Apr 7: "Investigating privacy issues related to mobile devices. Are current transparency mechanisms working?"

Technology in Government (TIG)  and Topics in Privacy (TIP)

4/7/2014 refreshments served at 2:30p, discussion 3 to 4pm in room K354, at 1737 Cambridge Street, Cambridge, MA 02138.  

Title: Investigating privacy issues related to mobile devices. Are current transparency mechanisms working?

Discussant: Ilaria Liccardi, MIT

Many smartphone apps collect personal information used for a variety of purposes - such as advertising for revenue, with personal information used to provide relevant targeting and discover market trends. Our personal information, habits, likes and dislikes can be all deduced from our mobile devices. Recent news reports have documented how the NSA has used leaky apps to spy on users' profiles. Safeguarding mobile privacy is therefore of great concern. In order to understand the dynamics of information collection in mobile apps and to demonstrate the value of transparent access to the details of  their access permissions, we gathered information about a large percentage of apps on Google Play, and analyzed the permissions requested by each app. We developed a quantitative measure of the risk posed by apps by devising a sensitivity score to represent the number of occurrences of permissions that read personal information about users where network communication is possible. We found that 46% of apps in our collected dataset have varying level of access to users' personal data and only 6.6.% have declared a "privacy policy" within the app page.

Users are often unaware of this kind of access even though they grant the required permissions upon app installation. We identify three possible reasons why users have problems choosing applications less likely to disclose their personal information. We have developed a new interface for presenting permissions that grants access to personal data when selecting an app. Using the sensitivity score, a quantitative measure of an app's ability to disclose personal information, our interface highlights relevant permissions and focuses users on the permissions that matter. We validated the effectiveness of this approach with a study of 125 Android smartphone users and found that our improved permission interface led to participants choosing apps with less access to their personal data. 

Ilaria Liccardi is a Marie Curie Postdoctoral Fellow working in the Decentralized Information Group at the Computer Science and Artificial Intelligence Lab (MIT) with Prof. Hal Abelson, Daniel J. Weitzner and Joseph Pato. She investigates how users understand and perceive transparency mechanisms in mobile and/or web applications. She creates and devises tools and techniques to help users be better aware of possible dangers associated with access to and sharing of their personal information. She believes that helping users make clear and informed choices will help them to value their privacy and choose apps or sites less likely to access and/or share their personal information.