More Web Proxy on the site http://driver.im/

research-article

Public Access

Examining Power Use and the Privacy Paradox between Intention vs. Actual Use of Mobile Applications

Authors:

Reza Ghaiumy Anaraky,

Pamela Wisniewski,

Bart P. KnijnenburgAuthors Info & Claims

EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

Pages 223 - 235

https://doi.org/10.1145/3481357.3481513

Published: 11 December 2021 Publication History

All formats PDF

Abstract

The prevalence of smartphones in our society warrants more research on understanding the characteristics of users and their information privacy behaviors when using mobile apps. This paper investigates the antecedents and consequences of “power use” (i.e., the competence and desire to use technology to its fullest) in the context of informational privacy. In a study with 380 Android users, we examined how gender and users’ education level influence power use, how power use affects users’ intention to install apps and share information with them versus their actual privacy behaviors (i.e., based on the number of apps installed and the total number of “dangerous permission” requests granted to those apps). Our findings revealed an inconsistency in the effect of power use on users’ information privacy behaviors: While the intention to install apps and to share information with them increased with power use, the actual number of installed apps and dangerous permissions ultimately granted decreased with power use. In other words, although the self-reported intentions suggested the opposite, people who scored higher on the power use scale seemed to be more prudent about their informational privacy than people who scored lower on the power use scale. We discuss the implications of this inconsistency and make recommendations for reconciling smartphone users’ informational privacy intentions and behaviors.

References

[1]

2021. Pre-installed apps: T-Mobile REVVL. https://www.t-mobile.com/support/devices/android/t-mobile-revvl/pre-installed-apps-t-mobile-revvl

[2]

Desiree Abrokwa, Shruti Das, Omer Akgul, and Michelle L Mazurek. 2021. Comparing Security and Privacy Attitudes Among US Users of Different Smartphone and Smart-Speaker Platforms. In Seventeenth Symposium On Usable Privacy and Security ({SOUPS} 2021). 139–158.

[3]

Icek Ajzen. 1985. From intentions to actions: A theory of planned behavior. In Action control. Springer, 11–39.

[4]

Efthimios Alepis and Constantinos Patsakis. 2017. Hey doc, is this normal?: exploring android permissions in the post marshmallow era. In International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, Springer, Cham, 53–73.

Digital Library

[5]

Amazon. 2020. Participation Agreement. https://www.mturk.com/participation-agreement

[6]

Monica Anderson. 2015. Mobile apps, privacy and permissions: 5 key takeaways. https://www.pewresearch.org/fact-tank/2015/11/10/key-takeaways-mobile-apps/

[7]

Panagiotis Andriotis, Shancang Li, Theodoros Spyridopoulos, and Gianluca Stringhini. 2017. A comparative study of android users’ privacy preferences under the runtime permission model. In International Conference on Human Aspects of Information Security, Privacy, and Trust. Springer, 604–622.

Digital Library

[8]

Panagiotis Andriotis, Martina Angela Sasse, and Gianluca Stringhini. 2016. Permissions snapshots: Assessing users’ adaptation to the Android runtime permission model. In 2016 IEEE International Workshop on Information Forensics and Security (WIFS). IEEE, 1–6.

[9]

Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, and Erica Turner. 2020. Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/

[10]

Rawan Baalous and Ronald Poet. 2018. How Dangerous Permissions are Described in Android Apps’ Privacy Policies?. In Proceedings of the 11th International Conference on Security of Information and Networks. 1–2.

Digital Library

[11]

Susanne Barth and Menno DT De Jong. 2017. The privacy paradox–Investigating discrepancies between expressed privacy concerns and actual online behavior–A systematic literature review. Telematics and informatics 34, 7 (2017), 1038–1058.

[12]

Grant Blank, Gillian Bolsover, and Elizabeth Dubois. 2014. A new privacy paradox: Young people and privacy on social network sites. In Prepared for the Annual Meeting of the American Sociological Association, Vol. 17.

[13]

Bram Bonné, Sai Teja Peddinti, Igor Bilogrevic, and Nina Taft. 2017. Exploring decision making with Android’s runtime permission dialogs using in-context surveys. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017). 195–210.

[14]

Ian Carlos Campbell. 2020. Apple will require apps to add privacy ’nutrition labels’ starting December 8th. https://www.theverge.com/2020/11/5/21551926/apple-privacy-developers-nutrition-labels-app-store-ios-14

[15]

Saksham Chitkara, Nishad Gothoskar, Suhas Harish, Jason I Hong, and Yuvraj Agarwal. 2017. Does this app really need my location? Context-aware privacy management for smartphones. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 1, 3 (2017), 1–22.

Digital Library

[16]

Francesca Comunello, Mireia Fernández Ardèvol, Simone Mulargia, and Francesca Belotti. 2017. Women, youth and everything else: Age-based and gendered stereotypes in relation to digital technology among elderly Italian mobile phone users. Media, Culture & Society 39, 6 (2017), 798–815.

[17]

Fred D Davis. 1985. A technology acceptance model for empirically testing new end-user information systems: Theory and results. Ph.D. Dissertation. Massachusetts Institute of Technology.

[18]

Serge Egelman, Janice Tsai, Lorrie Faith Cranor, and Alessandro Acquisti. 2009. Timing is everything?: the effects of timing and placement of online privacy indicators. In Proceedings of the 27th international conference on Human factors in computing systems(CHI ’09). ACM, New York, NY, USA, 319–328. https://doi.org/10.1145/1518701.1518752

Digital Library

[19]

William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. Understanding android security. IEEE security & privacy 7, 1 (2009), 50–57.

Digital Library

[20]

Hossein Falaki, Ratul Mahajan, Srikanth Kandula, Dimitrios Lymberopoulos, Ramesh Govindan, and Deborah Estrin. 2010. Diversity in smartphone usage. In Proceedings of the 8th international conference on Mobile systems, applications, and services. 179–194.

Digital Library

[21]

Zheran Fang, Weili Han, Dong Li, Zeqing Guo, Danhao Guo, Xiaoyang Sean Wang, Zhiyun Qian, and Hao Chen. 2016. revdroid: Code analysis of the side effects after dynamic permission revocation of android apps. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 747–758.

Digital Library

[22]

Johannes Feichtner and Stefan Gruber. 2020. Understanding Privacy Awareness in Android App Descriptions Using Deep Learning. In 10th ACM Conference on Data and Application Security and Privacy.

[23]

Carol J Fung, Bahman Rashidi, and Vivian Genaro Motti. [n.d.]. Multi-View Permission Risk Notification for Smartphone System.([n. d.]).

[24]

Nina Gerber, Paul Gerber, and Melanie Volkamer. 2018. Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & Security 77 (Aug. 2018), 226–261. https://doi.org/10.1016/j.cose.2018.04.002

Digital Library

[25]

Stylianos Gisdakis, Thanassis Giannetsos, and Panos Papadimitratos. 2016. Android Privacy C(R)Ache: Reading Your External Storage and Sensors for Fun and Profit. In Proceedings of the 1st ACM Workshop on Privacy-Aware Mobile Computing (Paderborn, Germany) (PAMCO ’16). Association for Computing Machinery, New York, NY, USA, 1–10. https://doi.org/10.1145/2940343.2940346

Digital Library

[26]

Google. 2020. Manifest.permission. https://developer.android.com/reference/android/Manifest.permission

[27]

Google. 2020. Permissions overview:Android Developers. https://developer.android.com/guide/topics/permissions/overview#dangerous_permissions

[28]

Douglas Gunzler, Tian Chen, Pan Wu, and Hui Zhang. 2013. Introduction to mediation analysis with structural equation modeling. Shanghai archives of psychiatry 25, 6 (2013), 390.

[29]

Catherine Han, Irwin Reyes, Álvaro Feal, Joel Reardon, Primal Wijesekera, Narseo Vallina-Rodriguez, Amit Elazari Bar On, Kenneth Bamberger, Serge Egelman, 2020. The Price is (Not) Right: Comparing Privacy in Free and Paid Apps. (2020).

[30]

Diarmaid Harkin and Adam Molnar. 2020. Operating-System Design and Its Implications for Victims of Family Violence: The Comparative Threat of Smart Phone Spyware for Android Versus iPhone Users. Violence Against Women(2020), 1077801220923731.

[31]

Apple Inc.[n.d.]. App Privacy Details - App Store. https://developer.apple.com/app-store/app-privacy-details/

[32]

Hyunjin Kang and Wonsun Shin. 2016. Do smartphone power users protect mobile privacy better than nonpower users? Exploring power usage as a factor in mobile privacy protection and disclosure. Cyberpsychology, Behavior, and Social Networking 19, 3(2016), 179–185.

[33]

Mark J Keith, Samuel C Thompson, Joanne Hale, Paul Benjamin Lowry, and Chapman Greer. 2013. Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior. International journal of human-computer studies 71, 12 (2013), 1163–1173.

Digital Library

[34]

Patrick Gage Kelley, Lorrie Faith Cranor, and Norman Sadeh. 2013. Privacy as part of the app decision-making process. In Proceedings of the SIGCHI conference on human factors in computing systems. 3393–3402.

Digital Library

[35]

Nishtha Kesswani and Frank Lin. 2016. How privacy invasive Android apps are?. In 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom). IEEE, 3731–3734.

[36]

Yeolib Kim, Daniel A Briley, and Melissa G Ocepek. 2015. Differential innovation of smartphone and application use by sociodemographics and personality. Computers in Human Behavior 44 (2015), 141–147.

Digital Library

[37]

Bart P Knijnenburg, Alfred Kobsa, and Hongxia Jin. 2013. Preference-based location sharing: are more privacy options really better?. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. 2667–2676.

Digital Library

[38]

Bart P Knijnenburg, Saadhika Sivakumar, and Daricia Wilkinson. 2016. Recommender systems for self-actualization. In Proceedings of the 10th ACM Conference on Recommender Systems. 11–14.

Digital Library

[39]

Bart P Knijnenburg and Martijn C Willemsen. 2015. Evaluating recommender systems with user experiments. In Recommender Systems Handbook. Springer, 309–352.

[40]

Konrad Kollnig, Reuben Binns, Pierre Dewitte, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, and Nigel Shadbolt. 2021. A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps. In Seventeenth Symposium On Usable Privacy and Security ({SOUPS} 2021). 181–195.

[41]

Lydia Kraus, Ina Wechsung, and Sebastian Möller. 2017. Psychological needs as motivators for security and privacy actions on smartphones. Journal of Information Security and Applications 34 (2017), 34–45.

[42]

Martin Kuehnhausen and Victor S Frost. 2013. Trusting smartphone apps? To install or not to install, that is the question. In 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA). IEEE, 30–37.

[43]

Robert S Laufer and Maxine Wolfe. 1977. Privacy as a concept and a social issue: A multidimensional developmental theory. Journal of social Issues 33, 3 (1977), 22–42.

[44]

Huoran Li, Xuan Lu, Xuanzhe Liu, Tao Xie, Kaigui Bian, Felix Xiaozhu Lin, Qiaozhu Mei, and Feng Feng. 2015. Characterizing smartphone usage patterns from millions of android users. In Proceedings of the 2015 Internet Measurement Conference. 459–472.

Digital Library

[45]

Sampada Marathe, S Shyam Sundar, M Nije Bijvank, Henriette C van Vugt, and Jolanda Veldhuis. 2007. Who are these power users anyway? Building a psychological profile. (2007).

[46]

Scott R Moore, Huangyi Ge, Ninghui Li, and Robert W Proctor. 2019. Cybersecurity for android applications: Permissions in android 5 and 6. International Journal of Human–Computer Interaction 35, 7(2019), 630–640.

[47]

Jack Morse. 2020. As coronavirus spreads, yet another company brags about tracking you. https://mashable.com/article/coronavirus-location-data-tracking-mobile-phones/

[48]

Moses Namara, Henry Sloan, Priyanka Jaiswal, and Bart P Knijnenburg. 2018. The Potential for User-Tailored Privacy on Facebook. In 2018 IEEE Symposium on Privacy-Aware Computing (PAC). IEEE, 31–42.

[49]

Patricia A Norberg, Daniel R Horne, and David A Horne. 2007. The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of consumer affairs 41, 1 (2007), 100–126.

[50]

Xinru Page and Alfred Kobsa. 2009. The circles of latitude: Adoption and usage of location tracking in online social networking. In 2009 International Conference on Computational Science and Engineering, Vol. 4. IEEE, 1027–1030.

Digital Library

[51]

Xinru Page, Alfred Kobsa, and Bart P Knijnenburg. 2012. Don’t disturb my circles! Boundary preservation is at the center of location-sharing concerns. In Sixth International AAAI Conference on Weblogs and Social Media.

[52]

Hyanghee Park, Jinsu Eun, and Joonhwan Lee. 2018. Why do smartphone users hesitate to delete unused apps?. In Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services Adjunct. 174–181.

Digital Library

[53]

Andrew Perrin. 2020. Half of Americans have decided not to use a product or service because of privacy concerns. https://www.pewresearch.org/fact-tank/2020/04/14/half-of-americans-have-decided-not-to-use-a-product-or-service-because-of-privacy-concerns/

[54]

Rakesh and Rakesh. 2021. Samsung Bloatware List (2020): Remove Samsung Bloatware Safely. https://technastic.com/remove-samsung-bloatware-safe-to-remove-apps/

[55]

Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman. 2019. 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 603–620.

[56]

Elissa M Redmiles, Sean Kross, and Michelle L Mazurek. 2019. How well do my results generalize? comparing security and privacy survey results from mturk, web, and telephone samples. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1326–1343.

[57]

Lena Reinfelder, Zinaida Benenson, and Freya Gassmann. 2014. Differences between Android and iPhone users in their security and privacy awareness. In International Conference on Trust, Privacy and Security in Digital Business. Springer, 156–167.

[58]

Pam Royse, Joon Lee, Baasanjav Undrahbuyan, Mark Hopson, and Mia Consalvo. 2007. Women and games: Technologies of the gendered self. New media & society 9, 4 (2007), 555–576.

[59]

Muhammad Irtaza Safi, Abhiditya Jha, Malak Eihab Aly, Xinru Page, Sameer Patil, and Pamela Wisniewski. 2019. Will They Share? Predicting Location Sharing Behaviors of Smartphone Users through Self-Reflection on Past Privacy Behaviors. In The 2019 NDSS Workshop on Usable Security and Privacy.

[60]

Noam Segev, Noam Avigdor, and Eytan Avigdor. 2018. Measuring influence on Instagram: a network-oblivious approach. In The 41st International ACM SIGIR Conference on Research & Development in Information Retrieval. 1009–1012.

Digital Library

[61]

Christina Shane-Simpson, Adriana Manago, Naomi Gaggi, and Kristen Gillespie-Lynch. 2018. Why do college students prefer Facebook, Twitter, or Instagram? Site affordances, tensions between privacy and self-expression, and implications for social capital. Computers in Human Behavior 86 (2018), 276–288.

[62]

Paschal Sheeran and Thomas L Webb. 2016. The intention–behavior gap. Social and personality psychology compass 10, 9 (2016), 503–518.

[63]

Drew Smith. 2020. iOS Client Administration. In Apple macOS and iOS System Administration. Springer, 109–144.

[64]

Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, and Hao Chen. 2012. Investigating user privacy in android ad libraries. In Workshop on Mobile Security Technologies (MoST), Vol. 10. Citeseer.

[65]

S Shyam Sundar and Sampada S Marathe. 2010. Personalization versus customization: The importance of agency, privacy, and power usage. Human Communication Research 36, 3 (2010), 298–322.

[66]

Mohsen Tavakol and Reg Dennick. 2011. Making sense of Cronbach’s alpha. International journal of medical education 2 (2011), 53.

[67]

Hsiu-Yu Wang, Chechen Liao, and Ling-Hui Yang. 2013. What affects mobile application use? The roles of consumption values. International Journal of Marketing Studies 5, 2 (2013), 11.

[68]

Na Wang, Pamela Wisniewski, Heng Xu, and Jens Grossklags. 2014. Designing the default privacy settings for facebook applications. In Proceedings of the companion publication of the 17th ACM conference on Computer supported cooperative work & social computing. 249–252.

Digital Library

[69]

Na Wang, Bo Zhang, Bin Liu, and Hongxia Jin. 2015. Investigating effects of control and ads awareness on android users’ privacy behaviors and perceptions. In Proceedings of the 17th international conference on human-computer interaction with mobile devices and services. 373–382.

Digital Library

[70]

Yang Wang, Jun Zheng, Chen Sun, and Srinivas Mukkamala. 2013. Quantitative security risk assessment of android permissions and applications. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 226–241.

[71]

Paul R Warshaw and Fred D Davis. 1985. Disentangling behavioral intention and behavioral expectation. Journal of experimental social psychology 21, 3 (1985), 213–228.

[72]

Rick Wash and Emilee Rader. 2015. Too much knowledge? security beliefs and protective behaviors among united states internet users. In Eleventh Symposium On Usable Privacy and Security ({SOUPS} 2015). 309–325.

[73]

Xuetao Wei, Lorenzo Gomez, Iulian Neamtiu, and Michalis Faloutsos. 2012. Permission evolution in the android ecosystem. In Proceedings of the 28th Annual Computer Security Applications Conference. 31–40.

Digital Library

[74]

Pamela Wisniewski, AKM Najmul Islam, Bart P Knijnenburg, and Sameer Patil. 2015. Give social network users the privacy they want. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing. 1427–1441.

Digital Library

[75]

Pamela Wisniewski, Jessica Vitak, Xinru Page, Bart Knijnenburg, Yang Wang, and Casey Fiesler. 2017. In whose best interest? Exploring the real, potential, and imagined ethical concerns in privacy-focused agenda. In Companion of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing. 377–382.

[76]

Pamela J Wisniewski, Bart P Knijnenburg, and Heather Richter Lipford. 2017. Making privacy personal: Profiling social network users to inform privacy education and nudging. International Journal of Human-Computer Studies 98 (2017), 95–108.

Digital Library

[77]

Heng Xu, Sumeet Gupta, Mary Beth Rosson, and John M Carroll. 2012. Measuring mobile users’ concerns for information privacy. (2012).

[78]

Heng Xu and Hock-Hai Teo. 2004. Alleviating consumers’ privacy concerns in location-based services: a psychological control perspective. ICIS 2004 proceedings(2004), 64.

[79]

Sha Zhao, Julian Ramos, Jianrong Tao, Ziwen Jiang, Shijian Li, Zhaohui Wu, Gang Pan, and Anind K Dey. 2016. Discovering different kinds of smartphone users through their application usage behaviors. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing. 498–509.

Digital Library

[80]

Bu Zhong. 2013. From smartphones to iPad: Power users’ disposition toward mobile media devices. Computers in human behavior 29, 4 (2013), 1742–1748.

Cited By

Lenhart APark SZimmer MVitak J(2023)"You Shouldn't Need to Share Your Data": Perceived Privacy Risks and Mitigation Strategies Among Privacy-Conscious Smart Home Power UsersProceedings of the ACM on Human-Computer Interaction10.1145/36100387:CSCW2(1-34)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610038

Recommendations

Factors affecting consumer stickiness to continue using mobile applications

According to a recent survey, more than half of all such apps are rarely been downloaded. This study thus examines consumer stickiness to continue to use mobile apps, using the post-acceptance model of information system continuance and technology ...
Exploring privacy paradox in information-sensitive mobile app adoption

This paper proposes and tests a conceptual model of private-information sensitive mobile app adoption utilizing privacy calculus approach. It also explores the role of personality in affecting perceived benefits of using mobile apps and compares the ...
Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

October 2021

241 pages

ISBN:9781450384230

DOI:10.1145/3481357

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 December 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

NSF (National Science Foundation)

Conference

EuroUSEC '21

EuroUSEC '21: European Symposium on Usable Security 2021

October 11 - 12, 2021

Karlsruhe, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
426
Total Downloads

Downloads (Last 12 months)158
Downloads (Last 6 weeks)15

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lenhart APark SZimmer MVitak J(2023)"You Shouldn't Need to Share Your Data": Perceived Privacy Risks and Mitigation Strategies Among Privacy-Conscious Smart Home Power UsersProceedings of the ACM on Human-Computer Interaction10.1145/36100387:CSCW2(1-34)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610038

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents