1 / 69

Choice Architectures for Mobile Privacy and Security: A Research Agenda

Choice Architectures for Mobile Privacy and Security: A Research Agenda. Serge Egelman UC Berkeley. Adverse selection. Example: SMS 73% of malware uses SMS capability 3 % of legitimate applications use it SMS capability signals potential malware Advice: “Don’t use apps that require SMS”

edmund
Download Presentation

Choice Architectures for Mobile Privacy and Security: A Research Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Choice Architectures for Mobile Privacy and Security:A Research Agenda Serge Egelman UC Berkeley

  2. Adverse selection Example: SMS 73% of malware uses SMS capability 3% of legitimate applications use it SMS capability signals potential malware Advice: “Don’t use apps that require SMS” Is it possible to follow this advice?

  3. Example: Installation

  4. Step 1: Search

  5. Step 2: Select application

  6. Step 3: View description

  7. Step 4: View permissions

  8. Step 5: View permissions…still Services that cost you money Send SMS messages

  9. Step 6: Go back

  10. Step 7: Go back

  11. Step 8: Select application

  12. Step 9: View description

  13. Step 10: View permissions

  14. A possible improvement

  15. Example: Existing App

  16. Step 1: Find apps

  17. Step 2: Find settings app

  18. Step 3: Scroll…

  19. Step 4: Click…

  20. Step 5: Find applications

  21. Step 6: Click…

  22. Step 7: Manage applications

  23. Step 8: Click…

  24. Step 9: Find particular app

  25. Step 10: Click…

  26. Step 11: View app settings

  27. Step 12: Scroll to permissions

  28. There must be a better way!

  29. Agenda Choice architecture Lessons from privacy research Previous findings Questions and considerations

  30. Framing options to have an impact on outcome Choice architectures R. Thaler and C. Sunstein. Nudge: Improving decisions about health, wealth, and happiness. Yale University Press, New Haven and London, 2008.

  31. Smartphones Current devices implement choice architectures for granting capabilities to applications:

  32. Users aren’t being served Curating the market is expensive Does not scale Asking the first time may be insufficient Capability requests are needed Previous findings 82.5% do not notice permissions 97.4% misunderstood meanings Current architecture is unhelpful

  33. Lessons from Privacy

  34. Privacy preferences No literature [yet] on security preferences Wealth of literature on online privacy: When explicitly asked, users care what information they share and with whom1,2,3 [1] A. F. Westin. E-Commerce & Privacy: What Net Users Want. Privacy & American Business, Hackensack, NJ, 1998. http://www.pwcglobal.com/gx/eng/svcs/privacy/images/E-Commerce.pdf. [2] M. S. Ackerman, L. F. Cranor, and J. Reagle. Privacy in e-commerce: examining user scenarios and privacy preferences. In EC ’99: Proceedings of the 1st ACM Conference on Electronic Commerce, pages 1–8, New York, NY, USA, 1999. ACM. http://www.eecs.umich.edu/ackerm/pub/99b28/ecommerce.final.pdf. [3] d. boyd and E. Hargittai. Facebook privacy settings: Who cares? First Monday, 15(8), August 2010.

  35. Privacy behaviors Privacy behaviors rarely match preferences: Users readily disclose information1 Decisions are often regretted2,3 [1] S. Spiekermann, J. Grossklags, and B. Berendt. E-Privacy in 2nd Generation E-Commerce: Privacy Preferences versus Actual Behavior. In Proceedings of EC’01: Third ACM Conference on Electronic Commerce, pages 38–47, Tampa, Florida, 2001. http://www.sims.berkeley.edu/~jensg/research/ eprivacy_acm.html. [2] N. Good, R. Dhamija, J. Grossklags, S. Aronovitz, D. Thaw, D. Mulligan, and J. Konstan. Stopping spyware at the gate: A user study of privacy, notice and spyware. In Proceedings of the Symposium On Usable Privacy and Security (SOUPS 2005), pages 43–52, Pittsburgh, PA, July 2005. [3] A. Acquisti. Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the ACM Electronic Commerce Conference (EC ’04), pages 21–29, New York, NY, 2004. ACM Press. http://www.heinz.cmu.edu/~acquisti/papers/privacy-gratification.pdf.

  36. Why the discrepancy? Poorly designed choice architectures: Language is difficult1,2 Comprehension takes time3 Hyperbolic discounting4 [1] G. R. Milne and M. J. Culnan. Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. Journal of Interactive Marketing, 18(3):54–61, Summer 2004. [2] A. Anton, J. Earp, Q. He, W. Stufflebeam, D. Bolchini, and C. Jensen. Financial privacy policies and the need for standardization. IEEE Security & Privacy, 2(2):36–45, Mar-Apr 2004. [3] A. McDonald and L. Cranor. The cost of reading privacy policies. In Proceedings of the Technology Policy Research Conference, September 26–28 2008. [4] A. Acquisti and J. Grossklags. Losses, gains, and hyperbolic discounting: An experimental approach to information security attitudes and behavior. In Proceedings of The 2nd Annual Workshop on Economics and Information Security (WEIS ’03), 2003.

  37. Privacy choice architectures Improved architecture led to better choices Privacy Finder Context matters1,2 Timing matters3 Lessons for smartphones? [1] J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proceedings of the 2006 Symposium on Usable Privacy and Security, pages 133–144, 2006. [2] J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The impact of privacy indicators on search engine browsing patterns. Information Systems Research, 22(2):254–268, June 2011. [3] S. Egelman, J. Tsai, L. F. Cranor, and A. Acquisti. Timing is everything?: the effects of timing and placement of online privacy indicators. In Proceedings of the 27th international conference on Human factors in computing systems, CHI ’09, pages 319–328, New York, NY, USA, 2009. ACM.

  38. SmartphoneChoice Architecture

  39. Notice 82.5% do not look at permissions 42% unaware permissions existed 42% aware but don’t use Explanations: Many were habituated—too many requests Many were unaware—too late in the process Suggestions: Only prompt when necessary Provide information earlier

  40. Comprehension 97% could not define permissions 64% could not state SMS ability Explanations: All but one was confused with its category Not knowing full lists creates ambiguities Suggestions: Improve descriptions Narrow list of possible permissions

  41. Which permissions are important?

  42. Card sorting exercise Merged redundancies Extraneous eliminated 170 Android 16 Windows Phone 50 Total permissions

  43. Example:redundant permissions Read received SMS Power on/off Force stop applications View network state Read sent SMS Reboot Kill processes View WiFi state

  44. Example:extraneous permissions Read sync stats Allow debugging Enable multicast Set orientation Vibrate Enable flashlight Do users really need to understand these? Are these really harmful?

  45. Permission preferences survey Mechanical Turk survey measured: Level of concern for various permissions Whether users would pay for fewer permissions Demographics n=483, 52.6% Female 32.9% Android users US-based

  46. Conditions

  47. 25% willing to pay for fewer permissions

  48. Installation considerations Primary decision factors: 37% said cost 22% said description 17% said permissions Degree of consideration:1 Cost > permissions (p<0.0005) Description > permissions (p<0.0005) Ratings > permissions (p<0.0005) Permissions comparable with downloads 1. Wilcoxon signed ranks test

More Related