PrivacyPeople act to protect privacy – after learning how often apps share personal information

Published 25 March 2015

Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. A new study shows that when people learn exactly how many times these apps share that information, they rapidly act to limit further sharing. In an experiment, researchers found that one of the more effective alert messages which g grabbed the attention of phone users and caused them to act to protect their privacy, was: “Your location has been shared 5,398 times.”

Many smartphone users know that free apps sometimes share private information with third parties, but few, if any, are aware of how frequently this occurs. An experiment at Carnegie Mellon University shows that when people learn exactly how many times these apps share that information they rapidly act to limit further sharing.

In one phase of a study that evaluated the benefits of app permission managers — software that gives people control over what sensitive information their apps can access – twenty-three smartphone users received a daily message, or “privacy nudge,” telling them how many times information such as location, contact lists or phone call logs had been shared.

A CMU release reports that some nudges were alarming. One notable example: “Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”

In interviews, the research subjects repeatedly said the frequency of access to their personal information caught them by surprise.

“4,182 (times) — are you kidding me?” one participant asked. “It felt like I’m being followed by my own phone. It was scary. That number is too high.”

Another participant’s response: “The number (356 times) was huge, unexpected.”

“The vast majority of people have no clue about what’s going on,” said Norman Sadeh, a professor in the School of Computer Science’s Institute for Software Research. Most smartphone users, in fact, have no way of obtaining this data about app behavior. The study shows, however, that when they do, they tend to act rapidly to change their privacy settings.

The study examined the efficacy of both app permission managers and privacy nudges in helping people understand and manage privacy settings. Hazim Almuhimedi, a Ph.D. student in the Institute for Software Research, will present the findings of his research with Sadeh and other CMU privacy researchers at CHI 2015, the Conference on Human Factors in Computing Systems, 18-23 April in Seoul, South Korea.

An app permission manager allows smartphone users to decide which apps have access to personal information and sensitive functionality. The study used a permission manager for Android 4.3 called AppOps.