A Participatory Privacy Protection Framework for Smart-Phone Application Default Settings

  • Haroon Elahi
  • Guojun WangEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)


In general, smart-phone users are incompetent and lack the skills and awareness required for effective privacy management. Regardless, they are expected to manage a large number of privacy settings including default application settings. Such settings are often permissive in nature, and enable privacy invasive activities like data over-collection. Recently, many solutions have been proposed to deal with this problem. But most of such solutions are: (1) domain specific, (2) they access privacy settings of other applications, or (3) require proficiency and extensive attention of users. Thus, in most cases: (1) problem is only partially addressed, (2) new privacy challenges are introduced, and/or (3) such solutions lead to an increase in cognitive loads of users. This paper proposes a non-intrusive and usable privacy protection framework. We use this framework to devise a usable, representative and nonintrusive solution. This framework intends to reduce privacy fatigues of users and proposes to promote democracy in privacy management by involving application providers, application marketplace, and smart-phone end-users to fairly distribute the privacy protection responsibility.


Data over-collection Personal data privacy Privacy expectations Application default settings Privacy testing 



This work was supported in part by the National Natural Science Foundation of China under Grant Numbers 61632009 and 61472451, in part by the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006 and in part by the High Level Talents Program of Higher Education in Guangdong Province under Grant 2016ZJ01.


  1. 1.
    Mueller, R., Schrittwieser, S., Fruehwirt, P., Kieseberg, P., Weippl, E.: Security and privacy of smartphone messaging applications. Int. J. Pervasive Comput. Commun. 11, 132–150 (2015). Scholar
  2. 2.
    Raval, N., Srivastava, A., Razeen, A., Lebeck, K., Machanavajjhala, A., Cox, L.P.: What you mark is what apps see. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services - MobiSys 2016, pp. 249–261. ACM Press, New York (2016)Google Scholar
  3. 3.
    Li, Y., Dai, W., Ming, Z., Qiu, M.: Privacy protection for preventing data over-collection in smart city. IEEE Trans. Comput. 65, 1339–1350 (2016). Scholar
  4. 4.
    Taylor, N.K., Papadopoulou, E., Gallacher, S., Williams, H.M.: Is there really a conflict between privacy and personalisation? In: Pooley, R., Coady, J., Schneider, C., Linger, H., Barry, C., Lang, M. (eds.) Information Systems Development. Springer, New York (2013). Scholar
  5. 5.
    Wiese Schartum, D.: Making privacy by design operative. Int. J. Law Inf. Technol. 24, 151–175 (2016). Scholar
  6. 6.
    Nofer, M.: The economic impact of privacy violations and security breaches – a laboratory experiment. In: Nofer, M. (ed.) The Value of Social Media for Predicting Stock Returns, pp. 89–108. Springer, Wiesbaden (2015). Scholar
  7. 7.
    Solon, O.: A grand illusion: seven days that shattered Facebook’s facade (2018).
  8. 8.
    Parker, F., Ophoff, J., Van Belle, J.-P., Karia, R.: Security awareness and adoption of security controls by smartphone users. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), pp. 99–104. IEEE (2015)Google Scholar
  9. 9.
    Zhu, J., Desai, B.C.: User agent and privacy compromise. In: Proceedings of the Eighth International C* Conference on Computer Science and Software Engineering - C3S2E 2015, pp. 38–45 (2008).
  10. 10.
    Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013). Scholar
  11. 11.
    Vecchiato, D., Vieira, M., Martins, E.: The perils of android security configuration. Comput. (Long. Beach. Calif.) 49, 15–21 (2016). Scholar
  12. 12.
    Watson, J., Lipford, H.R., Besmer, A.: Mapping user preference to privacy default settings. ACM Trans. Comput. Interact. 22, 20 (2015). Scholar
  13. 13.
    Vecchiato, D., Vieira, M., Martins, E.: A security configuration assessment for android devices. In: Proceedings of the 30th Annual Symposium on Applied Computing - SAC 2015, pp. 2299–2304 (2015).
  14. 14.
    Tschersich, M.: Configuration behavior of restrictive default privacy settings on social network sites. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP - 2014. LNCS, vol. 8872, pp. 77–94. Springer, Cham (2015). Scholar
  15. 15.
    Dogruel, L., Joeckel, S., Vitak, J.: The valuation of privacy premium features for smartphone apps: the influence of defaults and expert recommendations. Comput. Human Behav. 77, 230–239 (2017). Scholar
  16. 16.
    Hossain, A.A., Zhang, W.: Privacy and security concern of online social networks from user perspective. In: ICISSP 2015 - International Conference on Information Systems Security and Privacy, Proceedings, pp. 246–253. IEEE, Angers (2015)Google Scholar
  17. 17.
    Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J.I., Zhang, J.: Expectation and purpose : understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing - UbiComp 2012, p. 501. ACM Press, New York (2012)Google Scholar
  18. 18.
    Nakamura, T., Kiyomoto, S., Tesfay, W.B., Serna, J.: Easing the burden of setting privacy preferences: a machine learning approach. In: Camp, O., Furnell, S., Mori, P. (eds.) ICISSP 2016. CCIS, vol. 691, pp. 44–63. Springer, Cham (2017). Scholar
  19. 19.
    Jose, S.: Privacy-enhancing of user’s behaviour toward privacy settings in social networking sites. In: CHI Extended Abstract on Human Factors in Computing System, pp. 2758–2765 (2016).
  20. 20.
    Shah, R.C., Kesan, J.P.: Setting online policy with software defaults. Inf. Commun. Soc. 11, 989–1007 (2008). Scholar
  21. 21.
    Liu, Y.: User control of personal information concerning mobile-app: notice and consent? Comput. Law Secur. Rev. 30, 521–529 (2014). Scholar
  22. 22.
    Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347, 509–514 (2015). Scholar
  23. 23.
    Lin, J., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In: Tenth Symposium on Usable Privacy and Security (SOUPS) 2014, pp. 199–212. USENIX Association, Menlo Park (2014)Google Scholar
  24. 24.
    Reinhardt, D., Engelmann, F., Hollick, M.: Can i help you setting your privacy? A survey-based exploration of users’ attitudes towards privacy suggestions. In: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia, pp. 347–356. ACM (2015).
  25. 25.
    Egelman, S., Felt, A.P., Wagner, D.: Choice architecture and smartphone privacy: there’s a price for that. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 211–236. Springer, Heidelberg (2013). Scholar
  26. 26.
    Wang, N., Wisniewski, P., Xu, H., Grossklags, J.: Designing the default privacy settings for Facebook applications. In: Proceedings of the Companion Publication of the 17th ACM Conference on Computer Supported Cooperative Work & Social Computing - CSCW Companion 2014, pp. 249–252. ACM Press, New York (2014)Google Scholar
  27. 27.
    Reidenberg, J.R., et al.: Disagreeable privacy policies: mismatches between meaning and users’ understanding. Berkeley Technol. Law J. 30, 39–88 (2014). Scholar
  28. 28.
    Tsavli, M., Efraimidis, P.S., Katos, V., Mitrou, L.: Reengineering the user: privacy concerns about personal data on smartphones. Inf. Comput. Secur. 23, 394–405 (2015). Scholar
  29. 29.
    Jorgensen, Z., Chen, J., Gates, C.S., Li, N., Proctor, R.W., Yu, T.: Dimensions of risk in mobile applications. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy - CODASPY 2015, pp. 49–60. ACM Press, New York (2015)Google Scholar
  30. 30.
    Wang, Z., Yu, Q.: Privacy trust crisis of personal data in China in the era of big data: the survey and countermeasures. Comput. Law Secur. Rev. 31, 782–792 (2015). Scholar
  31. 31.
    Jonassen, D., Strobel, J., Lee, C.: Everyday Problem Solving in Engineering : Lessons for Engineering Educators (2006)Google Scholar
  32. 32.
    Feldman, J.: The simplicity principle concept learning in human. Psychol. Sci. 12, 227–232 (2010). Scholar
  33. 33.
    Buchan, J., Bano, M., Zowghi, D., MacDonell, S., Shinde, A.: Alignment of stakeholder expectations about user involvement in agile software development. In: Proceedings of the 21st International Conference on Evaluation and Assessment in Software Engineering – EASE 2017, pp. 334–343 (2017).
  34. 34.
    Taylor, V.F., Martinovic, I.: DEMO: starving permission-Hungry Android apps using SecuRank. In: Proceedings of the ACM Conference on Computer and Communications Security, 24–28 October, pp. 1850–1852 (2016).
  35. 35.
    Balebako, R., Marsh, A., Lin, J., Hong, J., Faith Cranor, L.: The privacy and security behaviors of smartphone app developers. In: Proceedings 2014 Workshop on Usable Security (2014)Google Scholar
  36. 36.
    Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors Computing Systems - CHI 2014, pp. 2647–2656 (2014).
  37. 37.
    Macey, J.R.: Promoting public-regarding legislation through statutory interpretation: an interest group model. Columbia Law Rev. Assoc. 86, 223–268 (1986)CrossRefGoogle Scholar
  38. 38.
    O’Grady, M.J., O’Hare, G.M.P., Donaghey, C.: Delivering adaptivity through context-awareness. J. Netw. Comput. Appl. 30, 1007–1033 (2007). Scholar
  39. 39.
    Baarslag, T., et al.: Negotiation as an interaction mechanism for deciding app permissions. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems - CHI EA 2016, pp. 2012–2019 (2016).

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of Computer Science and TechnologyGuangzhou UniversityGuangzhouP.R. China

Personalised recommendations