SYSTEMATIC EVALUATION AND USERSTUDY OF PRIVACY OF DEFAULT APPS IN APPLE SMOBILE ECOSYSTEM Amel Bourdoucen

2025-05-03 0 0 1017.22KB 23 页 10玖币
侵权投诉
SYSTEMATIC EVALUATION AND USER STUDY OF PRIVACY OF
DEFAULT APPS IN APPLESMOBILE ECOSYSTEM
Amel Bourdoucen
Aalto University
Janne Lindqvist
Aalto University
ABSTRACT
Users need to configure default apps when they first start using their devices. The privacy config-
urations of the default apps do not always match what users think they have initially enabled. We
first systematically evaluated the privacy configurations of default apps. We discovered serious issues
with the documentation of the default apps. Based on these findings, we explored users’ experiences
with an interview study (N=15). Our findings from both studies show that: the instructions of setting
privacy configurations of default apps are vague and lack required steps; users were unable to disable
default apps from accessing their personal information; users assumed they were being tracked by
some default apps; default apps may cause tensions in family relationships because of information
sharing. Our results illuminate on the privacy and security implications of configuring the privacy of
default apps and how users perceive and understand the mobile ecosystem.
Keywords Privacy ·Mobile Devices ·Apps ·Ecosystems
1 Introduction
Users are not in control of their privacy preferences in complex mobile device and cloud ecosystems. The complexity
of these systems enable helpful features, but with the cost of privacy. Often, many of these features are enabled by
default when a user first starts using the device(s). When users purchase new devices, they are often presented with
many features to enable or disable. Unfortunately, our work shows that the privacy implications of these features are
not understood and the settings are non-trivial to configure correctly.
Studies have discovered several challenges that users face in understanding how their data is handled when using
mobile apps [
Liccardi et al.(2014)
,
Palmerino(2018)
,
Liu et al.(2014)
,
Van Kleek et al.(2017)
,
Thompson et al.(2013)
].
Users are often presented with many permissions requesting approval of access to their personal data. More-
over, prior work suggests that users do not always fully understand the implications of enabling privacy config-
urations [
Frik et al.(2022)
,
Breitinger et al.(2019)
]. This confusion is often caused by the architecture of privacy
configurations [
Egelman et al.(2013)
]. Users are left confused [
Tan et al.(2014)
], surprised [
Balebako et al.(2013)
,
Shklovski et al.(2014)
], anxious [
Coopamootoo et al.(2022)
] and sometimes frustrated [
Shklovski et al.(2014)
] when
learning what actually happens to their data.
In this paper, we study default apps in Apple’s iOS and macOS
1
. MacOS and iOS include setup wizards that guide users
to selecting preferences for these default apps when a new device is started. As a concrete example, in the Setup Wizard,
one of the features that users can setup is Siri. Users are offered the choice to either Continue (to set up Siri) or Set Up
Later in Settings. Users can select Set Up Later in Settings, which implies that Siri is disabled until users set it up later.
This is despite selecting the option to Set Up Later in Settings. To systematically study these issues, we focused on the
following research questions:
RQ1: What privacy configurations are available to control default apps?
RQ2: How can users control default apps?
RQ3: How do users understand privacy configurations and their privacy and security implications?
1This work is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Inc.
arXiv:2210.04569v1 [cs.HC] 10 Oct 2022
RQ4: How does setting up default features impact privacy of users?
To answer these research questions, we conducted two studies; in the first study we selected eight default apps and
features on iOS and macOS: Safari (Web browsing), Family Sharing (Shared Access), Siri (Virtual Assistant), iMessage
(Messaging), Facetime (Video Calls), Location Services and TouchID (Fingerprint). We analyzed Apple’s official
documentation and found them to seriously lack required details for configuring privacy. Due to this, we conducted a
comprehensive system evaluation to understand the privacy configurations for these default apps. We mapped the routes
to disable features of these apps. Based on this first study, we conducted a follow-up user study to investigate users’
understanding of privacy configurations. We compared the users answers to our findings from Study 1.
We make the following major contributions:
1.
In our first study, we thoroughly collected and investigated the privacy configurations of eight default apps of
the Apple mobile ecosystem. We present what user data is collected by each default app as well as paths to
disable different privacy configurations (presented in Section 3). We observed several serious issues associated
with configuring default apps.
2.
In the second study, we conducted a user study to explore users’ perceptions of using default apps and
configuring their privacy and security settings. Our findings show that users had limited understanding of what
data was being collected and how it was shared (presented in Section 6).
3.
Based on the two studies, we made the following major findings: participants were surprised to know some
privacy configurations were turned on by default; participants were confused about what happened to their
information; some participants assumed they were being tracked by some apps; tracking can introduce trust
issues in families and relationships; participants were aware that disabling data sharing does not guarantee
data is not shared anymore; participants wanted to know what happens to their information; participants did
not know how to disable data sharing on default apps.
2 Related Work
We first discuss the most closely related prior work and proceed to discuss studies that explored users general
understanding of privacy in apps. We then describe challenges that users face when setting privacy configurations to
gain control over their personal data. Most closely related to our work are the following three studies:
First, a study [
Frik et al.(2022)
] explored the relationship between socio-economic factors and users’ choices of security
and privacy settings. The study surveyed users about the security and privacy settings of their mobile device’s operating
system (Android and iOS) and pre-installed browsers (Safari and Chrome). These settings included passcode, face
unlock, automatic updates, and password re-use. Participants were also asked about privacy and security risks the are
concerned of. The study found differences between socio-demographic groups on using security and privacy settings.
For example, older adults were found to worry less about online risks. The study also found that many users were not
aware of the function of settings used in the study but were willing to change them in the future.
Second, another study [
Gamba et al.(2020)
] explored pre-installed apps on the Android platform for their app packages,
certificates, and third-party libraries. This work revealed various actors involved in the development of pre-installed
apps. Potentially harmful behavior was detected from pre-installed apps related to personal data collection. The study
validated which app collected which set of personal information by collecting firmware and traffic information from
users.
Third, another study [
Ramokapane et al.(2019)
] explored users’ awareness of some features on both Android and iOS.
These features were 1) location, 2) ads tracking and 3) usage and diagnostics (this is called Analytics Data Sharing in
iOS). The study asked participants to conduct four tasks on either a iOS or Android device based on the participant’s
experience and preference. These tasks were: Disable location services, Restrict App from using a default feature (iOS:
Camera, Android: disable Google app having access to Calendar and Location services), Disable/Limit ad tracking,
Restrict Usage and Diagnostic Report (Android only) or Disable analytical data sharing (iOS only). The participants
were given devices owned by the authors that were reset so that these tasks to be completed. The authors enabled the
settings of the features and asked users to locate and disable them. The participants performed a cognitive walk trough
and think aloud protocols while performing these tasks. The findings showed that participants were not able to easily
locate the settings of the features used in the study. Participants attributed these challenges to hidden controls and
complex app requests. To overcome these challenges, participants used quick fixes or coping strategies such as skipping
privacy configuration requests or searching the internet for quick solutions.
In contrast to the above three prior work, we evaluated the privacy configurations available in the Apple iOS and macOS
systems and specifically probed into users’ understanding of privacy in the Apple ecosystem. Towards this end, we
2
systematically tested setting up both iOS and macOS devices and documented all the steps required to disable settings.
We used this information as the basis of our qualitative interviews towards the end of probing to users’ understandings
and experiences with these privacy configurations and devices. We asked our participants to use their own devices rather
than test devices provided by us. We wanted our participants to perform the tasks with i) familiar devices and ii) devices
that contain their own privacy configurations that they have setup. Our results reflected users’ actual experiences with
privacy settings they have configured on their own rather than if we pre-configured it for them. Our work contributes by
revealing the difficulties on properly configure privacy for features that are enabled by default, and the surprises and
tensions that users experiences because of these settings.
Next, we will discuss a body of research that explored privacy of users when using mobile apps and configuring privacy
settings.
User Privacy in Mobile Apps
Prior work has largely explored app permissions in mobile devices. Studies have
been motivated to explore users configuring permissions due to the reported difficulties when doing so. For several
years, researchers have focused on permissions of apps in an attempt to explore ways to improve users’ understand-
ing and expectations when setting privacy configurations of apps. The focus on app permissions was motivated
through the many studies that demonstrated users’ difficulties in understanding privacy configurations of mobile apps
[Balebako et al.(2013), Ramokapane et al.(2019), Tan et al.(2014), Liccardi et al.(2014)].
A study on 308 Android users revealed that only 17% of users were attentive to the permissions that were prompted
during app installations, therefore indicated that permission warnings are not sufficient to make informed security
decisions [
Felt et al.(2011)
]. A recent study in 2021 on 4,636 Android users has also confirmed that information
provided by the current system is not enough for users to make informed decisions on their privacy [
Shen et al.(2021)
].
Other studies also showed that often users either ignore or accept permissions without reading the details properly
[Felt et al.(2012a), Felt et al.(2012b), Ramokapane et al.(2019)].
Researchers highlighted factors that influence the misunderstandings that users have of privacy configurations. Several
factors make it harder for users to know what happens to this personal information when agreeing to permissions or
configurations; for example, unclear Privacy Policies, and lack of transparency about data practices. Earlier studies have
investigated ways to improve Privacy Policies for better delivery for users [
Kelley et al.(2009)
]. However, recent studies
have reported that the unclear nature of Privacy Policies of apps still contribute to the difficulty users have to grasp
what happens to their personal data [
Alohaly and Takabi(2016)
,
Coen et al.(2016)
,
Kelly et al.(2012)
]. As a result of
the unclear nature of Privacy Policies, users rarely follow Privacy Policy links to read what part of their information is
disclosed [
Coen et al.(2016)
]. Another factor that has been suggested to contribute to the difficulty in understanding
what happens to personal data in apps is transparency [
Liccardi et al.(2014)
,
Van Kleek et al.(2017)
]. A study found
that providing more transparency to users about what occurs to their personal data can make users more confident
in their app use [
Van Kleek et al.(2017)
]. To help users better understand how their personal data is handled, recent
literature work explored several solutions to help make more informed decisions [
Liccardi et al.(2014)
,
Liu et al.(2014)
,
Palmerino(2018)
,
Thompson et al.(2013)
,
Van Kleek et al.(2017)
]. For instance, a study deployed machine learning to
offer a prospect of mitigating the burden of increased privacy decisions [
Smullen et al.(2020)
]. Another study proposed
a prototype that adjusted privileges given to apps on iOS as well as the ability to replace real data with mock data
[
Lutaaya(2018)
]. Another study analysed settings of 4.8 million smartphone users and demonstrated a number of
profiles that aim to simplify the decisions mobile users have to make about their privacy [Liu et al.(2014)].
Impacts of setting privacy configurations
A second line of research focused on understanding user’s concerns
when it comes to setting privacy preferences [
Balebako et al.(2013)
,
Ramokapane et al.(2019)
,
Shen et al.(2021)
,
Wijesekera et al.(2018)
]. Research has found that users often have misconceptions about the data sharing that oc-
curs on smartphone apps [
Balebako et al.(2013)
,
Frik et al.(2022)
,
Ramokapane et al.(2019)
,
Tan et al.(2014)
]. Mis-
conceptions about the handling of personal data can create challenges to users. Studies suggested that users
may feel uncomfortable or confused when learning about what occurs to their data [
Tan et al.(2014)
]. For ex-
ample, studies suggested that users are often surprised when asked to share their personal data collected by apps
[
Balebako et al.(2013)
,
Shklovski et al.(2014)
] for example, users understood that data was used for purposes such as
marketing but were surprised by the scope of data sharing, frequency and destination [Balebako et al.(2013)].
Users can also experience other emotions such as confusion about certain personal data that is requested, sometimes dis-
may or outrage [
Shklovski et al.(2014)
]. Studies that focused on tracking of users by apps [
Coopamootoo et al.(2022)
,
Ur et al.(2012)
,
McDonald and Cranor(2010)
], suggest that users can feel negatively under the perception of being
tracked. These feelings can include: anger, distrust and anxiety. Often users would feel accepting of the fact that
they are tracked, under certain conditions [
Coopamootoo et al.(2022)
]. The reactions users had upon learning about
how their data is handled can be denoted to the insufficient information on mobile apps to help users make informed
3
decisions [
Ramokapane et al.(2019)
]. Insufficient information provided about data handling may also lead users to
think that these permissions are required for apps to run [Smullen et al.(2020)] which influences users to accept them.
Summary
Prior work has focused extensively on privacy settings of mobile devices. An example of this
is users’ attitudes towards permissions of different apps on mobile devices [
Felt et al.(2012a)
,
Felt et al.(2012b)
,
Ramokapane et al.(2019)
], tracking of apps [
Coopamootoo et al.(2022)
,
McDonald and Cranor(2010)
,
Ur et al.(2012)
]
and privacy configurations of apps [
Balebako et al.(2013)
,
Frik et al.(2022)
,
Ramokapane et al.(2019)
,
Tan et al.(2014)
]. Although prior work focused extensively on users’ attitudes when setting permissions of
apps on mobile devices, little research (presented above) has focused on users’ experiences when setting up privacy
configurations of default apps.
3 Study I: Mobile Ecosystem Evaluation
Table 1: Privacy configurations of default apps. These privacy configurations may lead to personal data of users being
transferred outside the device as shown in the last column. For the full table, refer to Appendix A.1
Default App N Steps Privacy Configurations May transfer to Cloud or Vendor’s Servers
Safari N>12 IP Address Yes
Private Browsing No
Web Page Translation Translation locally, other data may leave device
iCloud Syncing Yes
Preload Top Hit in Safari Information not provided by vendor
Sending Information to Apple Yes
History and Website Data Yes
Siri N>9 Ask Siri Yes
Integrated apps Yes
Siri and Dictation Yes
Siri Personalisation Yes
iCloud Syncing Yes
Location Services Yes
Request History Yes
Facetime N>7 Enable Facetime Actual calls No, Otherwise Yes
Caller ID Yes
SharePlay Information not provided by vendor
Speaking Information not provided by vendor
FaceTime Live Photos Information not provided by vendor
Blocked Contacts Information not provided by vendor
In our first study, we analyze the main eight features of the Apple iCloud mobile ecosystem. Today, we have few
mobile ecosystems that are popular, for example, Apple’s [
Apple(2022a)
], Google’s [
Google(2022)
] and Huawei’s
[
Huawei(2022)
]. As the target of our work, we choose Apple’s ecosystem for the following reasons: (1) Apple’s devices
are popularly purchased worldwide. In 2021, Apple reported a 65.6 billion USD revenue in iPhones only in the first
quarter of the same year [
Hartmans(2021)
]. (2) Apple’s mobile ecosystem is uniquely cohesive and its integrated model
provides a quality experience for users, alongside a stated emphasis on privacy and security.
3.1 Mobile Ecosystem Structure
A mobile ecosystem consists of a set of units (devices) interacting with each other through exchange of information,
resources and artifacts [
Campbell and Ahmed(2010)
]. For instance, Apple’s mobile ecosystem consists of: iCloud
(Apple’s Cloud system) which brings together devices such as: iPad, iMac, Macbook, and iPhone. Default apps are
central to users’ participation in the ecosystem. The apps manufactured by Apple are referred to in this work by Default
apps. For instance, a popular app Safari is used as a browser for Apple devices. Information stored in Safari such as
Bookmarks are exchanged between devices that are connected to the same iCloud account.
4
Table 2: Users’ personal data collected from default apps. Users are not able disable the collection of some of the data
below for an app to function [Apple(2021)].
Default app Users’ personal data collected (not limited to list below)
Safari
IP address, sites you visit; open tabs, tab groups, AutoFill information, Bookmarks,
Reading List and History, attribution reports, payment method information.
Siri
Contact names, nicknames and relationships, Music and Podcasts, Names of your and
your Family Sharing members’ devices, Accessories, Homes, Scenes and Members
of Shared Home in Home app, Labels for Items (e.g., people’s names in Photos and
Alarms), Name of apps and shortcuts.
iMessage Articles, TV shows, Music and Photos.
Facetime
Facetime Calls (e.g., who was invited to call, device network configurations), Apps
using Facetime, Phone numbers, email addresses associated with account.
Family Sharing
Apple Watch serial number, cellular hardware identifiers, family member’s health,
location and contact data, view logs and screenshots from Apple Watch.
Touch ID 360-degree orientation fingerprint data, passcode.
Location
Location data, Location Search Query, Geo-tagged locations of nearby WiFi hotspots,
GPS data, travel speed, barometric pressure, places you recently been, IP.
Find My
Participation in Find My network, device location, information about device, informa-
tion about account.
3.2 Method of Study I
We evaluated the system for the following parameters: defining mobile ecosystems’ structure, privacy configurations of
default apps, number of privacy configurations to disable within an app and types of personal data collected by these
default apps and whether the personal data is transferred outside the device. We then analysed in depth Apple’s eight
default apps: Safari, Family Sharing, Find My, iMessage, Facetime, Siri, Location Services and TouchID. These apps
are linked to simple configuration options presented to the user when the user first time starts using macOS or iOS
device.
We had the following three major tasks in the analysis:
1. Analysis of Official Sources: We first read the official sources provided by Apple [Apple(2021)]. There were
several challenges to perform this analysis;
a.
Closed Ecosystem: Apple’s ecosystem is closed; meaning that
some of the specifications about the processing of personal data by default apps are not disclosed. Examples of
non-disclosure includes ambiguous phrasing such as “subsets of data stored” [
Apple(2021)
] without indicating
what the subset of data includes, how is it processed and for how long it is retained.
b.
Scattered information:
When reading Apple’s Privacy Policy for the steps to disable a feature, we discovered that the controls of some
apps are described under other apps. For example, Siri has a specific section where its controls are described.
However, Siri can also be found under Safari Searchs section as well as Dictation. In summary, the public
Privacy Policies are long and do not contain easily accessible information how to precisely control privacy
configurations.
2.
System Navigation: To be able to present the steps required to setup a device, we captured the setup and usage
processes on sample iOS and macOS devices. We first did factory resets to our test devices before following
steps of the setup wizard in all possible combination of scenarios and sequence of steps. We repeated the latter
process every time we followed a different sequence of steps to start fresh).
3.
Mapping of Privacy Configurations: To obtain on how many steps are required to disable each app, we mapped
the privacy configurations responsible for handling personal data for each app and noted the pathways to each
privacy control. We emphasized what privacy control was included in Apple’s sources and what was not
included. We also present the personal data collected from users’ by each app.
3.3 Results of Study I
We present a brief summary results of Study I below. Further details are given in the appendices.
5
摘要:

SYSTEMATICEVALUATIONANDUSERSTUDYOFPRIVACYOFDEFAULTAPPSINAPPLE'SMOBILEECOSYSTEMAmelBourdoucenAaltoUniversityJanneLindqvistAaltoUniversityABSTRACTUsersneedtoconguredefaultappswhentheyrststartusingtheirdevices.Theprivacycong-urationsofthedefaultappsdonotalwaysmatchwhatusersthinktheyhaveinitiallyenab...

展开>> 收起<<
SYSTEMATIC EVALUATION AND USERSTUDY OF PRIVACY OF DEFAULT APPS IN APPLE SMOBILE ECOSYSTEM Amel Bourdoucen.pdf

共23页,预览5页

还剩页未读, 继续阅读

声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!

相关推荐

更多
立即下载
分类:图书资源 价格:10玖币 属性:23 页 大小:1017.22KB 格式:PDF 时间:2025-05-03

开通VIP享超值会员特权

  • 多端同步记录
  • 高速下载文档
  • 免费文档工具
  • 分享文档赚钱
  • 每日登录抽奖
  • 优质衍生服务

作者详情

相关内容

更多

热门标签

人际关系 动力学连接体 力的合成 配电装置 高考理综 全宋诗作者索引 公务员考试
/ 23
评分 收藏
分享
立即下载
客服
关注