Abstract
We present an educative self-assessment app intended to increase awareness of app-related privacy risks. The privacy impact self-assessment (PISA) app is intended to stimulate smartphone user reflection over risks of data sharing and data extraction from their smartphones. An interactive user interface performs an end-user targeted dialogue about apps using personas with a variety of vulnerabilities. The guided dialogue about threats is intended to engage the user’s reflection about own app risk. We describe the underlying model and interaction design, summarize the personas and discuss the user interfaces implemented in the app.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
NFR ALerT project homepage, https://www.nr.no/en/projects/alert-awareness-learning-tools-data-sharing-everywhere, accessed 2020-03-04.
References
Aasbrenn, S., et al.: Dare to share - a bachelor thesis for norwegian computing center. Technical report, Dept. of Computer Science, Norwegian University of Science and Technology (NTNU) (2019)
Andrews, G.: User personas for privacy and security. web pages. https://medium.com/@gusandrews/user-personas-for-privacy-and-security-a8b35ae5a63b, https://medium.com/@gusandrews/user-personas-for-privacy-and-security-a8b35ae5a63b. Accessed 27 Feb 2020
Bergen, E., Solberg, D.F., Sæthre, T.H., Divitini, M.: Supporting the co-design of games for privacy awareness. In: Auer, M.E., Tsiatsos, T. (eds.) ICL 2018. AISC, vol. 916, pp. 888–899. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-11932-4_82
Carlsson, A., Pedersen, C., Persson, F., Söderlund, G.: Kaudroid: a tool that will spy on applications and how they spy on their users. Technical report, Karlstad University, Department of Mathematics and Computer Science (2018). http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-66090
De, S.J., Le Métayer, D.: PRIAM: a privacy risk analysis methodology. In: Livraga, G., Torra, V., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA -2016. LNCS, vol. 9963, pp. 221–229. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47072-6_15
Dupree, J.L., Devries, R., Berry, D.M., Lank, E.: Privacy personas: clustering users via attitudes and behaviors toward security practices. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI 2016, pp. 5228–5239. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2858036.2858214
ENISA: Guidelines for smes on the security of personal data processing. Technical report TP-05-16-090-EN-N11, European Union Agency For Network and Information Security (ENISA) (2016). https://doi.org/10.2824/867415
Fritsch, L.: Partial commitment – “Try Before You Buy” and “Buyer’s Remorse” for personal data in big data & machine learning. In: Steghöfer, J.-P., Esfandiari, B. (eds.) IFIPTM 2017. IFIP AICT, vol. 505, pp. 3–11. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59171-1_1
Fritsch, L., Momen, N.: Derived partial identities generated from app permissions. In: Proceedings of the Open Identity Summit (OID) 2017. LNI, vol. 277. Gesellschaft für Informatik (2017)
Fromell, A.: Performing algorithmic power: ‘dysconnect’ as digital political dramaturgy (2019)
Hatamian, M., Momen, N., Fritsch, L., Rannenberg, K.: A multilateral privacy impact analysis method for android apps. In: Naldi, M., Italiano, G.F., Rannenberg, K., Medina, M., Bourka, A. (eds.) APF 2019. LNCS, vol. 11498, pp. 87–106. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21752-5_7
Mangafic, A.: Artistic control of side effects in playpod by scripting and game loop technology (2019)
Momen, N.: Towards measuring apps’ privacy-friendliness (licentiate dissertation). Technical report 2018:31, Karlstad University, Department of Mathematics and Computer Science (2018). http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-68569
Momen, N., Fritsch, L.: App-generated digital identities extracted through android permission-based data access-a survey of app privacy. In: Proceedings SICHERHEIT 2020, LNI. Gesellschaft für Informatik eV (2020). https://doi.org/10.18420/sicherheit2020_01
Momen, N., Hatamian, M., Fritsch, L.: Did app privacy improve after the gdpr? IEEE Security & Privacy 17(6), 10–20, November-December 2019. https://doi.org/10.1109/MSEC.2019.2938445
Momen, N., Pulls, T., Fritsch, L., Lindskog, S.: How much privilege does an app need? investigating resource usage of android apps (short paper). In: 2017 15th Annual Conference on Privacy, Security and Trust (PST), pp. 2268–2685, August 2017. https://doi.org/10.1109/PST.2017.00039, https://ieeexplore.ieee.org/document/8476943
Murmann, P., Fischer-Hübner, S.: Tools for achieving usable ex post transparency: a survey. IEEE Access 5, 22965–22991 (2017)
Pfitzmann, A., Hansen, M.: Anonymity, unlinkability, unobservability, pseudonymity, and identity management-a consolidated proposal for terminology. In: Designing privacy enhancing technologies, pp. 1–9. Technische Universität Dresden, 10 August 2010
Sundberg, S., Blomqvist, A., Bromander, A.: Kaudroid-project report: Visualizing how android apps utilize permissions. report, Karlstad University (2019). http://kau.diva-portal.org/smash/record.jsf?pid=diva2:1282064
Toresson, L., Olars, S., Shaker, M.: Privacy impact self-assessment app. Technical report, Karlstad University, Department of Mathematics and Computer Science (2020). http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-76317
Wahlberg, M., Larsson, D., Steinvall, D., Mangafic, A.: Playpod: Multi-medial enhancement of audio theatre on android smartphones. Technical report, Karlstad University (2019). http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-70812
Acknowledgements
This article is partially funded by the ALerT project, Research Council of Norway, IKTPLUSS 2017–2021. We thank Nurul Momen and Patrick Murmann (Karlstad University) for their feedback and support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Toresson, L., Shaker, M., Olars, S., Fritsch, L. (2020). PISA: A Privacy Impact Self-assessment App Using Personas to Relate App Behavior to Risks to Smartphone Users. In: Stephanidis, C., Antona, M. (eds) HCI International 2020 - Posters. HCII 2020. Communications in Computer and Information Science, vol 1226. Springer, Cham. https://doi.org/10.1007/978-3-030-50732-9_79
Download citation
DOI: https://doi.org/10.1007/978-3-030-50732-9_79
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50731-2
Online ISBN: 978-3-030-50732-9
eBook Packages: Computer ScienceComputer Science (R0)