Encouraging privacy-aware smartphone app installation : finding out what the technically-adept do

Kulyk, Oksana and Gerber, Paul and El Hanafi, Michael and Reinheimer, Benjamin and Renaud, Karen and Volkamer, Melanie; (2016) Encouraging privacy-aware smartphone app installation : finding out what the technically-adept do. In: Proceedings of the 2016 Workshop on Usable Security (USEC). The Internet Society, USA. ISBN 1891562428

[thumbnail of Kulyk-etal-USEC-2016-Encouraging-privacy-aware-smartphone-app-installation]
Preview
Text. Filename: Kulyk_etal_USEC_2016_Encouraging_privacy_aware_smartphone_app_installation.pdf
Final Published Version
License: Creative Commons Attribution-NonCommercial 4.0 logo

Download (769kB)| Preview

Abstract

Smartphone apps can harvest very personal details from the phone with ease. This is a particular privacy concern. Unthinking installation of untrustworthy apps constitutes risky behaviour. This could be due to poor awareness or a lack of know- how: knowledge of how to go about protecting privacy. It seems that Smartphone owners proceed with installation, ignoring any misgivings they might have, and thereby irretrievably sacrifice their privacy. In this paper, we focus on the lack of know-how. Our primary aim was to design a set of guidelines to help Smartphone owners to judge whether apps are likely to respect their privacy or not. To produce these we investigated the stances of those who do, to some extent, have the requisite awareness and knowledge, namely those with experience in IT security or computer science in general. Such technically-adept people can reasonably be expected to apply pattern-like heuristics when making installation decisions. We carried out a study to identify and describe their heuristics. We then distilled their app-related decision processes into a set of easily accessible guidelines and we conclude the paper by providing these.