A recent study conducted by Carnegie Mellon and Notre Dame University researchers is calling attention to several interesting things.
For one, mobile apps collect too much data – especially location data – too often. Secondly, users get better at protecting their privacy if they are offered adequate tools to do so and are “nudged” every so often to review their privacy choices.
23 not overly technical and privacy conscious Android users participated in the study.
For the first week, data about their installed apps and their data access behavior was collected. In the second week, the participants were provided with the AppOps permission manager app and instructed on what it does and how to use it. AppOps is an app which allows you to selectively grant/deny apps access to your personal information on your phone.
“This notification acted as a weak privacy nudge, comparable to seeing a media article or an ad about AppOps,” the researchers explained.
In the third week, participants received one privacy nudge per day, sent at a random time.
“Nudges are ‘soft-paternalistic’ behavioral interventions that do not restrict choice, but attempt to account for bounded rationality in decision making. Within privacy and security contexts, nudges may ameliorate some of the inconsistency in user decision making, such as the dissonance between users stated privacy concerns and actual observed behavior,” they noted, adding that they provided nudges for four information types: location, phone contacts, calendar, or call logs.
Here’s an example: “Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”
These nudges shocked many of the participants, making them go back to their privacy settings, review app permissions and block additional ones.
“App permission managers are better than nothing, but by themselves they aren’t sufficient,” Norman Sadeh, a Carnegie Mellon professor and one of the researchers, said. “Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings. The fact that users respond to privacy nudges indicate that they really care about privacy, but were just unaware of how much information was being collected about them.”
Still, privacy nudges are not the “silver bullet” for this problem. With the ever increasing number of apps in use, users – even the most diligent ones – can get overwhelmed.
According to Sadeh, the ultimate solution could be a personalized privacy assistant app which would “learn” users’ privacy preferences, then occasionally engage with them to help semi-automatically configure privacy settings.