When people install an Android app on their smartphone, they are required to accept all permissions requested by the app in order to proceed with installation. That is, the consent mechanism of the app market limits the user to a binary decision: either take it, or leave it. However, there is often little to no information about the purpose for accessing this information, with apps often requesting permissions that have little to do with the app and are used only for advertising purposes. For instance, an app might not need location data but might still require access in order to run (a common example is Angry birds by Rovio). In previous research it was found that only 7% of apps presented a privacy policy within the app’s page. These policies are often long, full of legal terminology, and are hard to read on a small screen. Furthermore, people are often unaware that apps may collect their personal data due to the fact that the permission mechanisms are often difficult to understand and that part of this collection happens silently in the background. When users are made aware of this collection, they feel much less willing to share those data which they perceive be extremely sensitive. Some express shock and a desire to remove the app or experience a sense of “creepiness” that results in a loss of trust. The perceived sensitivity of data is often personal and can also vary within the individual’s context. For example, a user might be willing to share when he or she is at a certain location or while engaging in a certain activity (e.g. relaxing), but not when performing another (e.g. working). It is impossible to consent to the collection of data for every foreseeable purpose, given the incomplete, missing or difficult to understand information users receive when making the decision about whether to install an app. Another critical problem is posed by timing: a person is asked at t he time of purchase to make potentially complex decisions about whether to allow access. This may be too cognitively complex in the context of undertaking a broader task, or in environments that place other demands on the person’s attention.

Tim Baarslag, Ilaria Liccardi, Enrico Gerding, Richard Gomer, m.c. schraefel

PDF download

Negotiating Mobile App Permissions, International Data Protection and Privacy Commissioners Conference (APC 2015), pp.259-261.