This paper investigates how the use of privacy indicators in app stores can influence user behavior, and if the added information can improve consumer transparency. After a pre-study on the design and symbology, a visual privacy indicator was implemented and evaluated in an app market prototype. A total of 82 participants were asked to select a number of task-specific apps. By varying the degrees of participatory background information, we show that impact of a privacy indicator on app selection behavior has statistical significance and such privacy preserving behavior can be invoked by mere presence of the indicator.

Beim Herunterladen von Smartphone-Applikationen wird bei den meist genutzten Plattformen kaum über den Datenaustausch und den Datenschutz informiert. Diese Studie zeigt den Einfluss einer im App-Markt implementierten Datenschutzskala auf das Nutzerverhalten. Die hinzugefügten App-spezifischen Informationen zum Datenaustausch und Datenzugriff führten zu einer sachkundigeren Applikationsauswahl bezüglich des Datenschutzes. Insgesamt 82 Teilnehmende wurden gebeten, vorgegebene Aufgaben an einem Smartphone zu erfüllen. Das Auswahlverhalten im einem prototypisierten App-Markt wurde aufgezeichnet und mit Hilfe eines Interviews von den Teilnehmenden reflektiert. Vier Stichproben wurden jeweils verschiedene Bedingungen dargeboten, um den Einfluss auf das Auswahlverhalten näher zu erfassen.

This paper presents an empirical study on user behavior, decision making, and perception about privacy concern while selecting apps. An app store demo was presented to the user with a minor modification---a privacy indicator for each app. After carrying out several tasks using this modified mobile interface, participants were interviewed to document reasons behind their decisions, thought process, and perception regarding individual privacy. A total of 82 adults volunteered under the pretext of a usability study. A significant influence of the privacy indicator on their app selection behavior was observed, although this influence decreased in case of familiar apps. Furthermore, responses from questionnaires, data from eye-tracking device and documented interviews, with video confrontation showed coherence with respect to the corresponding app selection behavior.

This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.

Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.

As this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.

Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.

This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.

Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. Poor means to observe and to assess the consequences of data disclosure causes hindrance for the user to be aware of and to take preventive measures.

Mobile operating systems use permission-based access control mechanism to guard system resources and sensors. Depending on the type, apps require explicit consent from the user in order to avail access to those permissions. Nonetheless, it does not put any constraint on access frequency. Granted privileges allow apps to access to users' personal information for indefinite period of time until being revoked explicitly. Available control tools lack monitoring facility which undermines the performance of access control model. It has the ability to create privacy risks and nontransparent handling of personal information for the data subject.

This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the risks with experiment results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.

Since Android apps receive white-card access through permissions, users struggle to understand the actual magnitude of app access to their personal data. Due to unavailability of statistical or other tools that would provide an overview of data access or privilege use, users can hardly assess privacy risks or identify app misbehavior. This is a problem for data subjects. The presented PhD research project aims at creating a transparency-enhancing technology that helps users to assess the magnitude of data access of installed apps by monitoring the Android permission access control system. This article will present how apps exercise their permissions, based on a pilot study with an app monitoring tool. It then presents a prototypical implementation of a networked laboratory for crowd-sourcing app behavior data. Finally, the article presents and discusses a model that will use the collected data to calculate and visualize risk signals based on individual risk preferences and measured app data access efforts.

As we spend a considerable amount of time on various user interfaces, it often requires to provide consent for grating privileges. This article addresses the opportunity for providing conditional consent which could potentially aid the user in understanding consequences, making informed decisions, and gaining trust in data sharing. We introduce an indecisive state of mind before consenting to policies, that will enable consumers to evaluate data services before fully committing to their data sharing policies. We discuss usability, regulatory, social, individual and economic aspects for inclusion of partial commitment within the context of an user interface for consent management. Then, we look into the possibilities to integrate it within the permission granting mechanism of Android by introducing an additional button in the interface—Maybe. This article also presents a design for such implementation, demonstrates feasibility by showcasing a prototype built on Android platform, and elaborates on a planned user study to determine feasibility, usability, and user expectation.

Nowadays users face difficulty to assess excessive data harvesting nature of applications. In order to addres this problem, our idea is to introduce an app market with privacy indicators to the users and observe their selection behavior. Additionally this project aims at sensitizing the user to an adequate selection of apps based on privacy invasive/preserving nature. We hypothesize that ex-ante privacy indicator can nudge the user towards informed decision making.

The consent to personal data sharing is an integral part of modern access control models on smart devices. This paper examines the possibility of registering conditional consent which could potentially increase trust in data sharing. We introduce an indecisive state of consenting to policies that will enable consumers to evaluate data services before fully committing to their data sharing policies. We address technical, regulatory, social, individual and economic perspectives for inclusion of partial consent within an access control mechanism. Then, we look into the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface---\emph{Maybe}. This article also presents a design for such implementation and demonstrates feasibility by showcasing a prototype built on Android platform. Our effort is exploratory and aims to shed light on the probable research direction.

Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.

This article presents an overview over a study of how Android smartphone apps user the permission-based access control system in order to extract personal data from smart phones. The study profiled app behavior in a longitudinal study. The data was analyzed and projected into different models with the aim to assess potential privacy risk from apps based on their run-time behavior. This article summarizes our findings and insights. 

In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.

In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.

Empirical studies show that the flow of personal information through mobile apps made devices vulnerable in terms of privacy. Cumbersome and inconvenient representation of privacy notice encourages the user to ignore it and disclose sensitive private information unintentionally. Hence, summarized permissions are presented on mobile devices and users tend to overlook them as well. Rigid structure for using a service and inherited behavior from desktop applications to accept everything are the reasons behind compelling the user to proceed without paying any attention. Complex permission based structure is also a major impediment for consumers that makes it difficult to perceive appropriate consequences of their decisions. We argue that as privacy strongly depends on individual perception, the key to educate and empower users is to providing them with transparency of what is happening on their smartphones. In consequence we suggest a convenient, transparent and proactive approach to help in understanding and deciding upon privacy implications of apps. We propose a scale that has scalability within itself. We implement this method within a tool, named Aware, that presents the summary of what applications are installed on a smartphone, which resources they access, and what are the reasons for that. Moreover, the tool is capable of nudging the user when certain sensitive data is accessed.

Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms. 

This paper presents results from a privacy analysis of COVID-19 contact tracing apps developed within the EU. Though these apps have been termed advantageous, concerns regarding privacy have become an issue that has led to their slow adoption. In this empirical study, we perform both static and dynamic analysis to judge apps’ privacy-preserving behavior together with the analysis of the privacy and data protection goals to deduce their transparency and intervenability. From the results, we discover that while the apps aim to be privacy-preserving, not all adhere to this as we observe one tracks users’ location, while the other violates the principle of least privilege, data minimisation and transparency, which puts the users’ at risk by invading their privacy.