The services offered by mobile apps are useful but these apps can also be privacy invasive, meaning that they compile and share more information than is needed for the task the app performs. For example, researchers at University of California Berkeley analyzed 940 apps and found that one third of them requested permissions for resources that were far beyond what was required for the functionality of the app. Such over-permissioning creates risk to both user security and privacy. These risks exist even in apps for the most vulnerable users, such as those that are designed for children. Currently, Android and iOS privacy ecosystems are grounded in permissions which control access to sensitive resources. These systems explicitly ask users for authorization to allow apps to access sensitive information. Therefore, in is important that permission requests effectively communicate privacy risk to the user so that they can make informed decisions.
As permissions manifests play a critical role in informing participants about the privacy risks associated with the apps, we conducted a study to evaluate their effectiveness. The results from our study indicated that majority of the participants were unaware of the implications of the permissions presented to them. Presenting them with additional textual warnings did not help either. Participants just ignored the permissions manifests and primarily made app choices based on the perceived popularity of the apps. These finding signified the need for cognitively simple indicators for privacy risk associated with the app in the PlayStore. So, we designed a series of visual indicators to communicate aggregate privacy risk associated with the app and evaluated their impact on app choices. We found that when participants were presented with positively framed risk indicators using the padlock icon, they consistently made risk-averse app choices. A follow up study compared the distribution of apps installed using the actual PlayStore with that of participants using a version of the PlayStore that had visual indicators privacy. The distributions were different and participants with visual indicators for privacy made more privacy preserving app choices. We also introduced sound notifications and evaluated their ability to prime users for privacy when selecting apps. The results from this experiment showed that participant with both visual indicators for privacy risk and priming though sound notifications made more privacy preserving choices.