To Permit or Not to Permit, That is the Usability Question: Crowdsourcing Mobile Apps’ Privacy Permission Settings

Authors: Qatrunnada Ismail (Indiana University Bloomington, King Saud University, Riyadh, Saudi Arabia), Tousif Ahmed (Indiana University Bloomington), Kelly Caine (Clemson University), Apu Kapadia (Indiana University Bloomington), Michael Reiter (University of North Carolina at Chapel Hill)

Volume: 2017
Issue: 4
Pages: 119–137
DOI: https://doi.org/10.1515/popets-2017-0041

Download PDF

Abstract: Millions of apps available to smartphone owners re- quest various permissions to resources on the devices including sensitive data such as location and contact information. Disabling permissions for sensitive resources could improve privacy but can also impact the usability of apps in ways users may not be able to predict. We study an efficient approach that ascertains the impact of disabling permissions on the usability of apps through large-scale, crowdsourced user testing with the ultimate goal of making recommendations to users about which permissions can be disabled for improved privacy without sacrificing usability. We replicate and significantly extend previous analysis that showed the promise of a crowdsourcing approach where crowd workers test and report back on various configurations of an app. Through a large, between-subjects user experiment, our work provides insight into the impact of removing permissions within and across different apps (our participants tested three apps: Facebook Messenger (N=218), Instagram (N=227), and Twitter (N=110)). We study the impact of removing various permissions within and across apps, and we discover that it is possible to increase user privacy by disabling app permissions while also maintaining app usability.

Keywords: privacy, crowdsourcing, mobile apps, permissions

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.