Daniel Votipka and Seth M. Rabin, University of Maryland; Kristopher Micinski, Haverford College; Thomas Gilray, Michelle L. Mazurek, and Jeffrey S. Foster, University of Maryland
Android apps ask users to allow or deny access to sensitive resources the first time the app needs them. Prior work has shown that users decide whether to grant these requests based on the context. In this work, we investigate user comfort level with resource accesses that happen in a background context, meaning they occur when there is no visual indication of a resource use. For example, accessing the device location after a related button click would be considered an interactive access, and accessing location whenever it changes would be considered a background access. We conducted a 2,198-participant fractional-factorial vignette study, showing each participant a resource-access scenario in one of two mock apps, varying what event triggers the access (when) and how the collected data is used (why). Our results show that both when and why a resource is accessed are important to users' comfort. In particular, we identify multiple meaningfully different classes of accesses for each these factors, showing that not all background accesses are regarded equally. Based on these results, we make recommendations for how designers of mobile-privacy systems can take these nuanced distinctions into account.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Daniel Votipka and Seth M. Rabin and Kristopher Micinski and Thomas Gilray and Michelle L. Mazurek and Jeffrey S. Foster},
title = {User Comfort with Android Background Resource Accesses in Different Contexts},
booktitle = {Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)},
year = {2018},
isbn = {978-1-939133-10-6},
address = {Baltimore, MD},
pages = {235--250},
url = {https://www.usenix.org/conference/soups2018/presentation/votipka},
publisher = {USENIX Association},
month = aug
}