Whenever users install a new application on their smart devices with an Android KitKat or Lollipop operating system they are asked to grant the application (app) provider access to features of the device, ranging from data storage to device location and from device identity to the users personal contacts. The implications on users' privacy and security are significant and therefore the users' ability to give informed consent is highly important. Previous work has identified low rates of user attention and comprehension to permission warnings and concluded that these fail to inform the majority of users. Here we focus on how users consider, interpret and react to differences in app permission information which is provided at three different instances of the app installation cycle: 1. Before installation in the Google Play Store 2. During the installation process 3. After installation in the Application Manager. The information provided in these instances varies considerably in its granularity and detail. For this purpose, an online survey was developed in which users were asked questions regarding the installation of a mirror app whose main functionality is to use the user facing camera of the phone to mirror the users face (i.e. display an image of the face) on the phone's screen. The survey participants were shown screen shots of the app description as presented in the Google Play Store as well as of the various permission lists as they appear on the screen of the phone. The questions focused on the respondents' perceptions and their hypothetical choices with regard to the installation of this app. Results show that the various presentations of permission information in Android versions KitKat or Lollipop cause concern and irritate a majority (51.67%) of users, especially those with some basic IT expertise. We conclude that the contextualization of app features and functionalities with the corresponding permissions needs to be improved especially for users with little IT expertise. Further user permission information should be made available at different and consistent levels of granularity.

Ramachandran, S., Dimitri, A., Galinium, M., Tahir, M., Ananth, I.v., Schunck, C., et al. (2017). Understanding and granting android permissions: A user survey. In 2017 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST) (pp.1-6). IEEE [10.1109/CCST.2017.8167834].

Understanding and granting android permissions: A user survey

Dimitri A.;Schunck C.
;
Talamo M.
2017-01-01

Abstract

Whenever users install a new application on their smart devices with an Android KitKat or Lollipop operating system they are asked to grant the application (app) provider access to features of the device, ranging from data storage to device location and from device identity to the users personal contacts. The implications on users' privacy and security are significant and therefore the users' ability to give informed consent is highly important. Previous work has identified low rates of user attention and comprehension to permission warnings and concluded that these fail to inform the majority of users. Here we focus on how users consider, interpret and react to differences in app permission information which is provided at three different instances of the app installation cycle: 1. Before installation in the Google Play Store 2. During the installation process 3. After installation in the Application Manager. The information provided in these instances varies considerably in its granularity and detail. For this purpose, an online survey was developed in which users were asked questions regarding the installation of a mirror app whose main functionality is to use the user facing camera of the phone to mirror the users face (i.e. display an image of the face) on the phone's screen. The survey participants were shown screen shots of the app description as presented in the Google Play Store as well as of the various permission lists as they appear on the screen of the phone. The questions focused on the respondents' perceptions and their hypothetical choices with regard to the installation of this app. Results show that the various presentations of permission information in Android versions KitKat or Lollipop cause concern and irritate a majority (51.67%) of users, especially those with some basic IT expertise. We conclude that the contextualization of app features and functionalities with the corresponding permissions needs to be improved especially for users with little IT expertise. Further user permission information should be made available at different and consistent levels of granularity.
2017 International Carnahan Conference on Security Technology (ICCST)
Madrid, Spain
2017
Rilevanza internazionale
2017
Settore INF/01 - INFORMATICA
Settore FIS/01 - FISICA SPERIMENTALE
English
https://ieeexplore.ieee.org/document/8167834/
Intervento a convegno
Ramachandran, S., Dimitri, A., Galinium, M., Tahir, M., Ananth, I.v., Schunck, C., et al. (2017). Understanding and granting android permissions: A user survey. In 2017 INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST) (pp.1-6). IEEE [10.1109/CCST.2017.8167834].
Ramachandran, S; Dimitri, A; Galinium, M; Tahir, M; Ananth, Iv; Schunck, C; Talamo, M
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2108/198461
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 7
social impact