Android Permission Manager, Visual Cues, and their Effect on Privacy Awareness and Privacy Literacy

Abstract

Android applications request specific permissions from users during the installations to perform required functionalities by accessing system resources and personal information. Usually, users must approve the permissions requested by applications (apps) during the installation process and before the apps can collect privacy- or security-relevant information. However, recent studies have shown that users are overwhelmed with the information provided in privacy policies and do not understand permission requests and which functionalities are necessary for certain applications. Hereby, the collection of personal information remains mostly hidden, as the task of verifying to which information different apps have access to can be very complicated. Therefore, it is necessary to develop frameworks and apps that enable the user to perform informed decisions about apps’ run-time permission access to facilitate the control over sensitive information collected by various apps on smartphones. In this work, we conducted an online study with 70 participants who interacted with a mockup app that enables advanced control over permission requests. The selected permissions are based on the apps’ run-time permission access patterns and explanations, and commonly known visual cues are used to facilitate the user’s understanding and privacy-conscious decision making. Furthermore, the effects of perceived control over information sharing and privacy awareness are examined in combination with the permission manager mockup app to investigate if increased control over information sharing increases general privacy awareness. Our results show an interplay between increased control and privacy awareness when explanations and common visual cues are presented to the user. However, the direction of the interplay between increased control and privacy awareness was surprising. Privacy awareness dropped for the experimental group, which received advanced explanations and visual nudges for privacy-conscious decision making. Interestingly privacy awareness significantly increased for the control group, which only received a plain privacy nudge. Therefore, we suggest that increased control over information sharing does not necessarily lead to improved privacy-decision making, and privacy by default might be a more effective design choice.