Author: serge

The Price is (Not) Right: Comparing Privacy in Free and Paid Apps (PETS ’20)

AbstractIt is commonly assumed that “free” mobile apps come at the cost of consumer privacy and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by comparing the privacy practices of free apps and their paid premium versions, while also gauging […]

Investigating Users’ Preferences and Expectations for Always-Listening Voice Assistants (IMWUT ’19)

AbstractMany consumers now rely on different forms of voice assistants, both stand-alone devices and those built into smartphones. Currently, these systems react to specific wake-words, such as “Alexa,” “Siri,” or “Ok Google.” However, with advancements in natural language processing, the next generation of voice assistants could instead always listen to the acoustic environment and proactively […]

Privacy and Security Threat Models and Mitigation Strategies of Older Adults (SOUPS ’19)

AbstractOlder adults (65+) are becoming primary users of emerging smart systems, especially in health care. However, these technologies are often not designed for older users and can pose serious privacy and security concerns due to their novelty, complexity, and propensity to collect and communicate vast amounts of sensitive information. Efforts to address such concerns must […]

Privacy Attitudes of Smart Speaker Users (PETS ’19)

AbstractAs devices with always-on microphones located in people’s homes, smart speakers have significant privacy implications. We surveyed smart speaker owners about their beliefs, attitudes, and concerns about the recordings that are made and shared by their devices. To ground participants’ responses in concrete interactions, rather than collecting their opinions abstractly, we framed our survey around […]

Information Design in An Aged Care Context (PervasiveHealth ’19)

AbstractThe adoption of technological solutions for aged care is rapidly increasing in developed countries. New technologies facilitate the sharing of health information among the “care triad”: the elderly care recipient, their family, and care staff. In order to develop user-centered technologies for this population, we believe that it is necessary to first examine their views […]

50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System (USENIX Sec ’19)

Abstract Modern smartphone platforms implement permission-based models to protect access to sensitive data and system resources. However, apps can circumvent the permission model and gain access to protected data without user consent by using both covert and side channels. Side channels present in the implementation of the permission system allow apps to access the data […]

On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies (ConPro ’19)

AbstractThe dominant privacy framework of the information age relies on notions of “notice and consent.” That is, service providers will disclose, often through privacy policies, their data collection practices, and users can then consent to their terms. However, it is unlikely that most users comprehend these disclosures, which is due in no small part to […]

Do You Get What You Pay For? Comparing The Privacy Behaviors of Free vs. Paid Apps (ConPro ’19)

AbstractIt is commonly assumed that the availability of “free” mobile apps comes at the cost of consumer privacy, and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by investigating the degree to which “free” apps and their paid premium versions […]

A Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions (CHI ’19)

AbstractCommitment devices are a technique from behavioral economics that have been shown to mitigate the effects of present bias—the tendency to discount future risks and gains in favor of immediate gratifications. In this paper, we explore the feasibility of using commitment devices to nudge users towards complying with varying online security mitigations. Using two online […]

The Accuracy of the Demographic Inferences Shown on Google’s Ad Settings (WPES ’18)

AbstractGoogle’s Ad Settings shows the gender and age that Google hasinferred about a web user. We compare the inferred values to theself-reported values of 501 survey participants. We find that Googleoften does not show an inference, but when it does, it is typicallycorrect. We explore which usage characteristics, such as using privacyenhancing technologies, are associated […]