Large-Scale Study of User Behaviour, Expectations and Engagement with Android Permissions

# 188






Abstract

In this talk I will be sharing the findings from a global study we conducted on the behaviors, expectations and engagement of 1,719 participants across 10 countries and regions towards Android application permissions. Participants were recruited using mobile advertising and used an application we designed for 30 days. Our app samples user behaviors (decisions made), rationales (via in-situ surveys), expectations, and attitudes, as well as some app provided explanations. We study the grant and deny decisions our users make and build mixed effect logistic regression models to illustrate the many factors that influence this decision making. Among several interesting findings, we observed that users facing an unexpected permission request are more than twice as likely to deny it compared to a user who expects it, and that permission requests accompanied by an explanation have a deny rate that is roughly half the deny rate of app permission requests without explanations. These findings remain true even when controlling for other factors. To the best of our knowledge, this may be the first study of actual privacy behavior (not stated behavior) for Android apps, with users using their own devices, across multiple continents. This research appeared at the USENIX Security 2021 conference.

Sai Teja Peddinti , Staff Research Scientist in the Privacy Research group at Google

Teja Peddinti is a Staff Research Scientist in the Privacy Research group at Google. He finished his bachelor's in information & communication technology (ICT) with a Gold Medal from DA-IICT, India in 2009, and then completed his PhD in Computer Science at the New York University, School of Engineering in 2014. His primary research focus is on applying machine learning techniques to build novel privacy and security features, and in performing large scale measurements and analysis to understand user preferences/concerns and to evaluate effectiveness of existing offerings. His research appeared at many top-tier conferences and won the IAPP SOUPS Privacy Award in 2017 and was a finalist in the NYU CSAW Applied Research Competition in 2022.