TurtleGuard: Helping Android Users Apply Contextual Privacy Preferences

Lynn Tsai, Primal Wijesekera, Joel Reardon, Irwin Reyes, Jung-Wei Chen, Nathan Good, Serge Egelman and David Wagner

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2017-44
May 10, 2017

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-44.pdf

Current mobile platforms provide privacy management interfaces to regulate how applications access sensitive data. Prior research has shown how these interfaces are insufficient from a usability standpoint: they do not allow users to make contextual decisions (i.e., different decisions for a given application based on what the user was actually doing with that application). Prior work has demonstrated that classifiers can be built to automatically make privacy decisions that are more in line with users' preferences. However, if certain privacy decisions are automatically made---without immediate user consent---feedback mechanisms are needed to allow users to both audit those decisions and correct errors. In this paper, we describe our user-centered approach to designing such an interface. In addition to implementing this interface in Android, we created an interactive HTML5 simulation that we used to perform two large-scale user studies. Our final 580-person validation study showed that as compared to the default Android settings interface, users of our new interface were significantly more likely to understand and control the circumstances under which applications could access sensitive data.

Advisor: David Wagner


BibTeX citation:

@mastersthesis{Tsai:EECS-2017-44,
    Author = {Tsai, Lynn and Wijesekera, Primal and Reardon, Joel and Reyes, Irwin and Chen, Jung-Wei and Good, Nathan and Egelman, Serge and Wagner, David},
    Title = {TurtleGuard: Helping Android Users Apply Contextual Privacy Preferences},
    School = {EECS Department, University of California, Berkeley},
    Year = {2017},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-44.html},
    Number = {UCB/EECS-2017-44},
    Abstract = {Current mobile platforms provide privacy management interfaces to regulate how applications access sensitive data. Prior research has shown how these interfaces are insufficient from a usability standpoint: they do not allow users to make contextual decisions (i.e., different decisions for a given application based on what the user was actually doing with that application). Prior work has demonstrated that classifiers can be built to automatically make privacy decisions that are more in line with users' preferences. However, if certain privacy decisions are automatically made---without immediate user consent---feedback mechanisms are needed to allow users to both audit those decisions and correct errors. In this paper, we describe our user-centered approach to designing such an interface. In addition to implementing this interface in Android, we created an interactive HTML5 simulation that we used to perform two large-scale user studies. Our final 580-person validation study showed that as compared to the default Android settings interface, users of our new interface were significantly more likely to understand and control the circumstances under which applications could access sensitive data.}
}

EndNote citation:

%0 Thesis
%A Tsai, Lynn
%A Wijesekera, Primal
%A Reardon, Joel
%A Reyes, Irwin
%A Chen, Jung-Wei
%A Good, Nathan
%A Egelman, Serge
%A Wagner, David
%T TurtleGuard: Helping Android Users Apply Contextual Privacy Preferences
%I EECS Department, University of California, Berkeley
%D 2017
%8 May 10
%@ UCB/EECS-2017-44
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2017/EECS-2017-44.html
%F Tsai:EECS-2017-44