More Web Proxy on the site http://driver.im/

research-article

Open access

Won't You Think of Others?: Interdependent Privacy in Smartphone App Permissions

Authors:

Maximilian Marsch,

Jens Grossklags,

Sameer PatilAuthors Info & Claims

Proceedings of the ACM on Human-Computer Interaction, Volume 5, Issue CSCW2

Article No.: 437, Pages 1 - 35

https://doi.org/10.1145/3479581

Published: 18 October 2021 Publication History

Abstract

The ever increasing amount of data on smartphones often contains private information of others that people interact with via the device. As a result, one user's decisions regarding app permissions can expose the information of other parties. However, research typically focuses on consequences of privacy-related decisions only for the user who makes the decisions. Work on the impact of these decisions on the privacy of others is still relatively scant. We fill this gap with an online study that extends prior work on interdependent privacy in social networking sites to the context of smartphone permissions. Our findings indicate that people typically give less consideration to the implications of their actions for the privacy of others compared to the impact on themselves. However, we found that priming people with information that features others can help reduce this discrepancy. We apply this insight to offer suggestions for enhancing permission-specification interfaces and system architectures to accommodate interdependent privacy.

References

[1]

Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick McDaniel, and Matthew Smith. 2016. SoK: Lessons Learned from Android Security Research for Appified Software Platforms. In 2016 IEEE Symposium on Security and Privacy (San Jose, CA, USA) (IEEE S&P '16). Institute of Electrical and Electronics Engineers, 433--451. https://doi.org/10.1109/SP.2016.33

[2]

Alessandro Acquisti. 2009. Nudging Privacy: The Behavioral Economics of Personal Information. IEEE Security & Privacy, Vol. 7, 6 (2009), 82--85. https://doi.org/10.1109/MSP.2009.163

Digital Library

[3]

Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and Human Behavior in the Age of Information. Science, Vol. 347, 6221 (2015), 509--514. https://doi.org/10.1126/science.aaa1465

[4]

Alessandro Acquisti, Curtis Taylor, and Liad Wagman. 2016. The Economics of Privacy. Journal of Economic Literature, Vol. 54, 2 (June 2016), 442--492. https://doi.org/10.1257/jel.54.2.442

[5]

Herman Aguinis and Kyle J. Bradley. 2014. Best Practice Recommendations for Designing and Implementing Experimental Vignette Methodology Studies. Organizational Research Methods, Vol. 17, 4 (2014), 351--371. https://doi.org/10.1177/1094428114547952

[6]

Mohammed M. Alani. 2017. Android Users Privacy Awareness Survey. International Journal of Interactive Mobile Technologies (iJIM), Vol. 11, 3 (2017), 130--144. https://doi.org/10.3991/ijim.v11i3.6605

[7]

Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your Location Has Been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). Association for Computing Machinery, New York, NY, USA, 787--796. https://doi.org/10.1145/2702123.2702210

Digital Library

[8]

Mary Jean Amon, Rakibul Hasan, Kurt Hugenberg, Bennett I. Bertenthal, and Apu Kapadia. 2020. Influencing Photo Sharing Decisions on Social Media: A Case of Paradoxical Findings. In 2020 IEEE Symposium on Security and Privacy (San Francisco, CA, USA) (IEEE S&P '20). Institute of Electrical and Electronics Engineers, 1350--1366. https://doi.org/10.1109/SP40000.2020.00006

[9]

AppCensus. 2020. 1,000 Mobile Apps in Australia: A Report for the ACCC. (24 sept 2020). https://www.accc.gov.au/system/files/1%2C000%20Mobile%20Apps%20in%20Australia%20%E2%80%93%20A%20Report%20for%20the%20ACCC%2C%20AppCensus_0.pdf Accessed: 2021-08--22.

[10]

Peter M. Aronow, Jonathon Baron, and Lauren Pinson. 2019. A Note on Dropping Experimental Subjects who Fail a Manipulation Check. Political Analysis, Vol. 27, 4 (2019), 572--589. https://doi.org/10.1017/pan.2019.5

[11]

Gergely Biczók and Pern Hui Chia. 2013. Interdependent Privacy: Let Me Share Your Data. In Financial Cryptography and Data Security, Ahmad-Reza Sadeghi (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 338--353. https://doi.org/10.1007/978--3--642--39884--1_29

[12]

danah boyd. 2012. Networked Privacy. Surveillance & Society, Vol. 10, 3 (2012), 348--350. https://doi.org/10.24908/ss.v10i3/4.4529

[13]

Jin Chen, Jerry Wenjie Ping, Yunjie Xu, and Bernard C. Y. Tan. 2015. Information Privacy Concern about Peer Disclosure in Online Social Networks. IEEE Transactions on Engineering Management, Vol. 62, 3 (2015), 311--324. https://doi.org/10.1109/TEM.2015.2432117

[14]

Mauro Cherubini, Kavous Salehzadeh Niksirat, Marc-Olivier Boldi, Henri Keopraseuth, Jose M. Such, and Kévin Huguenin. 2021. When Forcing Collaboration is the Most Sensible Choice: Desirability of Precautionary and Dissuasive Mechanisms to Manage Multiparty Privacy Conflicts. Proc. ACM Hum.-Comput. Interact., Vol. 5, CSCW1, Article 53 (April 2021), 36 pages. https://doi.org/10.1145/3449127

Digital Library

[15]

Jason W. Clark, Peter Snyder, Damon McCoy, and Chris Kanich. 2015. “I Saw Images I Didn't Even Know I Had”: Understanding User Perceptions of Cloud Storage Privacy. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). Association for Computing Machinery, New York, NY, USA, 1641--1644. https://doi.org/10.1145/2702123.2702535

Digital Library

[16]

Cihan Cobanoglu, Muhittin Cavusoglu, and Gozde Turktarhan. 2021. A Beginner's Guide and Best Practices for Using Crowdsourcing Platforms for Survey Research: The Case of Amazon Mechanical Turk (MTurk). Journal of Global Business Insights, Vol. 6, 1 (2021), 92--97. https://doi.org/10.5038/2640--6489.6.1.1177

[17]

William Jay Conover and Ronald L. Iman. 1979. On Multiple-Comparisons Procedures. Technical Report LA-7677-MS Informal Report. Los Alamos Scientific Laboratory, Los Alamos, NM, USA. https://doi.org/10.2172/6057803

[18]

Paul De Hert, Vagelis Papakonstantinou, Gianclaudio Malgieri, Laurent Beslay, and Ignacio Sanchez. 2018. The Right to Data Portability in the GDPR: Towards User-centric Interoperability of Digital Services. Computer Law & Security Review, Vol. 34, 2 (2018), 193--203. https://doi.org/10.1016/j.clsr.2017.10.003

[19]

Margaret Anne Defeyter, Riccardo Russo, and Pamela Louise McPartlin. 2009. The Picture Superiority Effect in Recognition Memory: A Developmental Study Using the Response Signal Procedure. Cognitive Development, Vol. 24, 3 (2009), 265--273. https://doi.org/10.1016/j.cogdev.2009.05.002

[20]

Mariella Dimiccoli, Juan Mar'in, and Edison Thomaz. 2018. Mitigating Bystander Privacy Concerns in Egocentric Activity Recognition with Deep Learning and Intentional Image Degradation. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., Vol. 1, 4, Article 132 (Jan. 2018), 18 pages. https://doi.org/10.1145/3161190

Digital Library

[21]

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011. Android Permissions Demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS '11). Association for Computing Machinery, New York, NY, USA, 627--638. https://doi.org/10.1145/2046707.2046779

Digital Library

[22]

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin, and David Wagner. 2012. Android Permissions: User Attention, Comprehension, and Behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security (Washington, D.C.) (SOUPS 2012). Association for Computing Machinery, New York, NY, USA, Article 3, 14 pages. https://doi.org/10.1145/2335356.2335360

Digital Library

[23]

Christine Geeng and Franziska Roesner. 2019. Who's in Control? Interactions in Multi-User Smart Homes. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, New York, NY, USA, 1--13. https://doi.org/10.1145/3290605.330049

[24]

James T. Graves, Alessandro Acquisti, and Ross Anderson. 2019. Perception versus Punishment in Cybercrime. The Journal of Criminal Law and Criminology, Vol. 109, 2 (2019), 313--364.

[25]

Jie Gu, Yunjie (Calvin) Xu, Heng Xu, Cheng Zhang, and Hong Ling. 2017. Privacy Concerns for Mobile App Download: An Elaboration Likelihood Model Perspective. Decision Support Systems, Vol. 94 (2017), 19--28. https://doi.org/10.1016/j.dss.2016.10.002

Digital Library

[26]

Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using Personal Examples to Improve Risk Communication for Security & Privacy Decisions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI '14). Association for Computing Machinery, New York, NY, USA, 2647--2656. https://doi.org/10.1145/2556288.2556978

Digital Library

[27]

Rakibul Hasan, David Crandall, Mario Fritz, and Apu Kapadia. 2020. Automatically Detecting Bystanders in Photos to Reduce Privacy Risks. In 2020 IEEE Symposium on Security and Privacy (San Francisco, CA, USA) (IEEE S&P '20). Institute of Electrical and Electronics Engineers, 318--335. https://doi.org/10.1109/SP40000.2020.00097

[28]

Peter A. Heslin, Don Vandewalle, and Gary P. Latham. 2006. Keen to Help? Managers' Implicit Person Theories and Their Subsequent Employee Coaching. Personnel Psychology, Vol. 59, 4 (2006), 871--902. https://doi.org/10.1111/j.1744--6570.2006.00057.x

[29]

Christian Pieter Hoffmann, Christoph Lutz, and Giulia Ranzini. 2016. Privacy Cynicism: A New approach to the Privacy Paradox. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, Vol. 10, 4, Article 7 (2016). https://doi.org/10.5817/CP2016--4--7

[30]

Peter S. Houts, Cecilia C. Doak, Leonard G. Doak, and Matthew J. Loscalzo. 2006. The Role of Pictures in Improving Health Communication: A Review of Research on Attention, Comprehension, Recall, and Adherence. Patient Education and Counseling, Vol. 61, 2 (2006), 173--190. https://doi.org/10.1016/j.pec.2005.05.004

[31]

Mathias Humbert, Benjamin Trubert, and Kévin Huguenin. 2019. A Survey on Interdependent Privacy. ACM Comput. Surv., Vol. 52, 6, Article 122 (Oct. 2019), 40 pages. https://doi.org/10.1145/3360498

Digital Library

[32]

Deepak Karambelkar. 2014. Spyware: A Bird's-eye View. Gulf News (13 Feb. 2014). https://gulfnews.com/technology/consumer-electronics/spyware-a-birds-eye-view-1.1289319 Accessed: 2021-08--22.

[33]

Patrick Gage Kelley, Sunny Consolvo, Lorrie Faith Cranor, Jaeyeon Jung, Norman Sadeh, and David Wetherall. 2012. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In Financial Cryptography and Data Security, Jim Blyth, Sven Dietrich, and L. Jean Camp (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 68--79. https://doi.org/10.1007/978--3--642--34638--5_6

[34]

Elizabeth A. Kensinger and Daniel L. Schacter. 2006. Processing Emotional Pictures and Words: Effects of Valence and Arousal. Cognitive, Affective, & Behavioral Neuroscience, Vol. 6, 2 (2006), 110--126. https://doi.org/10.3758/CABN.6.2.110

[35]

Hanna Krasnova, Nicole Eling, Oleg Schneider, Helena Wenninger, and Thomas Widjaja. 2013. Does This App Ask for Too Much Data? The Role of Privacy Perceptions in User Behavior Towards Facebook Applications and Permission Dialogs. In Proceedings of the 21st European Conference on Information Systems (ECIS 2013 Completed Research). Article 179, 12 pages. https://aisel.aisnet.org/ecis2013_cr/179

[36]

Jacob Leon Kröger, Jens Lindemann, and Dominik Herrmann. 2020. How Do App Vendors Respond to Subject Access Requests? A Longitudinal Privacy Study on iOS and Android Apps. In Proceedings of the 15th International Conference on Availability, Reliability and Security (Virtual Event, Ireland) (ARES '20). Association for Computing Machinery, New York, NY, USA, Article 10, 10 pages. https://doi.org/10.1145/3407023.3407057

Digital Library

[37]

Annie Lang, Rachel Bailey, and Sean Ryan Connolly. 2015. Encoding Systems and Evolved Message Processing: Pictures Enable Action, Words Enable Thinking. Media and Communication, Vol. 3, 1 (2015), 34--43. https://doi.org/10.17645/mac.v3i1.248

[38]

Annie Lang, Robert F. Potter, and Paul D. Bolls. 1999. Something for Nothing: Is Visual Encoding Automatic? Media Psychology, Vol. 1, 2 (1999), 145--163. https://doi.org/10.1207/s1532785xmep0102_4

[39]

Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun (Aerin) Zhang, Norman Sadeh, Yuvraj Agarwal, and Alessandro Acquisti. 2016. Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX Association, Denver, CO, 27--41. https://www.usenix.org/conference/soups2016/technical-sessions/presentation/liu

Digital Library

[40]

Alexios Mylonas, Anastasia Kastania, and Dimitris Gritzalis. 2013. Delegate the Smartphone User? Security Awareness in Smartphone Platforms. Computers & Security, Vol. 34 (2013), 47--66. https://doi.org/10.1016/j.cose.2012.11.004

Digital Library

[41]

Helen Nissenbaum. 2004. Privacy as Contextual Integrity. Washington Law Review, Vol. 79, 1 (2004), 119--158. https://heinonline.org/HOL/LandingPage?handle=hein.journals/washlr79&div=16

[42]

Patricia A. Norberg, Daniel R. Horne, and David A. Horne. 2007. The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. Journal of Consumer Affairs, Vol. 41, 1 (2007), 100--126. https://doi.org/10.1111/j.1745--6606.2006.00070.x

[43]

Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kévin Huguenin, Mohammad Emtiyaz Khan, and Jean-Pierre Hubaux. 2017. SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices. In 2017 IEEE Symposium on Security and Privacy (San Jose, CA, USA) (IEEE S&P '20). Institute of Electrical and Electronics Engineers, 1058--1076. https://doi.org/10.1109/SP.2017.25

[44]

Alexandra-Mihaela Olteanu, Kévin Huguenin, Italo Dacosta, and J-P Hubaux. 2018. Consensual and Privacy-preserving Sharing of Multi-subject and Interdependent Data. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS 2018). Internet Society, 15 pages. https://doi.org/10.14722/ndss.2018.23002

[45]

Daniel M. Oppenheimer, Tom Meyvis, and Nicolas Davidenko. 2009. Instructional Manipulation Checks: Detecting Satisficing to Increase Statistical Power. Journal of Experimental Social Psychology, Vol. 45, 4 (2009), 867--872. https://doi.org/10.1016/j.jesp.2009.03.009

[46]

Federica Paci, Anna Squicciarini, and Nicola Zannone. 2018. Survey on Access Control for Community-Centered Collaborative Systems. ACM Comput. Surv., Vol. 51, 1, Article 6 (Jan. 2018), 38 pages. https://doi.org/10.1145/3146025

Digital Library

[47]

Sameer Patil, Greg Norcie, Apu Kapadia, and Adam J. Lee. 2012. Reasons, Rewards, Regrets: Privacy Considerations in Location Sharing as an Interactive Practice. In Proceedings of the Eighth Symposium on Usable Privacy and Security (Washington, D.C.) (SOUPS 2012). Association for Computing Machinery, New York, NY, USA, Article 5, 15 pages. https://doi.org/10.1145/2335356.2335363

Digital Library

[48]

Sameer Patil, Roman Schlegel, Apu Kapadia, and Adam J. Lee. 2014. Reflection or Action? How Feedback and Control Affect Location Sharing Decisions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI '14). Association for Computing Machinery, New York, NY, USA, 101--110. https://doi.org/10.1145/2556288.2557121

Digital Library

[49]

Sai Teja Peddinti, Igor Bilogrevic, Nina Taft, Martin Pelikan, Úlfar Erlingsson, Pauline Anthonysamy, and Giles Hogben. 2019. Reducing Permission Requests in Mobile Apps. In Proceedings of the Internet Measurement Conference (Amsterdam, Netherlands) (IMC '19). Association for Computing Machinery, New York, NY, USA, 259--266. https://doi.org/10.1145/3355369.3355584

Digital Library

[50]

Anthony Peruma, Jeffrey Palmerino, and Daniel E. Krutz. 2018. Investigating User Perception and Comprehension of Android Permission Models. In Proceedings of the 5th International Conference on Mobile Software Engineering and Systems (Gothenburg, Sweden) (MOBILESoft '18). Association for Computing Machinery, New York, NY, USA, 56--66. https://doi.org/10.1145/3197231.3197246

Digital Library

[51]

Giuseppe Petracca, Ahmad-Atamli Reineh, Yuqiong Sun, Jens Grossklags, and Trent Jaeger. 2017. AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings. In 26th USENIX Security Symposium (USENIX Security '17). USENIX Association, Vancouver, BC, 379--396. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/petracca

[52]

Giuseppe Petracca, Yuqiong Sun, Ahmad-Atamli Reineh, Patrick McDaniel, Jens Grossklags, and Trent Jaeger. 2019. EnTrust: Regulating Sensor Access by Cooperating Programs via Delegation Graphs. In 28th USENIX Security Symposium (USENIX Security '19). USENIX Association, Santa Clara, CA, 567--584. https://www.usenix.org/conference/usenixsecurity19/presentation/petracca

[53]

Sandra Petronio. 2002. Boundaries of Privacy: Dialectics of Disclosure .State University of New York Press.

[54]

Yu Pu and Jens Grossklags. 2014. An Economic Model and Simulation Results of App Adoption Decisions on Networks with Interdependent Privacy Consequences. In Decision and Game Theory for Security, Radha Poovendran and Walid Saad (Eds.). Springer International Publishing, Cham, 246--265. https://doi.org/10.1007/978--3--319--12601--2_14

[55]

Yu Pu and Jens Grossklags. 2015. Using Conjoint Analysis to Investigate the Value of Interdependent Privacy in Social App Adoption Scenarios. In Proceedings of Thirty Sixth International Conference on Information Systems (Fort Worth, TX, USA) (ICIS 2015). 20 pages. https://aisel.aisnet.org/icis2015/proceedings/SecurityIS/12/

[56]

Yu Pu and Jens Grossklags. 2016. Towards a Model on the Factors Influencing Social App Users' Valuation of Interdependent Privacy. Proceedings on Privacy Enhancing Technologies, Vol. 2016, 2 (2016), 61--81. https://doi.org/10.1515/popets-2016-0005

[57]

Yu Pu and Jens Grossklags. 2017. Valuating Friends' Privacy: Does Anonymity of Sharing Personal Data Matter?. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA, 339--355. https://www.usenix.org/conference/soups2017/technical-sessions/presentation/pu

[58]

Selvakumar Ramachandran, Andrea Dimitri, Maulahikmah Galinium, Muhammad Tahir, Indirajith Viji Ananth, Christian H. Schunck, and Maurizio Talamo. 2017. Understanding and Granting Android permissions: A user survey. In 2017 International Carnahan Conference on Security Technology (Madrid, Spain) (ICCST 2017). Institute of Electrical and Electronics Engineers, 1--6. https://doi.org/10.1109/CCST.2017.8167834

[59]

Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale. Proceedings on Privacy Enhancing Technologies, Vol. 2018, 3 (2018), 63--83. https://doi.org/10.1515/popets-2018-0021

[60]

Jordan Robertson. 2014. Google+, 'Candy Crush' Show Risk of Leakiest Apps. Bloomberg (29 Jan. 2014). https://www.bloomberg.com/news/articles/2014-01--29/nsa-spying-on-apps-shows-perils-of-google-candy-crush- Accessed: 2021-08--22.

[61]

Muhammad Safi, Abhiditya Jha, Malak Aly, Xinru Page, Sameer Patil, and Pamela Wisniewski. 2019. Will They Share? Predicting Location Sharing Behaviors of Smartphone Users through Self-Reflection on Past Privacy Behaviors. In Workshop on Usable Security (San Diego, CA, USA) (USEC 2019). 13 pages. https://doi.org/10.14722/usec.2019.23014

[62]

John S. Seberger, Marissel Llavore, Nicholas Nye Wyant, Irina Shklovski, and Sameer Patil. 2021. Empowering Resignation: There's an App for That. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI '21). Association for Computing Machinery, New York, NY, USA, Article 552, 18 pages. https://doi.org/10.1145/3411764.3445293

Digital Library

[63]

Pan Shi, Heng Xu, and Yunan Chen. 2013. Using Contextual Integrity to Examine Interpersonal Information Boundary on Social Network Sites. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '13). Association for Computing Machinery, New York, NY, USA, 35--38. https://doi.org/10.1145/2470654.2470660

Digital Library

[64]

Daniel Smullen, Yuanyuan Feng, Shikun Aerin Zhang, and Norman Sadeh. 2020. The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences. Proceedings on Privacy Enhancing Technologies, Vol. 2020, 1 (2020), 195--215. https://doi.org/10.2478/popets-2020-0011

[65]

Chad Spensky, Jeffrey Stewart, Arkady Yerukhimovich, Richard Shay, Ari Trachtenberg, Rick Housley, and Robert K. Cunningham. 2016. SoK: Privacy on Mobile Devices -- It's Complicated. Proceedings on Privacy Enhancing Technologies, Vol. 2016, 3 (2016), 96--116. https://doi.org/10.1515/popets-2016-0018

[66]

Anna Squicciarini, Cornelia Caragea, and Rahul Balakavi. 2017. Toward Automated Online Photo Privacy. ACM Trans. Web, Vol. 11, 1, Article 2 (April 2017), 29 pages. https://doi.org/10.1145/2983644

Digital Library

[67]

Anna Cinzia Squicciarini, Mohamed Shehab, and Federica Paci. 2009. Collective Privacy Management in Social Networks. In Proceedings of the 18th International Conference on World Wide Web (Madrid, Spain) (WWW '09). Association for Computing Machinery, New York, NY, USA, 521--530. https://doi.org/10.1145/1526709.1526780

Digital Library

[68]

Jose M. Such and Natalia Criado. 2016. Resolving Multi-Party Privacy Conflicts in Social Media. IEEE Transactions on Knowledge and Data Engineering, Vol. 28, 7 (2016), 1851--1863. https://doi.org/10.1109/TKDE.2016.2539165

[69]

Jose M. Such and Natalia Criado. 2018. Multiparty Privacy in Social Media. Commun. ACM, Vol. 61, 8 (July 2018), 74--81. https://doi.org/10.1145/3208039

Digital Library

[70]

Jose M. Such, Joel Porter, Sören Preibusch, and Adam Joinson. 2017. Photo Privacy Conflicts in Social Media: A Large-Scale Empirical Study. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (CHI '17). Association for Computing Machinery, New York, NY, USA, 3821--3832. https://doi.org/10.1145/3025453.3025668

Digital Library

[71]

Iraklis Symeonidis, Fatemeh Shirazi, Gergely Biczók, Cristina Pérez-Solà, and Bart Preneel. 2016. Collateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence. In ICT Systems Security and Privacy Protection, Jaap-Henk Hoepman and Stefan Katzenbeisser (Eds.). Springer International Publishing, Cham, 194--208. https://doi.org/10.1007/978--3--319--33630--5_14

[72]

Emmanuel Syrmoudis, Stefan Mager, Sophie Kuebler-Wachendorff, Paul Pizzinini, Jens Grossklags, and Johann Kranz. 2021. Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20. Proceedings on Privacy Enhancing Technologies, Vol. 2021, 3 (2021), 351--372. https://doi.org/10.2478/popets-2021-0051

[73]

Kurt Thomas, Chris Grier, and David M. Nicol. 2010. unFriendly: Multi-party Privacy Risks in Social Networks. In Privacy Enhancing Technologies (PETS 2010. Lecture Notes in Computer Science, Vol. 6205), Mikhail J. Atallah and Nicholas J. Hopper (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 236--252. https://doi.org/10.1007/978--3--642--14527--8_14

[74]

Ashwini Tonge, Cornelia Caragea, and Anna Squicciarini. 2018. Uncovering Scene Context for Predicting Privacy of Online Shared Images. Proceedings of the Thirty-Second AAAI Conference on Artificial Intelligence, Vol. 32, 1 (Apr. 2018), 8167--8168. https://ojs.aaai.org/index.php/AAAI/article/view/12180

[75]

Lynn Tsai, Primal Wijesekera, Joel Reardon, Irwin Reyes, Serge Egelman, David Wagner, Nathan Good, and Jung-Wei Chen. 2017. Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA, 145--162. https://www.usenix.org/conference/soups2017/technical-sessions/presentation/tsai

[76]

Kasisomayajula Viswanath and John R. Finnegan Jr. 1996. The Knowledge Gap Hypothesis: Twenty-Five Years Later. Annals of the International Communication Association, Vol. 19, 1 (1996), 187--228. https://doi.org/10.1080/23808985.1996.11678931

[77]

Na Wang, Jens Grossklags, and Heng Xu. 2013a. An Online Experiment of Privacy Authorization Dialogues for Social Applications. In Proceedings of the 2013 Conference on Computer Supported Cooperative Work (San Antonio, Texas, USA) (CSCW '13). Association for Computing Machinery, New York, NY, USA, 261--272. https://doi.org/10.1145/2441776.2441807

Digital Library

[78]

Na Wang, Heng Xu, and Jens Grossklags. 2011. Third-Party Apps on Facebook: Privacy and the Illusion of Control. In Proceedings of the 5th ACM Symposium on Computer Human Interaction for Management of Information Technology (Cambridge, Massachusetts) (CHIMIT '11). Association for Computing Machinery, New York, NY, USA, Article 4, 10 pages. https://doi.org/10.1145/2076444.2076448

Digital Library

[79]

Yang Wang, Pedro Giovanni Leon, Kevin Scott, Xiaoxuan Chen, Alessandro Acquisti, and Lorrie Faith Cranor. 2013b. Privacy Nudges for Social Media: An Exploratory Facebook Study. In Proceedings of the 22nd International Conference on World Wide Web (Rio de Janeiro, Brazil) (WWW '13 Companion). Association for Computing Machinery, New York, NY, USA, 763--770. https://doi.org/10.1145/2487788.2488038

Digital Library

[80]

Jake Weidman, William Aurite, and Jens Grossklags. 2019. On Sharing Intentions, and Personal and Interdependent Privacy Considerations for Genetic Data: A Vignette Study. IEEE/ACM Transactions on Computational Biology and Bioinformatics, Vol. 16, 4 (2019), 1349--1361. https://doi.org/10.1109/TCBB.2018.2854785

Digital Library

[81]

Dominik Wermke, Nicolas Huaman, Christian Stransky, Niklas Busch, Yasemin Acar, and Sascha Fahl. 2020. Cloudy with a Chance of Misconceptions: Exploring Users' Perceptions and Expectations of Security and Privacy in Cloud Office Suites. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 359--377. https://www.usenix.org/conference/soups2020/presentation/wermke

[82]

Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David Wagner, and Konstantin Beznosov. 2017. The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences. In 2017 IEEE Symposium on Security and Privacy (San Jose, CA, USA) (IEEE S&P '17). Institute of Electrical and Electronics Engineers, 1077--1093. https://doi.org/10.1109/SP.2017.51

[83]

Jakob Wirth, Christian Maier, and Sven Laumer. 2018. The Influence of Resignation on the Privacy Calculus in the Context of Social Networking Sites: An Empirical Analysis. In Proceedings of the Twenty-Sixth European Conference on Information Systems (Portsmouth, UK) (ECIS 2018 Research Papers). Article 161, 16 pages. https://aisel.aisnet.org/ecis2018_rp/161

[84]

Pamela Wisniewski, Muhammad Irtaza Safi, Sameer Patil, and Xinru Page. 2020. Predicting Smartphone Location-sharing Decisions through Self-reflection on Past Privacy Behavior. Journal of Cybersecurity, Vol. 6, 1 (09 2020), 16 pages. https://doi.org/10.1093/cybsec/tyaa014

[85]

Eric Zeng and Franziska Roesner. 2019. Understanding and Improving Security and Privacy in Multi-User Smart Homes: A Design Exploration and In-Home User Study. In 28th USENIX Security Symposium (USENIX Security '19). USENIX Association, Santa Clara, CA, 159--176. https://www.usenix.org/conference/usenixsecurity19/presentation/zeng

Cited By

Liu SBiczók G(2025)IDPFilter: Mitigating interdependent privacy issues in third-party appsComputers & Security10.1016/j.cose.2025.104321(104321)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2025.104321
Ghafourian TMicallef NPatil SBalzarotti DXu W(2024)From the childhood pastProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699180(4999-5016)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699180
Bemmann FMayer S(2024)The Impact of Data Privacy on Users' Smartphone App Adoption DecisionsProceedings of the ACM on Human-Computer Interaction10.1145/36765258:MHCI(1-23)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676525
Show More Cited By

Index Terms

Won't You Think of Others?: Interdependent Privacy in Smartphone App Permissions
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
  2. Ubiquitous and mobile computing
    1. Empirical studies in ubiquitous and mobile computing
    2. Ubiquitous and mobile devices
      1. Smartphones
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

Permission vs. App Limiters: Profiling Smartphone Users to Understand Differing Strategies for Mobile Privacy Management
CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems

We conducted a user study with 380 Android users, profiling them according to two key privacy behaviors: the number of apps installed and the Dangerous permissions granted to those apps. We identified four unique privacy profiles: 1) Privacy Balancers (...
A Survey on Interdependent Privacy

The privacy of individuals does not only depend on their own actions and data but may also be affected by the privacy decisions and by the data shared by other individuals. This interdependence is an essential aspect of privacy and ignoring it can lead ...
Interdependent Privacy Issues Are Pervasive Among Third-Party Applications
Data Privacy Management, Cryptocurrencies and Blockchain Technology
Abstract
Third-party applications are popular: they improve and extend the features offered by their respective platforms, whether being mobile OS, browsers or cloud-based tools. Although some privacy concerns regarding these apps have been studied in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Human-Computer Interaction

Proceedings of the ACM on Human-Computer Interaction Volume 5, Issue CSCW2

CSCW2

October 2021

5376 pages

EISSN:2573-0142

DOI:10.1145/3493286

Editor:
Jeff Nichols
Apple Inc., United States

Issue’s Table of Contents

Copyright © 2021 Owner/Author.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 October 2021

Published in PACMHCI Volume 5, Issue CSCW2

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

The Bavarian Research Institute for Digital Transformation (bidt)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
705
Total Downloads

Downloads (Last 12 months)216
Downloads (Last 6 weeks)24

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu SBiczók G(2025)IDPFilter: Mitigating interdependent privacy issues in third-party appsComputers & Security10.1016/j.cose.2025.104321(104321)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2025.104321
Ghafourian TMicallef NPatil SBalzarotti DXu W(2024)From the childhood pastProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699180(4999-5016)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699180
Bemmann FMayer S(2024)The Impact of Data Privacy on Users' Smartphone App Adoption DecisionsProceedings of the ACM on Human-Computer Interaction10.1145/36765258:MHCI(1-23)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676525
Gelashvili AResheff YBlumrosen G(2024)Construction of a Social-Media Based Clinical Database—Roadmap, Challenges, and Feasibility for ADHD RecognitionIEEE Access10.1109/ACCESS.2024.348331112(164725-164736)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3483311
Jamieson JYamashita N(2023)Escaping the Walled Garden? User Perspectives of Control in Data Portability for Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/36101887:CSCW2(1-27)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610188
SANDOR ASIMION E(2022)An Entropy-based Method for Social Apps Privacy Assessment Using the Android Permissions ArchitectureAdvances in Electrical and Computer Engineering10.4316/AECE.2022.0300922:3(79-86)Online publication date: 2022
https://doi.org/10.4316/AECE.2022.03009
Franz ABenlian A(2022)Exploring interdependent privacy – Empirical insights into users’ protection of others’ privacy on online platformsElectronic Markets10.1007/s12525-022-00566-832:4(2293-2309)Online publication date: 22-Jul-2022
https://doi.org/10.1007/s12525-022-00566-8
Hesselmann CReinhardt DGertheiss JMüller J(2022)Data Privacy in Ride-Sharing Services: From an Analysis of Common Practices to Improvement of User AwarenessSecure IT Systems10.1007/978-3-031-22295-5_2(20-39)Online publication date: 30-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-22295-5_2

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents