Our goal is to understand how users perceive various smartphone-related risks, their preferences for how their sensitive data should be used by third-party applications, and the threat landscape, and then creating new user-centric systems that allow them to make more informed decisions.

Smartphones have become the most commonly-used computing platform. These devices allow third-party applications to create rich user experiences by granting the applications access to sensor data (e.g., location, accelerometers, etc.) and stored personal information. However, privacy and security problems exist when users cannot make informed choices about how their information may be used.

We’re broadly interested in answering the following questions:

• Under what circumstances do users want to be prompted with information about third-party applications may be accessing their personal information and/or sensor data?
• What steps do users take to mitigate risks on their devices?
• How can the permission-granting user experience be improved to facilitate informed consent?

Related Publications

• Keep on Lockin’ in the Free World: A Multi-National Comparison of Smartphone Locking (CHI ’16)
• The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens (CHI ’16)
• Android Permissions Remystified: A Field Study on Contextual Integrity (USENIX Sec ’15)
• Are you ready to lock? understanding user motivations for smartphone locking behaviors (CCS ’14)
• The effect of developer-specified explanations for permission requests on smartphone user behavior (CHI ’14)
• When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources (SOUPS ’13)
• Android permissions: user attention, comprehension, and behavior (SOUPS ’12)
• Choice architecture and smartphone privacy: there’s a price for that (WEIS ’12)
• How to ask for permission (HotSec ’12)
• I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns (SPSM ’12)