The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions

Paul Gerber*, Melanie Volkamer, Karen Renaud

*Corresponding author for this work

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

One of the great innovations of the modern world is the Smartphone app. The sheer multitude of available apps attests to their popularity and general ability to satisfy our wants and needs. The flip side of the functionality these apps offer is their potential for privacy invasion. Apps can, if granted permission, gather a vast amount of very personal and sensitive information. App developers might exploit the combination of human propensities and the design of the Android permission-granting interface to gain permission to access more information than they really need. This compromises personal privacy. The fact that the Android is the globally dominant phone means widespread privacy invasion is a real concern.

We, and other researchers, have proposed alternatives to the Android permission-granting interface. The aim of these alternatives is to highlight privacy considerations more effectively during app installation: to ensure that privacy becomes part of the decision-making process. We report here on a study with 344 participants that compared the impact of a number of permission-granting interface proposals, including our own (called the COPING interface — COmprehensive PermIssioN Granting) and two Android interfaces. To conduct the comparison we carried out an online study with a mixed-model design.

Our main finding is that the focus in these interfaces ought to be on improving the quality of the provided information rather than merely simplifying the interface. The intuitive approach is to reduce and simplify information, but we discovered that this actually impairs the quality of the decision. Our recommendation is that further investigation is required in order to find the “sweet spot” where understandability and comprehensiveness are maximised.

Original languageEnglish
Pages (from-to)8-26
Number of pages19
JournalJournal of Information Security and Applications
Volume34
Issue numberPart 1
Early online date24 Nov 2016
DOIs
Publication statusPublished - 1 Jun 2017

Fingerprint

Application programs
Smartphones
Innovation
Decision making

Cite this

@article{316b224dbec84299acfa7ac74a06c14c,
title = "The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions",
abstract = "One of the great innovations of the modern world is the Smartphone app. The sheer multitude of available apps attests to their popularity and general ability to satisfy our wants and needs. The flip side of the functionality these apps offer is their potential for privacy invasion. Apps can, if granted permission, gather a vast amount of very personal and sensitive information. App developers might exploit the combination of human propensities and the design of the Android permission-granting interface to gain permission to access more information than they really need. This compromises personal privacy. The fact that the Android is the globally dominant phone means widespread privacy invasion is a real concern.We, and other researchers, have proposed alternatives to the Android permission-granting interface. The aim of these alternatives is to highlight privacy considerations more effectively during app installation: to ensure that privacy becomes part of the decision-making process. We report here on a study with 344 participants that compared the impact of a number of permission-granting interface proposals, including our own (called the COPING interface — COmprehensive PermIssioN Granting) and two Android interfaces. To conduct the comparison we carried out an online study with a mixed-model design.Our main finding is that the focus in these interfaces ought to be on improving the quality of the provided information rather than merely simplifying the interface. The intuitive approach is to reduce and simplify information, but we discovered that this actually impairs the quality of the decision. Our recommendation is that further investigation is required in order to find the “sweet spot” where understandability and comprehensiveness are maximised.",
author = "Paul Gerber and Melanie Volkamer and Karen Renaud",
year = "2017",
month = "6",
day = "1",
doi = "10.1016/j.jisa.2016.10.003",
language = "English",
volume = "34",
pages = "8--26",
journal = "Journal of Information Security and Applications",
issn = "2214-2134",
publisher = "Elsevier Limited",
number = "Part 1",

}

The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions. / Gerber, Paul; Volkamer, Melanie; Renaud, Karen.

In: Journal of Information Security and Applications, Vol. 34, No. Part 1, 01.06.2017, p. 8-26.

Research output: Contribution to journalArticle

TY - JOUR

T1 - The simpler, the better? Presenting the COPING Android permission-granting interface for better privacy-related decisions

AU - Gerber, Paul

AU - Volkamer, Melanie

AU - Renaud, Karen

PY - 2017/6/1

Y1 - 2017/6/1

N2 - One of the great innovations of the modern world is the Smartphone app. The sheer multitude of available apps attests to their popularity and general ability to satisfy our wants and needs. The flip side of the functionality these apps offer is their potential for privacy invasion. Apps can, if granted permission, gather a vast amount of very personal and sensitive information. App developers might exploit the combination of human propensities and the design of the Android permission-granting interface to gain permission to access more information than they really need. This compromises personal privacy. The fact that the Android is the globally dominant phone means widespread privacy invasion is a real concern.We, and other researchers, have proposed alternatives to the Android permission-granting interface. The aim of these alternatives is to highlight privacy considerations more effectively during app installation: to ensure that privacy becomes part of the decision-making process. We report here on a study with 344 participants that compared the impact of a number of permission-granting interface proposals, including our own (called the COPING interface — COmprehensive PermIssioN Granting) and two Android interfaces. To conduct the comparison we carried out an online study with a mixed-model design.Our main finding is that the focus in these interfaces ought to be on improving the quality of the provided information rather than merely simplifying the interface. The intuitive approach is to reduce and simplify information, but we discovered that this actually impairs the quality of the decision. Our recommendation is that further investigation is required in order to find the “sweet spot” where understandability and comprehensiveness are maximised.

AB - One of the great innovations of the modern world is the Smartphone app. The sheer multitude of available apps attests to their popularity and general ability to satisfy our wants and needs. The flip side of the functionality these apps offer is their potential for privacy invasion. Apps can, if granted permission, gather a vast amount of very personal and sensitive information. App developers might exploit the combination of human propensities and the design of the Android permission-granting interface to gain permission to access more information than they really need. This compromises personal privacy. The fact that the Android is the globally dominant phone means widespread privacy invasion is a real concern.We, and other researchers, have proposed alternatives to the Android permission-granting interface. The aim of these alternatives is to highlight privacy considerations more effectively during app installation: to ensure that privacy becomes part of the decision-making process. We report here on a study with 344 participants that compared the impact of a number of permission-granting interface proposals, including our own (called the COPING interface — COmprehensive PermIssioN Granting) and two Android interfaces. To conduct the comparison we carried out an online study with a mixed-model design.Our main finding is that the focus in these interfaces ought to be on improving the quality of the provided information rather than merely simplifying the interface. The intuitive approach is to reduce and simplify information, but we discovered that this actually impairs the quality of the decision. Our recommendation is that further investigation is required in order to find the “sweet spot” where understandability and comprehensiveness are maximised.

U2 - 10.1016/j.jisa.2016.10.003

DO - 10.1016/j.jisa.2016.10.003

M3 - Article

AN - SCOPUS:85007071991

VL - 34

SP - 8

EP - 26

JO - Journal of Information Security and Applications

JF - Journal of Information Security and Applications

SN - 2214-2134

IS - Part 1

ER -