An app on your phone is asking for permission to access your location. Do you hesitate? If so, you’re not alone.
A new study, conducted in four languages and across five continents, attempts to understand why users choose to grant or deny permission to the many resources — like contacts, calendar, microphone and others — that apps request access to. Both the iPhone and Android operating systems give users control over data access on an app’s installation and also during the app’s operation with a process known as a ‘runtime permission request.’
Professor David Lie (ECE) — who led the study’s multidisciplinary team, which includes ECE cross-appointed Professor Lisa Austin (Faculty of Law) — says that when the team initially set out to determine which factors influence behaviour, they had no idea that user expectations would be so significant.
“An unexpected request is more than twice as likely to be denied. Also, if there is some explanation for it — if the app conveys to the user why it needs access to something — then we see the denial rate cut in half.”
Lie adds, “App developers and smartphone OS designers should give serious consideration to how they communicate and set expectations with their users, which is more important than previously thought.”
To gather data for the study, the team developed an Android app, named PrivaDroid, that runs in the background of each participant’s phone for 30 days. After each new app installation or runtime permission request, PrivaDroid asks participants whether they expected the request and their rationale behind either granting or denying it.
Using online advertising, they recruited over 1,700 participants from a variety of countries with contrasting privacy legislation and levels of economic development. Over several months ending in the spring of 2020, PrivaDroid observed more than 36,000 permission events. The team’s findings will be published in a paper to be presented at Usenix Security’s Symposium in August 2021.
“Previous studies were constrained to more artificial environments, where participants come into a lab or are set up with phone that’s not their own device,” says Lie. “This was first time someone has been able to do a global smartphone study ‘in the wild.’”
Past research has shown that factors such as age, gender, country of residence and level of education can influence privacy behaviour.
“Our study confirms this,” says Lie. “For example, women are more cautious about granting permissions than men, and young people grant permissions more often than older ones — but not as much as you might think.”
“This gap between stated behaviour and actual behaviour is known as the ‘privacy paradox,’” says Lie. “This gap would make sense with behaviour one wouldn’t be proud of, but it’s hard to see how that applies with privacy. It’s a puzzle.”
Are these people paying lip service to privacy concerns and then prioritizing their own convenience in the moment? The study reveals that this apparent contradictory behaviour is more nuanced.
“The privacy-sensitive group who granted a lot of permissions said they expected them,” says Lie. “It’s possible they have a better understanding of how and why applications use permissions — that they’re avoiding the ‘creepy’ apps and installing the more transparent ones.”
“So many complex technical and geopolitical issues converge around privacy,” says ECE Chair Professor Deepa Kundur. “They truly demand a multidisciplinary approach and a long runway. This smartphone privacy study may be a first in its size, scope and complexity, but hopefully it’s the first of many.”
Though prudence might suggest people deny permissions, “that belies how they actually use their phones,” says Lie. “If you really didn’t want what the app provided, or you thought the developer was malicious, you’d just uninstall the app. Smartphone users are telling us that clearly communicating expectations builds trust, and trust plays an important role in granting permissions.”