DeepAI AI Chat
Log In Sign Up

Exposures Exposed: A Measurement and User Study to Assess Mobile Data Privacy in Context

08/19/2020
by   Evita Bakopoulou, et al.
0

Mobile devices have access to personal, potentially sensitive data, and there is a large number of mobile applications and third-party libraries that transmit this information over the network to remote servers (including app developer servers and third party servers). In this paper, we are interested in better understanding of not just the extent of personally identifiable information (PII) exposure, but also its context i.e., functionality of the app, destination server, encryption used, etc.) and the risk perceived by mobile users today. To that end we take two steps. First, we perform a measurement study: we collect a new dataset via manual and automatic testing and capture the exposure of 16 PII types from 400 most popular Android apps. We analyze these exposures and provide insights into the extent and patterns of mobile apps sharing PII, which can be later used for prediction and prevention. Second, we perform a user study with 220 participants on Amazon Mechanical Turk: we summarize the results of the measurement study in categories, present them in a realistic context, and assess users' understanding, concern, and willingness to take action. To the best of our knowledge, our user study is the first to collect and analyze user input in such fine granularity and on actual (not just potential or permitted) privacy exposures on mobile devices. Although many users did not initially understand the full implications of their PII being exposed, after being better informed through the study, they became appreciative and interested in better privacy practices.

READ FULL TEXT

page 3

page 6

page 7

page 8

page 10

page 11

page 12

page 13

01/31/2020

A Tool for Conducting User Studies on Mobile Devices

With the ever-growing interest in the area of mobile information retriev...
11/14/2022

Buying Privacy: User Perceptions of Privacy Threats from Mobile Apps

As technology and technology companies have grown in power, ubiquity, an...
06/04/2021

You can't always get what you want: towards user-controlled privacy on Android

Mobile applications (hereafter, apps) collect a plethora of information ...
11/02/2022

Self-assess Momentary Mood in Mobile Devices: a Case Study with Mature Female Participants

Starting from the assumption that mood has a central role in domain-spec...
11/19/2020

KeyGuard: Using Selective Encryption to Mitigate Keylogging in Third-Party IME

As mobile devices become ubiquitous, people around the world have enjoye...
08/25/2022

Snooping on Snoopers: Logging as a Security Response to Physical Attacks on Mobile Devices

When users leave their mobile devices unattended, or let others use them...
04/13/2022

Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps

Video conferencing apps (VCAs) make it possible for previously private s...