Gokhan Bal, Kai Rannenberg, and Jason Hong

International Information Security and Privacy Conference (SEC)

June 2014

Modern smartphone platforms are highly privacy-affecting but not effective in properly communicating their privacy impacts to its users. Particularly, actual data-access behavior of apps is not considered in current privacy risk communication approaches. We argue that factors such as frequency of access to sensitive information is significantly affecting the privacy-invasiveness of applications. We introduce Styx, a novel privacy risk communication system that provides the user with more meaningful privacy information based on the actual behavior of apps. In a proof-of-concept study we evaluate the effectiveness of Styx.Our results show that more meaningful privacy warnings can increase user trust into smartphone platforms and also reduce privacy concerns.

privacy, risk, security, smartphone, smartphone privacy, usable privacy and security, user interface