nach oben

Erschienen in:

2013 | OriginalPaper | Buchkapitel

10. Choice Architecture and Smartphone Privacy: There’s a Price for That

verfasst von : Serge Egelman, Adrienne Porter Felt, David Wagner

Erschienen in: The Economics of Information Security and Privacy

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Under certain circumstances, consumers are willing to pay a premium for privacy. We explore how choice architecture affects smartphone users’ stated willingness to install applications that request varying permissions. We performed two experiments to gauge smartphone users’ stated willingness to pay premiums to limit their personal information exposure when installing applications. When participants were comparison shopping between multiple applications that performed similar functionality, a quarter of our sample indicated a willingness to pay a $1.50 premium for the application that requested the fewest permissions—though only when viewing the requested permissions of each application side-by-side. In a second experiment, we more closely simulated the user experience by asking them to valuate a single application that featured multiple sets of permissions based on five between-subjects conditions. In this scenario, the requested permissions had a much smaller impact. Our results suggest that many smartphone users are concerned with their privacy and are willing to pay premiums for applications that are less likely to request access to personal information, but that the current choice architectures do not support this. We propose improvements for smartphone application markets that could result in decreased satisficing and increased rational behavior.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel The Privacy Economics of Voluntary Over-disclosure in Web Forms

Nächstes Kapitel Would You Sell Your Mother’s Data? Personal Data Disclosure in a Simulated Credit Card Application

The term “choice architecture” refers to the way in which options are presented to people, as these design decisions can have a profound impact on decision-making [34].

We identified invalid results based on two factors. First, we included several questions that required free text responses, such as, “why or why not would you purchase this application.” Using these questions, we deleted surveys that contained nonsensical responses. Second, in addition to asking participants to select the application that they were most willing to purchase, we also asked them to select the application that they were least willing to purchase. We removed participants who gave the same answer to both questions.

We did not show the permission request screen. To negate priming, all participants viewed the $1.99 version, which was associated with only the INTERNET permission in the previous tasks.

This Android permission does not actually exist; no permission is needed to access stored photos.

When we made the price “free,” skewness and kurtosis were 8.36 and 71.03, respectively (n = 159). Whereas when we set the price to “$0.99,” skewness and kurtosis were 1.72 and 5.74 (n = 163). This anchoring effect was statistically significant: U = 10078. 5, p < 0. 0005, μ _free = $2. 94 (σ = 11. 09), μ _$0. 99 = $1. 11 (σ = 0. 57).

This corresponded to bids over $100 and suggested prices over $2.99. Prior to removing outliers, the skewness and kurtosis for the bids were 18.65 and 353.15, respectively. After removing outliers, they became 2.15 and 4.10. Regarding the suggested prices, the original skewness and kurtosis were 5.87 and 50.27, but were reduced to 0.63 and 1.79, after removing outliers.

Acquisti, A.: Privacy in electronic commerce and the economics of immediate gratification. In: Proceedings of the ACM Electronic Commerce Conference (EC ’04), New York. ACM, New York (2004)

Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005). http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1392696

Acquisti, A., John, L., Loewenstein, G.: What is privacy worth? In: Twenty First Workshop on Information Systems and Economics (WISE), Phoenix (2009)

Agele, M., Kruegel, C., Kirda, E., Vigna, G.: Pios: detecting privacy leaks in iOS applications. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego (2011)

Android Developers: Manifest.permission. http://developer.android.com/reference/android/Manifest.permission.html. Accessed 28 Dec 2011

Barkhuus, L.: Privacy in location-based services, concern vs. coolness. In: Workshop on Location System Privacy and Control at MobileHCI ’04, Glasgow (2004)

Barkhuus, L., Dey, A.: Location-based services for mobile telephony: a study of users’ privacy concerns. In: INTERACT’03, Zurich, pp. 702–712 (2003)

Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behaviour in organisations. In: Proceedings of the 2008 Workshop on New Security Paradigms, NSPW ’08, Lake Tahoe, pp. 47–58. ACM, New York (2008)

Böhme, R., Grossklags, J.: The security cost of cheap user interaction. In: Proceedings of the 2011 New Security Paradigms Workshop (NSPW), Marin County. ACM, New York (2011)

10.

Chia, P.H., Yamamoto, Y., Asokan, N.: Is this App safe? A large scale study on application permissions and risk signals. In: World Wide Web Conference, Lyon (2012)

11.

Consolvo, S., Smith, I.E., Matthews, T., LaMarca, A., Tabert, J., Powledge, P.: Location disclosure to social relations: why, when, & what people want to share. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’05, Portland. ACM, New York (2005)

12.

Cvrcek, D., Kumpost, M., Matyas, V., Danezis, G.: A study on the value of location privacy. In: Proceedings of the 2006 Workshop on Privacy in an Electronic Society (WPES’06), Alexandria (2006)

13.

Danezis, G., Lewis, S., Anderson, R.: How much is location privacy worth? In: Proceedings of the Workshop on the Economics of Information Security (WEIS 2005), Cambridge (2005)

14.

Egelman, S., Tsai, J., Cranor, L.F., Acquisti, A.: Timing is everything? The effects of timing and placement of online privacy indicators. In: Proceedings of the 27th International Conference on Human Factors in Computing Systems, CHI ’09, Boston. ACM, New York (2009)

15.

Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS), Chicago. ACM, New York (2009)

16.

Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI’10, Vancouver. USENIX Association, Berkeley (2010)

17.

Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of Android application security. In: Proceedings of the 20th USENIX Security Conference USENIX Association, Berkeley (2011)

18.

Felt, A.P., Greenwood, K., Wagner, D.: The effectiveness of application permissions. In: Proceedings of the 2nd USENIX Conference on Web Application Development, WebApps’11, Portland, pp. 7–7. USENIX Association, Berkeley (2011)

19.

Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), Raleigh (2012)

20.

Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the 2012 Symposium on Usable Privacy and Security (SOUPS), Washington, DC (2012)

21.

Gideon, J., Egelman, S., Cranor, L., Acquisti, A.: Power strips, prophylactics, and privacy, oh my! In: Proceedings of the 2006 Symposium on Usable Privacy and Security, Pittsburgh (2006)

22.

Good, N., Dhamija, R., Grossklags, J., Aronovitz, S., Thaw, D., Mulligan, D., Konstan, J.: Stopping spyware at the gate: a user study of privacy, notice and spyware. In: Proceedings of the Symposium on Usable Privacy and Security (SOUPS 2005), Pittsburgh (2005)

23.

Grossklags, J., Acquisti, A.: When 25 cents is too much: an experiment on willingness-to-sell and willingness-to-protect personal information. In: Proceedings (online) of the Sixth Workshop on Economics of Information Security (WEIS), Pittsburgh (2007)

24.

Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), Chicago. ACM, New York (2011)

25.

Huberman, B., Adar, E., Fine, L.: Valuating privacy. IEEE Secur. Priv. 3(5), 22–25 (2005)CrossRef

26.

Iachello, G., Smith, I., Consolvo, S., Chen, M., Abowd, G.D.: Developing privacy guidelines for social location disclosure applications and services. In: Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS ’05, Pittsburgh, pp. 65–76. ACM, New York (2005)

27.

Lederer, S., Mankoff, J., Dey, A.K.: Who wants to know what when? Privacy preference determinants in ubiquitous computing. In: CHI ’03 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’03, Ft. Lauderdale, pp. 724–725. ACM, New York (2003)

28.

McDonald, A.M., Cranor, L.F.: Beliefs and behaviors: internet users’ understanding of behavioral advertising. In: 38th Research Conference on Communication, Information and Internet Policy (Telecommunications Policy Research Conference), Arlington (2010)

29.

Nauman, M., Khan, S., Zhang, X.: Apex: extending Android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS), Beijing. ACM, New York (2010)

30.

Pearce, P., Felt, A.P., Nunez, G., Wagner, D.: Addroid: privilege separation for applications and advertisers in Android. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS), Seoul. ACM, New York (2012)

31.

Purcell, K.: Half of adult cell phone owners have apps on their phones. Pew Internet & American Life Project. http://pewinternet.org/Reports/2011/Apps-update.aspx (2011)

32.

Simonite, T.: Apple ignored warning on address-book access. Technology Review (MIT). http://www.technologyreview.com/communications/39746/ (2012)

33.

Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior. In: Proceedings of EC’01: Third ACM Conference on Electronic Commerce, Tampa, pp. 38–47 (2001)

34.

Thaler, R., Sunstein, C.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haven/London (2008)

35.

Tsai, J., Egelman, S., Cranor, L., Acquisti, A.: The effect of online privacy information on purchasing behavior: an experimental study. In: Proceedings of the 2007 Workshop on the Economics of Information Security (WEIS’07), Pittsburgh (2007)

36.

Westin, A.F.: E-Commerce & Privacy: What Net Users Want. Privacy & American Business, Hackensack (1998)

37.

Wiese, J., Kelley, P.G., Cranor, L.F., Dabbish, L., Hong, J.I., Zimmerman, J.: Are you close with me? Are you nearby? Investigating social groups, closeness, and willingness to share. In: Proceedings of the 13th International Conference on Ubiquitous Computing, UbiComp ’11, Beijing, pp. 197–206. ACM, New York (2011)

38.

Zickuhr, K.: Generations and their gadgets. http://pewinternet.org/Reports/2011/Generations-and-gadgets/Report/Cell-phones.aspx (2011). Accessed 2 Oct 2012

Titel: Choice Architecture and Smartphone Privacy: There’s a Price for That
verfasst von: Serge Egelman
Adrienne Porter Felt
David Wagner
Verlag: Springer Berlin Heidelberg
Buch: The Economics of Information Security and Privacy
Print ISBN: 978-3-642-39497-3

Electronic ISBN: 978-3-642-39498-0

Copyright-Jahr: 2013
DOI: https://doi.org/10.1007/978-3-642-39498-0_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"