260 likes | 274 Views
This study examines user behavior and attitudes towards privacy in mobile computing. Findings show that users exercise little caution in preserving mobile privacy, underestimate privacy threats, and have a different understanding of privacy compared to the security community. The study also explores how demographics and device ownership influence behavior and usage of privacy-enhancing tools.
E N D
Mobile Usage Patterns and Privacy ImplicationsMichael MitchellMarch 27, 2015 RatneshPatidar, ManikSaini, Parteek Singh, An-I Wang Florida State University • Peter Reiher • University of California, Los Angeles
Introduction • Privacy is a major concern for pervasive & mobile computing • Current understanding incomplete • Subjective nature of privacy • Automatic detection limited • Important to understand what privacy actually means to people • Make the right tools to fix the right problems
Overview • Empirical data on user privacy behavior limited • Conducted a survey-based study of ~600 users • Major findings include: • (1) People exercise little caution preserving mobile privacy • (2) Privacy is not equal to trust • (3) Users underestimate mobile app privacy threats • (4) Users’ understanding of privacy is different from that of the security community
Research Questions • Primary survey goal: examine how mobile users feel about privacy • What does it mean to be private? • Do users alter computing behavior in certain environments? Around certain people? • Secondary goal: understand user behavior and general mobility patterns • Where, when, and how mobile devices are used • Does gender, ethnicity, age, income, choices of technology, or technical sophistication influence behavior?
Background & Early Challenges • Privacy subjective, requires human interaction • Human Subject (IRB) Approval • Participant recruitment • Participant motivation and compensation
Mobile Usage Questionnaire • ~100 questions in total via mobile app & web • Questions cover: • Background, demographics, hardware ownership • Computing tasks performed by location in public and private • Where/when/why behavior changes • Usage of privacy/security tools • $1000 was allocated for prizes • Chance to win one of 66 $15 Starbucks gift cards
Participant Demographics • FSU Survey • 292 total participants • Median age of 22; 6 years computing experience • Craigslist Survey • 303 total participants • Median age of 27; 6 years computing experience • Few differences observed between surveys • Unless otherwise noted all results reflective of combined 595 responses
Device Market Share • Phones & tablets of survey participants reflect U.S. market share • Within 7% of target demographics • Slightly more Apple, slightly fewer Android • Not quite as reflective of laptops • Fewer Windows users (by 28%) • More Apple (by 21%) and Linux users (by 7%)
Device Ownership • Does hardware preference play a role in mobility or privacy? • Relationship between brands and behaviors? • Men, tech-savvy users, and minorities • Own Android devices (up to 20%) • Own Windows laptops (up to 19%)
Brand Homogeneity • Participant brand loyalty • iPhone owners more frequently own an Apple laptop or tablet (by up to 28%) • Android owners more frequently own an Android tablet (by 15%) • More pronounced in FSU data set • iPhone owners more frequently own Apple laptops and tablets (by up to 40%)
Most Common Public & Private Tasks Top 5 tasks significantly more frequent Most have little difference in public/private
Categorical Public & Private Tasks Top 2 categories significantly more frequent Most have little difference in public/private
Public & Private Tasks by Risk Level More often in private Little difference in public/private?
Public & Private Activity Overall • Behavioral differences in public and private among groups not statistically significant • Genders, technical backgrounds, and ethnicities • A few exceptions: • Women use social networking more frequently than men in public and private (up to 40%) • Tech-savvy users more likely to email in public and private (up to 24%),
Who Makes Users Change Behavior? More familiar > 10% Never change behavior Less familiar
Usage of Privacy Enhancing Tools Technical background more likely to encrypt Differences less pronounced for password vaults
OS & App Permission Compliance More likely to comply with apps than OS?
Implications of Apple Ownership? • Compared to Android owners, Apple users: • Use devices more in public locations (up to 16%) • Use their devices more for most social mobile computing tasks • Texting, e-mailing, and social networking (up to 63%) • Have less regard for security • WiFi - 86% of iPhone owners use open, public networks without security, (6% above average) • Less likely to use encryption (by 7%)
Survey Lessons • Survey speaks to user attitudes towards privacy, not necessarily actual behavior • User attitudes critical in determining success of a privacy or security measure • As important to a privacy mechanism’s success as the technical details of how it works? • Important for developers of mobile and pervasive privacy preserving mechanisms
Privacy Implications on Systems • Users are far more concerned about protecting their privacy from familiar people • Parents twice the privacy threat as strangers? • Perhaps privacy preserving mechanisms designed to protect against family and friends? • Researchers must ensure that their goals align with users’ real privacy desires
Privacy, Trust, Anonymity • Results suggest that trust and privacy are largely orthogonal • Those most trusted are also the most feared • Perhaps perception of anonymity towards strangers? • False sense of security could face serious consequences
On-going/Future Work • Reported behavior = actual behavior? • On-going long term usage study • 35 selected users over three months • Developed “Big Brother” Android firmware • Tracks location, usage, histories, etc. • Compare actual usage with user reported changes • Determine if users actually behave how they claim
Conclusion • Users not concerned about preserving mobile privacy? • Even tech-savvy users do not alter their behavior based on their surroundings • Obvious critical question: • Users unaware of the risks? Or • Aware and simply do not care? • If users don’t care about privacy, only the least intrusive mechanisms will succeed • Philosophically, is it even our business to care?
Thank you Mobile Usage Patterns and Privacy ImplicationsMichael Mitchellmitchell@cs.fsu.edu • All interaction with human subjects was approved by the Florida State University IRB Human Subjects Committee, approval number 2013.10175. • This work is sponsored by NSF CNS-1065127. • Opinions, findings, and conclusions or recommendations expressed in this document do not necessarily reflect the views of the NSF, FSU, UCLA, or the U.S. government.