Privacy in e-commerce: examining user scenarios and privacy preferences
Proceedings of the 1st ACM conference on Electronic commerce
Promoting universal usability with multi-layer interface design
CUU '03 Proceedings of the 2003 conference on Universal usability
Privacy in electronic commerce and the economics of immediate gratification
EC '04 Proceedings of the 5th ACM conference on Electronic commerce
Location disclosure to social relations: why, when, & what people want to share
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Privacy practices of Internet users: self-reports versus observed behavior
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Development of measures of online privacy concern and protection for use on the Internet
Journal of the American Society for Information Science and Technology
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Understanding and capturing people's privacy policies in a mobile social networking application
Personal and Ubiquitous Computing
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Apex: extending Android permission model and enforcement with user-defined runtime constraints
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Multi-Layered Interfaces to Improve Older Adults’ Initial Learnability of Mobile Applications
ACM Transactions on Accessible Computing (TACCESS)
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
When are users comfortable sharing locations with advertisers?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 18th ACM conference on Computer and communications security
Privacy: is there an app for that?
Proceedings of the Seventh Symposium on Usable Privacy and Security
User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
ProfileDroid: multi-layer profiling of android applications
Proceedings of the 18th annual international conference on Mobile computing and networking
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Short paper: enhancing users' comprehension of android permissions
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: enhancing mobile application permissions with runtime feedback and constraints
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
Permission evolution in the Android ecosystem
Proceedings of the 28th Annual Computer Security Applications Conference
Proceedings of the third ACM conference on Data and application security and privacy
An online experiment of privacy authorization dialogues for social applications
Proceedings of the 2013 conference on Computer supported cooperative work
A multi-dimensional measure for intrusion: the intrusiveness quality attribute
Proceedings of the 9th international ACM Sigsoft conference on Quality of software architectures
Privacy as part of the app decision-making process
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Fine-grained disclosure control for app ecosystems
Proceedings of the 2013 ACM SIGMOD International Conference on Management of Data
Android and iOS users' differences concerning security and privacy
CHI '13 Extended Abstracts on Human Factors in Computing Systems
πBox: a platform for privacy-preserving apps
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Real-time detection and prevention of android SMS permission abuses
Proceedings of the first international workshop on Security in embedded systems and smartphones
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
Proceedings of the 22nd international conference on World Wide Web
Proceedings of the 22nd international conference on World Wide Web
Operating system support for augmented reality applications
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Proceedings of the 4th Asia-Pacific Workshop on Systems
Proceedings of the Ninth Symposium on Usable Privacy and Security
"Little brothers watching you": raising awareness of data leaks on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Rethinking SSL development in an appified world
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AndroTotal: a flexible, scalable toolbox and service for testing mobile malware detectors
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Sleeping android: the danger of dormant permissions
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
An empirical study of three access control systems
Proceedings of the 6th International Conference on Security of Information and Networks
Quantitative security risk assessment of android permissions and applications
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
The permission-based malicious behaviors monitoring model for the android OS
ICCSA'13 Proceedings of the 13th international conference on Computational Science and Its Applications - Volume 1
Securing embedded user interfaces: Android and beyond
SEC'13 Proceedings of the 22nd USENIX conference on Security
Automatic mediation of privacy-sensitive resource access in smartphone applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
Enabling fine-grained permissions for augmented reality applications with recognizers
SEC'13 Proceedings of the 22nd USENIX conference on Security
WHYPER: towards automating risk assessment of mobile applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Transforming high-level requirements to executable policies for Android
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
Reconciling mobile app privacy and usability on smartphones: could user privacy profiles help?
Proceedings of the 23rd international conference on World wide web
ipShield: a framework for enforcing context-aware privacy
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Android's permission system is intended to inform users about the risks of installing applications. When a user installs an application, he or she has the opportunity to review the application's permission requests and cancel the installation if the permissions are excessive or objectionable. We examine whether the Android permission system is effective at warning users. In particular, we evaluate whether Android users pay attention to, understand, and act on permission information during installation. We performed two usability studies: an Internet survey of 308 Android users, and a laboratory study wherein we interviewed and observed 25 Android users. Study participants displayed low attention and comprehension rates: both the Internet survey and laboratory study found that 17% of participants paid attention to permissions during installation, and only 3% of Internet survey respondents could correctly answer all three permission comprehension questions. This indicates that current Android permission warnings do not help most users make correct security decisions. However, a notable minority of users demonstrated both awareness of permission warnings and reasonable rates of comprehension. We present recommendations for improving user attention and comprehension, as well as identify open challenges.