Request For Research Presentations For the PrivacyCon Conference #4

Submission Number:
Kristopher Micinski
Initiative Name:
Request For Research Presentations For the PrivacyCon Conference
Title: User Interactions and Permission Use on Android Requesting Researchers: Kristopher Micinski [REDACTED] Daniel Votipka [REDACTED] Abstract: Android and other mobile operating systems ask users for authorization before allowing apps to access sensitive resources such as contacts and location. We hypothesize that such authorization systems could be improved by becoming more integrated with the app's user interface. In this paper, we conduct two studies to test our hypothesis. First, we use AppTracer, a dynamic analysis tool we developed, to measure to what extent user interactions and sensitive resource use are related in existing apps. Second, we conduct an online survey to examine how different interactions with the UI affect users' expectations about whether an app accesses sensitive resources. Our results suggest that user interactions such as button clicks can be interpreted as authorization, reducing the need for separate requests; but that accesses not directly tied to user interactions should be separately authorized, possibly when apps are first launched. Prior Publication: This research was previously presented at ACM CHI 2017.