Making informed and conscious decisions: highlighted permissions to help users

In the globalized world of big data, people often do not pay much attention to personal data privacy. Do you know how to use smartphone apps? To put it differently, do you know where your personal data end up once you click the permission button?

Everybody talks about the importance of privacy, but it is still common to authorize mobile apps without being aware of the personal data collection.

Four researcher from MIT and Oxford University joined their efforts and proposed a study on users’ behavior to enhance the process of informed decision-making while authorizing an app.

Ilaria Liccardi, Joseph Pato, Daniel J. Weitzner, Hal Abelson, David De Roure presented their research at the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2014, which took place on December 2-5, 2014, in London, UK.

Firstly, the research highlights the main reasons why users do not usually pay much attention to personal data aspects or might find the information on the authorization of data collection unclear:

  1. Too many permission requests: users cannot notice relevant permissions among long lists of permissions.
  2. Misunderstanding of legitimate apps: apps that access personal information for functionality may appear suspicious even if they don’t have the ability to y to transmit data outside the phone
  3. Changing permission requests: an app might not initially request access to personal information, but add that permission in a later version.

An additional contribution to the study is that the researchers have experimented the theory by analyzing over 100 Android smartphone users discovering its real potential.  By changing the Google Play permission interface, they have noticed that most users, including non-experts, preferred to choose apps with less possible access to their personal data.

What exactly did they modify on the Google Play interface? Liccardi et al. introduced a quantitative measure (sensitivity score) of an app’s ability to reveal personal info and to draw attention to the significant permissions that contributed to this score. The goal? Obviously, to focus user’s attention on permissions that have the ability to access personal data.

As stated by the researchers: “These improvements are easily integratable within the current structures and policies of the Android permissions interface and have been designed to allow inexperienced users to understand the permission interface and make informed and conscious decisions about access to their personal data.”

Do not miss the details of the study. Click here to access the full paper.