Advertisement

A Participatory Privacy Protection Framework for Smart-Phone Application Default Settings

  • Haroon Elahi
  • Guojun WangEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 969)

Abstract

In general, smart-phone users are incompetent and lack the skills and awareness required for effective privacy management. Regardless, they are expected to manage a large number of privacy settings including default application settings. Such settings are often permissive in nature, and enable privacy invasive activities like data over-collection. Recently, many solutions have been proposed to deal with this problem. But most of such solutions are: (1) domain specific, (2) they access privacy settings of other applications, or (3) require proficiency and extensive attention of users. Thus, in most cases: (1) problem is only partially addressed, (2) new privacy challenges are introduced, and/or (3) such solutions lead to an increase in cognitive loads of users. This paper proposes a non-intrusive and usable privacy protection framework. We use this framework to devise a usable, representative and nonintrusive solution. This framework intends to reduce privacy fatigues of users and proposes to promote democracy in privacy management by involving application providers, application marketplace, and smart-phone end-users to fairly distribute the privacy protection responsibility.

Keywords

Data over-collection Personal data privacy Privacy expectations Application default settings Privacy testing 

Notes

Acknowledgments

This work was supported in part by the National Natural Science Foundation of China under Grant Numbers 61632009 and 61472451, in part by the Guangdong Provincial Natural Science Foundation under Grant 2017A030308006 and in part by the High Level Talents Program of Higher Education in Guangdong Province under Grant 2016ZJ01.

References

  1. 1.
    Mueller, R., Schrittwieser, S., Fruehwirt, P., Kieseberg, P., Weippl, E.: Security and privacy of smartphone messaging applications. Int. J. Pervasive Comput. Commun. 11, 132–150 (2015).  https://doi.org/10.1108/IJPCC-04-2015-0020CrossRefGoogle Scholar
  2. 2.
    Raval, N., Srivastava, A., Razeen, A., Lebeck, K., Machanavajjhala, A., Cox, L.P.: What you mark is what apps see. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services - MobiSys 2016, pp. 249–261. ACM Press, New York (2016)Google Scholar
  3. 3.
    Li, Y., Dai, W., Ming, Z., Qiu, M.: Privacy protection for preventing data over-collection in smart city. IEEE Trans. Comput. 65, 1339–1350 (2016).  https://doi.org/10.1109/TC.2015.2470247MathSciNetCrossRefGoogle Scholar
  4. 4.
    Taylor, N.K., Papadopoulou, E., Gallacher, S., Williams, H.M.: Is there really a conflict between privacy and personalisation? In: Pooley, R., Coady, J., Schneider, C., Linger, H., Barry, C., Lang, M. (eds.) Information Systems Development. Springer, New York (2013).  https://doi.org/10.1007/978-1-4614-4951-5_1CrossRefGoogle Scholar
  5. 5.
    Wiese Schartum, D.: Making privacy by design operative. Int. J. Law Inf. Technol. 24, 151–175 (2016).  https://doi.org/10.1093/ijlit/eaw002CrossRefGoogle Scholar
  6. 6.
    Nofer, M.: The economic impact of privacy violations and security breaches – a laboratory experiment. In: Nofer, M. (ed.) The Value of Social Media for Predicting Stock Returns, pp. 89–108. Springer, Wiesbaden (2015).  https://doi.org/10.1007/978-3-658-09508-6_5CrossRefGoogle Scholar
  7. 7.
    Solon, O.: A grand illusion: seven days that shattered Facebook’s facade (2018). https://www.theguardian.com/technology/2018/mar/24/cambridge-analytica-week-that-shattered-facebook-privacy
  8. 8.
    Parker, F., Ophoff, J., Van Belle, J.-P., Karia, R.: Security awareness and adoption of security controls by smartphone users. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), pp. 99–104. IEEE (2015)Google Scholar
  9. 9.
    Zhu, J., Desai, B.C.: User agent and privacy compromise. In: Proceedings of the Eighth International C* Conference on Computer Science and Software Engineering - C3S2E 2015, pp. 38–45 (2008).  https://doi.org/10.1145/2790798.2790803
  10. 10.
    Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? Security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013).  https://doi.org/10.1016/j.cose.2012.11.004CrossRefGoogle Scholar
  11. 11.
    Vecchiato, D., Vieira, M., Martins, E.: The perils of android security configuration. Comput. (Long. Beach. Calif.) 49, 15–21 (2016).  https://doi.org/10.1109/mc.2016.184CrossRefGoogle Scholar
  12. 12.
    Watson, J., Lipford, H.R., Besmer, A.: Mapping user preference to privacy default settings. ACM Trans. Comput. Interact. 22, 20 (2015).  https://doi.org/10.1145/2811257CrossRefGoogle Scholar
  13. 13.
    Vecchiato, D., Vieira, M., Martins, E.: A security configuration assessment for android devices. In: Proceedings of the 30th Annual Symposium on Applied Computing - SAC 2015, pp. 2299–2304 (2015).  https://doi.org/10.1145/2695664.2695679
  14. 14.
    Tschersich, M.: Configuration behavior of restrictive default privacy settings on social network sites. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP - 2014. LNCS, vol. 8872, pp. 77–94. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-17016-9_6CrossRefGoogle Scholar
  15. 15.
    Dogruel, L., Joeckel, S., Vitak, J.: The valuation of privacy premium features for smartphone apps: the influence of defaults and expert recommendations. Comput. Human Behav. 77, 230–239 (2017).  https://doi.org/10.1016/j.chb.2017.08.035CrossRefGoogle Scholar
  16. 16.
    Hossain, A.A., Zhang, W.: Privacy and security concern of online social networks from user perspective. In: ICISSP 2015 - International Conference on Information Systems Security and Privacy, Proceedings, pp. 246–253. IEEE, Angers (2015)Google Scholar
  17. 17.
    Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J.I., Zhang, J.: Expectation and purpose : understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing - UbiComp 2012, p. 501. ACM Press, New York (2012)Google Scholar
  18. 18.
    Nakamura, T., Kiyomoto, S., Tesfay, W.B., Serna, J.: Easing the burden of setting privacy preferences: a machine learning approach. In: Camp, O., Furnell, S., Mori, P. (eds.) ICISSP 2016. CCIS, vol. 691, pp. 44–63. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-54433-5_4CrossRefGoogle Scholar
  19. 19.
    Jose, S.: Privacy-enhancing of user’s behaviour toward privacy settings in social networking sites. In: CHI Extended Abstract on Human Factors in Computing System, pp. 2758–2765 (2016).  https://doi.org/10.1145/2851581.2892508
  20. 20.
    Shah, R.C., Kesan, J.P.: Setting online policy with software defaults. Inf. Commun. Soc. 11, 989–1007 (2008).  https://doi.org/10.1080/13691180802109097CrossRefGoogle Scholar
  21. 21.
    Liu, Y.: User control of personal information concerning mobile-app: notice and consent? Comput. Law Secur. Rev. 30, 521–529 (2014).  https://doi.org/10.1016/j.clsr.2014.07.008CrossRefGoogle Scholar
  22. 22.
    Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347, 509–514 (2015).  https://doi.org/10.1126/science.aaa1465CrossRefGoogle Scholar
  23. 23.
    Lin, J., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: restoring usability in a sea of permission settings. In: Tenth Symposium on Usable Privacy and Security (SOUPS) 2014, pp. 199–212. USENIX Association, Menlo Park (2014)Google Scholar
  24. 24.
    Reinhardt, D., Engelmann, F., Hollick, M.: Can i help you setting your privacy? A survey-based exploration of users’ attitudes towards privacy suggestions. In: Proceedings of the 13th International Conference on Advances in Mobile Computing and Multimedia, pp. 347–356. ACM (2015).  https://doi.org/10.1145/2837126.2837130
  25. 25.
    Egelman, S., Felt, A.P., Wagner, D.: Choice architecture and smartphone privacy: there’s a price for that. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 211–236. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39498-0_10CrossRefGoogle Scholar
  26. 26.
    Wang, N., Wisniewski, P., Xu, H., Grossklags, J.: Designing the default privacy settings for Facebook applications. In: Proceedings of the Companion Publication of the 17th ACM Conference on Computer Supported Cooperative Work & Social Computing - CSCW Companion 2014, pp. 249–252. ACM Press, New York (2014)Google Scholar
  27. 27.
    Reidenberg, J.R., et al.: Disagreeable privacy policies: mismatches between meaning and users’ understanding. Berkeley Technol. Law J. 30, 39–88 (2014).  https://doi.org/10.15779/Z384K33CrossRefGoogle Scholar
  28. 28.
    Tsavli, M., Efraimidis, P.S., Katos, V., Mitrou, L.: Reengineering the user: privacy concerns about personal data on smartphones. Inf. Comput. Secur. 23, 394–405 (2015).  https://doi.org/10.1108/ICS-10-2014-0071CrossRefGoogle Scholar
  29. 29.
    Jorgensen, Z., Chen, J., Gates, C.S., Li, N., Proctor, R.W., Yu, T.: Dimensions of risk in mobile applications. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy - CODASPY 2015, pp. 49–60. ACM Press, New York (2015)Google Scholar
  30. 30.
    Wang, Z., Yu, Q.: Privacy trust crisis of personal data in China in the era of big data: the survey and countermeasures. Comput. Law Secur. Rev. 31, 782–792 (2015).  https://doi.org/10.1016/j.clsr.2015.08.006CrossRefGoogle Scholar
  31. 31.
    Jonassen, D., Strobel, J., Lee, C.: Everyday Problem Solving in Engineering : Lessons for Engineering Educators (2006)Google Scholar
  32. 32.
    Feldman, J.: The simplicity principle concept learning in human. Psychol. Sci. 12, 227–232 (2010).  https://doi.org/10.1046/j.0963-7214.2003.01267.xCrossRefGoogle Scholar
  33. 33.
    Buchan, J., Bano, M., Zowghi, D., MacDonell, S., Shinde, A.: Alignment of stakeholder expectations about user involvement in agile software development. In: Proceedings of the 21st International Conference on Evaluation and Assessment in Software Engineering – EASE 2017, pp. 334–343 (2017).  https://doi.org/10.1145/3084226.3084251
  34. 34.
    Taylor, V.F., Martinovic, I.: DEMO: starving permission-Hungry Android apps using SecuRank. In: Proceedings of the ACM Conference on Computer and Communications Security, 24–28 October, pp. 1850–1852 (2016).  https://doi.org/10.1145/2976749.2989032
  35. 35.
    Balebako, R., Marsh, A., Lin, J., Hong, J., Faith Cranor, L.: The privacy and security behaviors of smartphone app developers. In: Proceedings 2014 Workshop on Usable Security (2014)Google Scholar
  36. 36.
    Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors Computing Systems - CHI 2014, pp. 2647–2656 (2014).  https://doi.org/10.1145/2556288.2556978
  37. 37.
    Macey, J.R.: Promoting public-regarding legislation through statutory interpretation: an interest group model. Columbia Law Rev. Assoc. 86, 223–268 (1986)CrossRefGoogle Scholar
  38. 38.
    O’Grady, M.J., O’Hare, G.M.P., Donaghey, C.: Delivering adaptivity through context-awareness. J. Netw. Comput. Appl. 30, 1007–1033 (2007).  https://doi.org/10.1016/j.jnca.2005.12.008CrossRefGoogle Scholar
  39. 39.
    Baarslag, T., et al.: Negotiation as an interaction mechanism for deciding app permissions. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems - CHI EA 2016, pp. 2012–2019 (2016).  https://doi.org/10.1145/2851581.2892340

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of Computer Science and TechnologyGuangzhou UniversityGuangzhouP.R. China

Personalised recommendations