SpringerLink
Log in

“Ask App Not to Track”: The Effect of Opt-In Tracking Authorization on Mobile Privacy

  • Conference paper
  • First Online:
Emerging Technologies for Authorization and Authentication (ETAA 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13136))

Abstract

App Tracking Transparency (ATT) introduces opt-in tracking authorization for iOS apps. In this work, we investigate how mobile apps present tracking requests to users, and we evaluate how the observed design patterns impact users’ privacy. We perform a manual observational study of the Top 200 free iOS apps, and we classify each app by whether it requests permission to track, the purpose of the request, how the request was framed, whether the request was preceded or followed by additional ATT-related pages, and whether the request was preceded or followed by other permission requests. We then perform a user study with 950 participants to evaluate the impact of the observed UI elements. We find that opt-in authorizations are effective at enhancing data privacy in this context, and that the effect of ATT requests is robust to most implementation choices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 46.00
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 58.84
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Roadblocks included requests for payment or social security numbers (SSNs).

References

  1. Acquisti, A.: Nudging privacy: the behavioral economics of personal information. IEEE Secur. Priv. 7(6), 82–85 (2009)

    Article  Google Scholar 

  2. Acquisti, A., Adjerid, I., Brandimarte, L.: Gone in 15 s: the limits of privacy transparency and control. IEEE Secur. Priv. 11(4), 72–74 (2013)

    Article  Google Scholar 

  3. Acquisti, A., John, L.K., Loewenstein, G.: What is privacy worth? J. Leg. Stud. 42(2), 249–274 (2013)

    Article  Google Scholar 

  4. Adjerid, I., Acquisti, A., Brandimarte, L., Loewenstein, G.: Sleights of privacy: framing, disclosures, and the limits of transparency. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, pp. 1–11 (2013)

    Google Scholar 

  5. Alashoor, T., Fox, G., Jeff Smith, H.: The priming effect of prominent is privacy concerns scales on disclosure outcomes: an empirical examination. In: Pre-ICIS Workshop on Information Security and Privacy (2017)

    Google Scholar 

  6. Almuhimedi, H., et al.: Your location has been shared 5,398 times! a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796 (2015)

    Google Scholar 

  7. Balebako, R., et al.: Nudging users towards privacy on mobile devices (2011)

    Google Scholar 

  8. Benton, K., Jean Camp, L., Garg, V.: Studying the effectiveness of android application permissions requests. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 291–296. IEEE (2013)

    Google Scholar 

  9. Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third party tracking in the mobile ecosystem. In: Proceedings of the 10th ACM Conference on Web Science, pp. 23–31 (2018)

    Google Scholar 

  10. Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with android’s runtime permission dialogs using in-context surveys. In: Thirteenth Symposium on Usable Privacy and Security, pp. 195–210 (2017)

    Google Scholar 

  11. Bösch, C., Erb, B., Kargl, F., Kopp, H., Pfattheicher, S.: Tales from the dark side: privacy dark strategies and privacy dark patterns. Proc. Priv. Enhancing Technol. 2016(4), 237–254 (2016)

    Article  Google Scholar 

  12. Brignull. H.: Dark patterns (2019)

    Google Scholar 

  13. Choe, E.K., Jung, J., Lee, B., Fisher, K.: Nudging people away from privacy-invasive mobile apps through visual framing. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013. LNCS, vol. 8119, pp. 74–91. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40477-1_5

    Chapter  Google Scholar 

  14. Chong, I., Ge, H., Li, N., Proctor, R.W.: Influence of privacy priming and security framing on mobile app selection. Comput. Secur. 78, 143–154 (2018)

    Article  Google Scholar 

  15. Conti, G., Sobiesk, E.: Malicious interface design: exploiting the user. In: Proceedings of the 19th International Conference on World Wide Web, pp. 271–280 (2010)

    Google Scholar 

  16. Norwegian Consumer Council. Deceived by design, how tech companies use dark patterns to discourage us from exercising our rights to privacy. Norwegian Consumer Council Report (2018)

    Google Scholar 

  17. Di Geronimo, L., Braz, L., Fregnan, E., Palomba, F., Bacchelli, A.: UI dark patterns and where to find them: a study on mobile applications and user perception. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2020)

    Google Scholar 

  18. Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44 (2012)

    Google Scholar 

  19. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–14 (2012)

    Google Scholar 

  20. Gluck, J., et al.: How short is too short? implications of length and framing on the effectiveness of privacy notices. In: Twelfth Symposium on Usable Privacy and Security, pp. 321–340 (2016)

    Google Scholar 

  21. Gray, C.M., Kou, Y., Battles, B., Hoggatt, J., Toombs, A.L.: The dark (patterns) side of UX design. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2018)

    Google Scholar 

  22. Grossklags, J., Acquisti, A.: When 25 cents is too much: an experiment on willingness-to-sell and willingness-to-protect personal information. In: WEIS (2007)

    Google Scholar 

  23. Apple Inc., Human interface guidelines (2021)

    Google Scholar 

  24. Johnson, E.J., Bellman, S., Lohse, G.L.: Defaults, framing and privacy: why opting in-opting out 1. Mark. Lett. 13(1), 5–15 (2002)

    Article  Google Scholar 

  25. Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. Econometrica 47(2), 263–292 (1979)

    Article  MathSciNet  Google Scholar 

  26. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6

    Chapter  Google Scholar 

  27. Kurtz, A., Weinlein, A., Settgast, C., Freiling, F.: DiOS: dynamic privacy analysis of iOS applications (2014)

    Google Scholar 

  28. Liccardi, I., Pato, J., Weitzner, D.J.: Improving mobile app selection through transparency and better permission analysis. J. Priv. Confidentiality 5(2), 1–55 (2014)

    Google Scholar 

  29. Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501–510 (2012)

    Google Scholar 

  30. Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions. In: Twelfth Symposium on Usable Privacy and Security, pp. 27–41 (2016)

    Google Scholar 

  31. Mathur, A., et al.: Dark patterns at scale: findings from a crawl of 11k shop** websites. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW), pp. 1–32 (2019)

    Google Scholar 

  32. Mohamed, I., Patel, D.: Android vs iOS security: a comparative study. In 2015 12th International Conference on Information Technology-New Generations, pp. 725–730. IEEE (2015)

    Google Scholar 

  33. Narayanan, A., Mathur, A., Chetty, M., Kshirsagar, M.: Dark patterns: Past, present, and future: the evolution of tricky user interfaces. Queue 18(2), 67–92 (2020)

    Article  Google Scholar 

  34. Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem (2018)

    Google Scholar 

  35. Schreiner, M., Hess, T.: On the willingness to pay for privacy as a freemium model: first empirical evidence (2013)

    Google Scholar 

  36. Sensor Tower. Top charts: iphone - us - all categories, June 2021

    Google Scholar 

  37. Tversky, A., Kahneman, D.: Loss aversion in riskless choice: a reference-dependent model. Q. J. Econ. 106(4), 1039–1061 (1991)

    Article  Google Scholar 

  38. Vallina-Rodriguez, N., et al.: Tracking the trackers: towards understanding the mobile advertising and tracking ecosystem. ar**v preprint ar**v:1609.07190 (2016)

  39. Wijesekera, P., et al.: The feasibility of dynamically granted permissions: Aligning mobile privacy with user preferences. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 1077–1093. IEEE (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Pomona College, Claremont, CA, USA

    Anzo DeGiulio, Hanoom Lee & Eleanor Birrell

Authors
  1. Anzo DeGiulio
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hanoom Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eleanor Birrell
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Eleanor Birrell .

Editor information

Editors and Affiliations

  1. Consiglio Nazionale delle Ricerche, Pisa, Italy

    Andrea Saracino

  2. Institute of Informatics and Telematics, Pisa, Italy

    Paolo Mori

A Follow-Up Survey Questions

A Follow-Up Survey Questions

In this Appendix, we provide the complete set of questions asked in our user study.

  1. 1.

    “What percentage of the apps you have installed on your phone do you believe track you?” (Chosen on scale from 0–100)

  2. 2.

    “If the mobile apps you use employed a permanent identifier to track your behavior across multiple apps and/or to link you to your other behavior online, how comfortable would you be with it?” (Very Comfortable/Somewhat comfortable/Neutral/Somewhat uncomfortable/Very uncomfortable)

  3. 3.

    “How often have you noticed apps you use giving you an option to opt-in or opt-out of sharing a tracking identifier with the app?” (Never/A few times/Sometimes/Often/Always)

  4. 4.

    “How often do you opt-out of tracking on the apps you use?” (Never Have/Have a few times/Sometimes/Usually/Always)

  5. 5.

    (If did not respond “Never” to Question 4) “How difficult on average did you find it to opt-out of tracking on apps you use?” (Somewhat difficult/Neither difficult nor easy/Somewhat easy/Very easy)

  6. 6.

    (If did not respond “Never” to Question 4) “How satisfied are you with the opt-out mechanisms you have used to opt out of tracking by mobile apps?” (Very satisfied/Somewhat satisfied/Neutral/Somewhat unsatisfied/Very unsatisfied)

  7. 7.

    “What sort of smartphone do you primarily use?” (iPhone/Android device/Other/None)

  8. 8.

    (If responded “iPhone” to Question 7) “What version of iOS is currently installed on your device?” (14.5 or higher/14.4 or lower/I don’t know)

  9. 9.

    “What is your current age?” (18–24/25–34/35–44/45–59/60–74/75+)

  10. 10.

    “What is your gender?” (Man/Woman/Non-binary person/Other)

  11. 11.

    “Choose one or more races that you consider yourself to be:” (White/Black or African American/American Indian or Alaska Native/Asian/Pacific Islander or Native Hawaiian/Other)

  12. 12.

    “In which country do you currently reside?” (list of countries)

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

DeGiulio, A., Lee, H., Birrell, E. (2021). “Ask App Not to Track”: The Effect of Opt-In Tracking Authorization on Mobile Privacy. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2021. Lecture Notes in Computer Science(), vol 13136. Springer, Cham. https://doi.org/10.1007/978-3-030-93747-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-93747-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-93746-1

  • Online ISBN: 978-3-030-93747-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation