A Field Study of Run-Time Location Access Disclosures on Android Smartphones

[Nytro]

A Field Study of Run-Time Location Access

Disclosures on Android Smartphones

Huiqing Fu, Yulong Yang, Nileema Shingte, Janne Lindqvist, Marco Gruteser

Rutgers University

Please contact janne@winlab.rutgers.edu for any inquiries

Abstract—Smartphone users are increasingly using apps that

can access their location. Often these accesses can be without

users knowledge and consent. For example, recent research has

shown that installation-time capability disclosures are ineffective

in informing people about their apps’ location access. In this

paper, we present a four-week field study (N=22) on run-time

location access disclosures. Towards this end, we implemented

a novel method to disclose location accesses by location-enabled

apps on participants’ smartphones. In particular, the method did

not need any changes to participants’ phones beyond installing

our study app. We randomly divided our participants to two

groups: a Disclosure group (N=13), who received our disclosures

and a No Disclosure group (N=9) who received no disclosures

from us. Our results confirm that the Android platform’s location

access disclosure method does not inform participants effectively.

Almost all participants pointed out that their location was

accessed by several apps they would have not expected to access

their location. Further, several apps accessed their location more

frequently than they expected. We conclude that our participants

appreciated the transparency brought by our run-time disclosures

and that because of the disclosures most of them had taken actions

to manage their apps’ location access.

Download:

http://www.winlab.rutgers.edu/~janne/USECfieldstudy.pdf