CMU-ISR-13-114
Institute for Software Research
School of Computer Science, Carnegie Mellon University



CMU-ISR-13-114

Reconciling Mobile App Privacy and Usability on Smartphones:
Could User Privacy Profiles Help?

Bin liu, Jialiu Lin, Norman Sadeh

December 2013

To appear in the
Proceedings of the 23rd International World Wide Web Conference (WWW2014).

Also appears as Computer Science Department
Technical Report CMU-CS-13-128.


CMU-ISR-13-114.pdf

Keywords: Mobile Security & Provacy, Android Permissions, Personalization

As they compete for developers, mobile app ecosystems have been exposing a growing number of APIs through their software development kits. Many of these APIs involve accessing sensitive functionality and/or user data and require approval by users. Android for instance allows developers to select from over 130 possible permissions. Expecting users to review and possibly adjust settings related to these permissions has proven unrealistic.

In this paper, we report on the results of a study analyzing people's privacy preferences when it comes to granting permissions to different mobile apps. Our results suggest that, while people's mobile app privacy preferences are diverse, a relatively small number of profiles can be identified that offer the promise of significantly simplifying the decisions mobile users have to make.

Specifically, our results are based on the analysis of settings of 4.8 million smartphone users of a mobile security and privacy platform. The platform relies on a rooted version of Android where users are allowed to choose between "granting", "denying" or "requesting to be dynamically prompted" when it comes to granting 12 different Android permissions to mobile apps they have downloaded.

19 pages


Return to: SCS Technical Report Collection
School of Computer Science

This page maintained by reports@cs.cmu.edu