Supporting Privacy-Conscious App Update Decisions with User Reviews
Venue
Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, ACM, New York, NY, USA (2015), pp. 51-61
Publication Year
2015
Authors
Yuan Tian, Bin Liu, Weisi Dai, Blase Ur, Patrick Tague, Lorrie Faith Cranor
BibTeX
Abstract
Smartphone app updates are critical to user security and privacy. New versions may
fix important security bugs, which is why users should usually update their apps.
However, occasionally apps turn malicious or radically change features in a way
users dislike. Users should not necessarily always update in those circumstances,
but current update processes are largely automatic. Therefore, it is important to
understand user behaviors around updating apps and help them to make
security-conscious choices. We conducted two related studies in this area. First,
to understand users' current update decisions, we conducted an online survey of
user attitudes toward updates. Based on the survey results, we then designed a
notification scheme integrating user reviews, which we tested in a field study.
Participants installed an Android app that simulated update notifications, enabling
us to collect users' update decisions and reactions. We compared the effectiveness
of our review-based update notifications with the permission-based notifications.
Compared to notifications with permission descriptions only, we found our
review-based update notification was more effective at alerting users of invasive
or malicious app updates, especially for less trustworthy apps.
