A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions

Authors: 

Weicheng Cao and Chunqiu Xia, University of Toronto; Sai Teja Peddinti, Google; David Lie, University of Toronto; Nina Taft, Google; Lisa M. Austin, University of Toronto

Abstract: 

We conduct a global study on the behaviors, expectations and engagement of 1,719 participants across 10 countries and regions towards Android application permissions. Participants were recruited using mobile advertising and used an application we designed for 30 days. Our app samples user behaviors (decisions made), rationales (via in-situ surveys), expectations, and attitudes, as well as some app provided explanations. We study the grant and deny decisions our users make, and build mixed effect logistic regression models to illustrate the many factors that influence this decision making. Among several interesting findings, we observed that users facing an unexpected permission request are more than twice as likely to deny it compared to a user who expects it, and that permission requests accompanied by an explanation have a deny rate that is roughly half the deny rate of app permission requests without explanations. These findings remain true even when controlling for other factors. To the best of our knowledge, this may be the first study of actual privacy behavior (not stated behavior) for Android apps, with users using their own devices, across multiple continents.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {274679,
author = {Weicheng Cao and Chunqiu Xia and Sai Teja Peddinti and David Lie and Nina Taft and Lisa M. Austin},
title = {A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions},
booktitle = {30th {USENIX} Security Symposium ({USENIX} Security 21)},
year = {2021},
isbn = {978-1-939133-24-3},
pages = {803--820},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/cao-weicheng},
publisher = {{USENIX} Association},
month = aug,
}

Presentation Video