Abstract
Android and iOS mobile operating systems use permissions to enable phone owners to manage access to their device's resources. Both systems provide resource access dialogues at first use and per-resource controls. Android continues to offer permission manifests in the Android PlayStore for older apps but is transitioning away from this. Neither manifests nor first-use dialogues enable people to easily compare apps based on resource requests, and the corresponding privacy and security risks. Without the ability to compare resource requests when choosing an app, customers cannot select those apps that request fewer resources. Unnecessary and excessive permission requests, overuse of resources, information exfiltration, and risky apps are endemic. To address this issue we built upon past work in warning science and risk communication to design multimedia indicators to communicate the aggregate privacy and security risk associated with an app. Specifically, we provided participants with a privacy rating using the familiar padlock icon and used audio notifications to either warn or reinforce user choices. We empirically tested participants' app decisions with these padlock icons and audio notifications. The results showed that people with both visual cues and audio feedback are more likely to make app choices that are inversely correlated with the resources requested by the app. Those with neither indicators made decisions reflecting only app rating, while decisions made by those with either the audio or the visual indicators are sometimes inversely correlated with resource requests. This illustrates that simple clear communication about apps' aggregate risk, as opposed to atomic resource requests, changes participants' app selections potentially mitigating the state of information overuse and potential abuse. Additionally, neither the visual indicator nor the audio feedback affected the time required for participants to make a decision.
Highlights
Apps are often over-privileged, asking for more resources and sharing more information than is necessary
Our results indicate that participants who engaged with a multimedia warning system were more likely to make privacypreserving app choices than those provided only with audio feedback or visual indicators
Our experiment tested the efficacy of a visual cue, audio feedback, and a combination of these
Summary
Apps are often over-privileged, asking for more resources and sharing more information than is necessary. Users are responsible for managing risks by approving (or disapproving) app permissions requests in both iOS and Android devices. To evaluate apps nontechnical people are relying on peer patterns of use, social feedback, ratings, and Android market reviews These do not include usable information about over-privileging, use of resources, or corresponding risks. We ground our experiment in the user understanding of the permissions models and corresponding potential risks at the time of the work for Android and iOS. The decision-maker had the option to install the app and grant it all the permissions in the manifest, or they could deny the permissions and not install the app This is still the case for devices running Android 5.1 or lower. In the iOS model (and Android versions 6.0 and higher), people are presented with permissions requests during run-time.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
