tradeoff decision based on only the small amount of information that the mobile app delivery platform provides-and all in a short period of time. Hence, this process is much shorter and much riskier than traditional software adoption. Through two experiments involving 1,588 mobile app users, we manipulated three primary sources of information provided by a platform (app quality ratings, network size, and privacy assurances) to understand their effect on perceptions of privacy risks and benefits and, in turn, how they influence consumer adoption intentions and willingness to pay (WTP). We found that network size influenced not only perceived benefits but also the perceived risks of apps in the absence of perfect information. In addition, we found that integrating a third party privacy assurance system into the app platform had a significant influence on app adoption and information disclosure. We also found that a larger network size reduces LBS privacy risk perceptions, which confirms our information cascade hypothesis. We discuss the implications of these findings for research and practice.

2018

The diffusion of smart mobile devices and therewith apps into everyday life comes along with the permanent disclosure of sensitive and personal data. Despite the concerns individuals have regarding their information privacy, they act oppositional. However, through the permanent disclosure of sensitive and personal information, privacy of individuals is at risk. The risk of privacy is intensified by the classification of the mobile app download and the usage decision processing as low effort processes without much deliberation. Therefore, the article follows the call of Dinev et al. (2015) to consider principles from behavioural economics and social psychology to investigate its influences on privacy decisions. This is operationalised with six independent experiments to examine the influence of cognitive biases on app information privacy concerns. The results support the underlying assumption of app decision-making as a low effort process and confirmed that different stimuli do influ...

JITK (Jurnal Ilmu Pengetahuan dan Teknologi Komputer)

Data growth increased alongside the rise of mobile app users in financial services. In Indonesia, the number of financial services application downloads reached 24 million by the end of 2022, with a 28.72 percent increase in transactions. However, this growth also brings issues regarding the potential misuse of personal information, although according to the Personal Data Protection Act (UU PDP) in Indonesia, personal data is protected and kept confidential when accessed by another party. This prompts users to be more cautious in disclosing personal information. On the other hand, users are faced with risks to personal data that can be accessed by service providers, one of which is through app permissions. This research focuses on the influence of App Permission Concerns on users' intentions to disclose their personal information, with a case study of a money transfer services app in Indonesia, namely Flip, that received numerous negative reviews about users' data privacy c...

2015

Mobile computing has provided technology to an unprecedented user base and has created a market for applications that is expected to reach $77 billion by 2017, involving over 268 billion downloads. Nearly every download involves privacy messages that request permissions to access information such as contact, calendar, and location information. Recent cases have revealed that users are often surprised when they discover the permissions they have granted, which implies that not everyone reads them carefully. In this paper we propose a research agenda focusing on the decisions that users make about those permissions requests. Several theories provide promising antecedents to explain acceptance of privacy permissions. Nine propositions are presented, with three from each research bases from social, economic, and cognitive perspectives. The research agenda thus is a combination hybrid social/economic/cognitive approach. The agenda complements extant research that has focused on privacy c...

Electronic Markets, 2019

Smart devices provide unprecedented access to users’ personal information, on which businesses capitalize to offer personalized services. Although users must grant permission before their personal information is shared, they often do so without knowing the consequences of their decision. Based on the EU General Data Protection Regulation, which mandates service providers to comprehensively inform users about the purpose and terms of personal data processing, this article examines how increased transparency regarding personal data processing practices in mobile permission requests impact users in making informed decisions. We conducted an online experiment with 307 participants to test the effect of transparency on users’ decisions about and comprehension of the requested permission. The results indicate increased comprehension of data processing practices when privacy policies are transparently disclosed, whereas acceptance rates do not vary significantly. We condense our findings i...