CISPA
Browse
- No file added yet -

Explanation Beats Context: The Effect of Timing and Rationales on Users' Runtime Permission Decisions

Download (3.95 MB)
conference contribution
posted on 2023-11-29, 18:17 authored by Yusra ElbitarYusra Elbitar, michael.schilling, Trung Tin Nguyen, Michael BackesMichael Backes, Sven BugielSven Bugiel
Current mobile platforms leave it up to the app developer to decide when to request permissions (timing) and whether to provide explanations why and how users' private data are accessed (rationales). Given these liberties, it is important to understand how developers should use timing and rationales to effectively assist users in their permission decisions. While guidelines and recommendations for developers exist, no study has systematically investigated the actual influence of timing, rationales, and their combinations on users' decision-making process. In this work, we conducted a comparative online study with 473 participants who were asked to interact with mockup apps drawn from a pool of 120 variations of 30 apps. The study design was guided by developers' current permission request practices derived from a dynamic analysis of the top apps on Google Play. Our results show that there is a clear interplay between timing and rationales on users' permission decisions and the evaluation of their decisions, making the effect of rationales stronger when shown upfront and limiting the effect of timing when rationales are present. We therefore suggest adaptation to the available guidelines. We also find that permission decisions depend on the individuality of users, indicating that there is no one-fits-all permission request strategy, upon we suggest better individual support and outline one possible solution.

History

Preferred Citation

Yusra Elbitar, Michael Schilling, Trung Nguyen, Michael Backes and Sven Bugiel. Explanation Beats Context: The Effect of Timing and Rationales on Users' Runtime Permission Decisions. In: Usenix Security Symposium (USENIX-Security). 2021.

Primary Research Area

  • Empirical and Behavioral Security

Secondary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2021-11-17

Open Access Type

  • Gold

BibTeX

@inproceedings{cispa_all_3498, title = "Explanation Beats Context: The Effect of Timing and Rationales on Users' Runtime Permission Decisions", author = "Elbitar, Yusra and Schilling, Michael and Nguyen, Trung Tin and Backes, Michael and Bugiel, Sven", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC