An Inquiry into Perception and Usage of Smartphone Permission Models

  • Lena ReinfelderEmail author
  • Andrea Schankin
  • Sophie Russ
  • Zinaida Benenson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11033)


Initially, Android and iOS took different approaches to protect users’ privacy from third-party apps by means of permissions. The old Android permission model has been repeatedly criticized for its poor usability, whereas the runtime permission model of iOS received relatively low attention in the usable security community. Since October 2015, Android also implements the runtime permission model. We compare perception and usefulness of the respective permission models by three groups: users of old Android, runtime Android and iOS permissions. To this end, we conducted a survey with over 800 respondents. The results indicate that both permission types are reportedly utilized by users for decision making regarding app usage. However, runtime permissions in Android and iOS are perceived as more useful than the old Android permissions. Users also show a more positive attitude towards the runtime permission model independently of the smartphone operating system.


Runtime permissions Android iOS User perception 


  1. 1.
    Almuhimedi, H., et al.: Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)Google Scholar
  2. 2.
    Andriotis, P., Sasse, M.A., Stringhini, G.: Permissions snapshots: assessing users’ adaptation to the android runtime permission model. In: IEEE International Workshop on Information Forensics and Security (WIFS) (2016)Google Scholar
  3. 3.
    Benton, K., Camp, L.J., Garg, V.: Studying the effectiveness of android application permissions requests. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 291–296, March 2013Google Scholar
  4. 4.
    Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with android’s runtime permission dialogs using in-context surveys. USENIX Association (2017)Google Scholar
  5. 5.
    Cohen, J.: Statistical Power Analysis for the Behavioral Sciences, pp. 20–26. Lawrence Earlbaum Associates, Hillsdale (1988)zbMATHGoogle Scholar
  6. 6.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 3:1–3:14. ACM, New York (2012)Google Scholar
  7. 7.
    Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2647–2656. ACM (2014)Google Scholar
  8. 8.
    Jung, J., Han, S., Wetherall, D.: Short paper: enhancing mobile application permissions with runtime feedback and constraints. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 45–50. ACM (2012)Google Scholar
  9. 9.
    Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). Scholar
  10. 10.
    Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2013, pp. 3393–3402. ACM, New York (2013)Google Scholar
  11. 11.
    Kraus, L., Wechsung, I., Möller, S.: Using statistical information to communicate android permission risks to users. In: 2014 Workshop on Socio-Technical Aspects in Security and Trust, pp. 48–55, July 2014Google Scholar
  12. 12.
    Micinski, K., Votipka, D., Stevens, R., Kofinas, N., Mazurek, M.L., Foster, J.S.: User interactions and permission use on android. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 362–373. ACM (2017)Google Scholar
  13. 13.
    Tan, J., et al.: The effect of developer-specified explanations for permission requests on smartphone user behavior. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 91–100. ACM (2014)Google Scholar
  14. 14.
    Thompson, C., Johnson, M., Egelman, S., Wagner, D., King, J.: When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 1. ACM (2013)Google Scholar
  15. 15.
    Tsai, L., et al.: Turtle Guard: helping android users apply contextual privacy preferences. In: Symposium on Usable Privacy and Security (SOUPS) (2017)Google Scholar
  16. 16.
    Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions Remystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC 2015, pp. 499–514. USENIX Association, Berkeley (2015)Google Scholar
  17. 17.
    Zawacki-Richter, O., Hohlfeld, G., Müskens, W.: Mediennutzung im studium. Schriftenreihe zum Bildungs-und Wissenschaftsmanagement 1(1) (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Lena Reinfelder
    • 1
    Email author
  • Andrea Schankin
    • 2
  • Sophie Russ
    • 1
  • Zinaida Benenson
    • 1
  1. 1.Computer Science DepartmentFriedrich-Alexander-Universität Erlangen-NürnbergErlangenGermany
  2. 2.Computer Science DepartmentKarlsruhe Institue of TechnologyKarlsruheGermany

Personalised recommendations