Exposures Exposed: A Measurement and User Study to Assess Mobile Data Privacy in Context

by   Evita Bakopoulou, et al.

Mobile devices have access to personal, potentially sensitive data, and there is a large number of mobile applications and third-party libraries that transmit this information over the network to remote servers (including app developer servers and third party servers). In this paper, we are interested in better understanding of not just the extent of personally identifiable information (PII) exposure, but also its context i.e., functionality of the app, destination server, encryption used, etc.) and the risk perceived by mobile users today. To that end we take two steps. First, we perform a measurement study: we collect a new dataset via manual and automatic testing and capture the exposure of 16 PII types from 400 most popular Android apps. We analyze these exposures and provide insights into the extent and patterns of mobile apps sharing PII, which can be later used for prediction and prevention. Second, we perform a user study with 220 participants on Amazon Mechanical Turk: we summarize the results of the measurement study in categories, present them in a realistic context, and assess users' understanding, concern, and willingness to take action. To the best of our knowledge, our user study is the first to collect and analyze user input in such fine granularity and on actual (not just potential or permitted) privacy exposures on mobile devices. Although many users did not initially understand the full implications of their PII being exposed, after being better informed through the study, they became appreciative and interested in better privacy practices.


page 3

page 6

page 7

page 8

page 10

page 11

page 12

page 13


A Tool for Conducting User Studies on Mobile Devices

With the ever-growing interest in the area of mobile information retriev...

Buying Privacy: User Perceptions of Privacy Threats from Mobile Apps

As technology and technology companies have grown in power, ubiquity, an...

You can't always get what you want: towards user-controlled privacy on Android

Mobile applications (hereafter, apps) collect a plethora of information ...

Self-assess Momentary Mood in Mobile Devices: a Case Study with Mature Female Participants

Starting from the assumption that mood has a central role in domain-spec...

KeyGuard: Using Selective Encryption to Mitigate Keylogging in Third-Party IME

As mobile devices become ubiquitous, people around the world have enjoye...

Towards Understanding Connections between Security/Privacy Attitudes and Unlock Authentication

In this study, we examine the ways in which user attitudes towards priva...

Snooping on Snoopers: Logging as a Security Response to Physical Attacks on Mobile Devices

When users leave their mobile devices unattended, or let others use them...

Please sign up or login with your details

Forgot password? Click here to reset