Skip to main content

An Inquiry into Perception and Usage of Smartphone Permission Models

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11033))

Included in the following conference series:

Abstract

Initially, Android and iOS took different approaches to protect users’ privacy from third-party apps by means of permissions. The old Android permission model has been repeatedly criticized for its poor usability, whereas the runtime permission model of iOS received relatively low attention in the usable security community. Since October 2015, Android also implements the runtime permission model. We compare perception and usefulness of the respective permission models by three groups: users of old Android, runtime Android and iOS permissions. To this end, we conducted a survey with over 800 respondents. The results indicate that both permission types are reportedly utilized by users for decision making regarding app usage. However, runtime permissions in Android and iOS are perceived as more useful than the old Android permissions. Users also show a more positive attitude towards the runtime permission model independently of the smartphone operating system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Previous iOS versions asked for runtime permissions for location data, but most other data types could be accessed freely by the apps.

  2. 2.

    “Reportedly” means that we ask users how they utilize permissions, but do not measure their actual behavior, which is out of scope of this study.

  3. 3.

    We were concerned that users that recently switched from Android to iOS or vice versa might confound both permission models in their answers, and thus might not be able to provide consistent answers regarding permissions. However, this threat to validity was later mitigated by the data analysis, see Sect. 3.3.

  4. 4.

    We took special care to guide participants through the process of finding out the version of their operating system, accounting for different interfaces of various Android manufacturers.

  5. 5.

    The study was conducted in October 2016, such that users that have been using OS since 2014 have more than 1,5 years of experience with it.

References

  1. Almuhimedi, H., et al.: Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796. ACM (2015)

    Google Scholar 

  2. Andriotis, P., Sasse, M.A., Stringhini, G.: Permissions snapshots: assessing users’ adaptation to the android runtime permission model. In: IEEE International Workshop on Information Forensics and Security (WIFS) (2016)

    Google Scholar 

  3. Benton, K., Camp, L.J., Garg, V.: Studying the effectiveness of android application permissions requests. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 291–296, March 2013

    Google Scholar 

  4. Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with android’s runtime permission dialogs using in-context surveys. USENIX Association (2017)

    Google Scholar 

  5. Cohen, J.: Statistical Power Analysis for the Behavioral Sciences, pp. 20–26. Lawrence Earlbaum Associates, Hillsdale (1988)

    MATH  Google Scholar 

  6. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 3:1–3:14. ACM, New York (2012)

    Google Scholar 

  7. Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, pp. 2647–2656. ACM (2014)

    Google Scholar 

  8. Jung, J., Han, S., Wetherall, D.: Short paper: enhancing mobile application permissions with runtime feedback and constraints. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 45–50. ACM (2012)

    Google Scholar 

  9. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an Android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6

    Chapter  Google Scholar 

  10. Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2013, pp. 3393–3402. ACM, New York (2013)

    Google Scholar 

  11. Kraus, L., Wechsung, I., Möller, S.: Using statistical information to communicate android permission risks to users. In: 2014 Workshop on Socio-Technical Aspects in Security and Trust, pp. 48–55, July 2014

    Google Scholar 

  12. Micinski, K., Votipka, D., Stevens, R., Kofinas, N., Mazurek, M.L., Foster, J.S.: User interactions and permission use on android. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 362–373. ACM (2017)

    Google Scholar 

  13. Tan, J., et al.: The effect of developer-specified explanations for permission requests on smartphone user behavior. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 91–100. ACM (2014)

    Google Scholar 

  14. Thompson, C., Johnson, M., Egelman, S., Wagner, D., King, J.: When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, p. 1. ACM (2013)

    Google Scholar 

  15. Tsai, L., et al.: Turtle Guard: helping android users apply contextual privacy preferences. In: Symposium on Usable Privacy and Security (SOUPS) (2017)

    Google Scholar 

  16. Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., Beznosov, K.: Android permissions Remystified: a field study on contextual integrity. In: Proceedings of the 24th USENIX Conference on Security Symposium, SEC 2015, pp. 499–514. USENIX Association, Berkeley (2015)

    Google Scholar 

  17. Zawacki-Richter, O., Hohlfeld, G., Müskens, W.: Mediennutzung im studium. Schriftenreihe zum Bildungs-und Wissenschaftsmanagement 1(1) (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Lena Reinfelder .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Reinfelder, L., Schankin, A., Russ, S., Benenson, Z. (2018). An Inquiry into Perception and Usage of Smartphone Permission Models. In: Furnell, S., Mouratidis, H., Pernul, G. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2018. Lecture Notes in Computer Science(), vol 11033. Springer, Cham. https://doi.org/10.1007/978-3-319-98385-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98385-1_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98384-4

  • Online ISBN: 978-3-319-98385-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics