Abstract
App Tracking Transparency (ATT) introduces opt-in tracking authorization for iOS apps. In this work, we investigate how mobile apps present tracking requests to users, and we evaluate how the observed design patterns impact users’ privacy. We perform a manual observational study of the Top 200 free iOS apps, and we classify each app by whether it requests permission to track, the purpose of the request, how the request was framed, whether the request was preceded or followed by additional ATT-related pages, and whether the request was preceded or followed by other permission requests. We then perform a user study with 950 participants to evaluate the impact of the observed UI elements. We find that opt-in authorizations are effective at enhancing data privacy in this context, and that the effect of ATT requests is robust to most implementation choices.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Roadblocks included requests for payment or social security numbers (SSNs).
References
Acquisti, A.: Nudging privacy: the behavioral economics of personal information. IEEE Secur. Priv. 7(6), 82–85 (2009)
Acquisti, A., Adjerid, I., Brandimarte, L.: Gone in 15 s: the limits of privacy transparency and control. IEEE Secur. Priv. 11(4), 72–74 (2013)
Acquisti, A., John, L.K., Loewenstein, G.: What is privacy worth? J. Leg. Stud. 42(2), 249–274 (2013)
Adjerid, I., Acquisti, A., Brandimarte, L., Loewenstein, G.: Sleights of privacy: framing, disclosures, and the limits of transparency. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, pp. 1–11 (2013)
Alashoor, T., Fox, G., Jeff Smith, H.: The priming effect of prominent is privacy concerns scales on disclosure outcomes: an empirical examination. In: Pre-ICIS Workshop on Information Security and Privacy (2017)
Almuhimedi, H., et al.: Your location has been shared 5,398 times! a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796 (2015)
Balebako, R., et al.: Nudging users towards privacy on mobile devices (2011)
Benton, K., Jean Camp, L., Garg, V.: Studying the effectiveness of android application permissions requests. In: 2013 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 291–296. IEEE (2013)
Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third party tracking in the mobile ecosystem. In: Proceedings of the 10th ACM Conference on Web Science, pp. 23–31 (2018)
Bonné, B., Peddinti, S.T., Bilogrevic, I., Taft, N.: Exploring decision making with android’s runtime permission dialogs using in-context surveys. In: Thirteenth Symposium on Usable Privacy and Security, pp. 195–210 (2017)
Bösch, C., Erb, B., Kargl, F., Kopp, H., Pfattheicher, S.: Tales from the dark side: privacy dark strategies and privacy dark patterns. Proc. Priv. Enhancing Technol. 2016(4), 237–254 (2016)
Brignull. H.: Dark patterns (2019)
Choe, E.K., Jung, J., Lee, B., Fisher, K.: Nudging people away from privacy-invasive mobile apps through visual framing. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013. LNCS, vol. 8119, pp. 74–91. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40477-1_5
Chong, I., Ge, H., Li, N., Proctor, R.W.: Influence of privacy priming and security framing on mobile app selection. Comput. Secur. 78, 143–154 (2018)
Conti, G., Sobiesk, E.: Malicious interface design: exploiting the user. In: Proceedings of the 19th International Conference on World Wide Web, pp. 271–280 (2010)
Norwegian Consumer Council. Deceived by design, how tech companies use dark patterns to discourage us from exercising our rights to privacy. Norwegian Consumer Council Report (2018)
Di Geronimo, L., Braz, L., Fregnan, E., Palomba, F., Bacchelli, A.: UI dark patterns and where to find them: a study on mobile applications and user perception. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2020)
Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44 (2012)
Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In Proceedings of the Eighth Symposium on Usable Privacy and Security, pp. 1–14 (2012)
Gluck, J., et al.: How short is too short? implications of length and framing on the effectiveness of privacy notices. In: Twelfth Symposium on Usable Privacy and Security, pp. 321–340 (2016)
Gray, C.M., Kou, Y., Battles, B., Hoggatt, J., Toombs, A.L.: The dark (patterns) side of UX design. In: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, pp. 1–14 (2018)
Grossklags, J., Acquisti, A.: When 25 cents is too much: an experiment on willingness-to-sell and willingness-to-protect personal information. In: WEIS (2007)
Apple Inc., Human interface guidelines (2021)
Johnson, E.J., Bellman, S., Lohse, G.L.: Defaults, framing and privacy: why opting in-opting out 1. Mark. Lett. 13(1), 5–15 (2002)
Kahneman, D., Tversky, A.: Prospect theory: an analysis of decision under risk. Econometrica 47(2), 263–292 (1979)
Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6
Kurtz, A., Weinlein, A., Settgast, C., Freiling, F.: DiOS: dynamic privacy analysis of iOS applications (2014)
Liccardi, I., Pato, J., Weitzner, D.J.: Improving mobile app selection through transparency and better permission analysis. J. Priv. Confidentiality 5(2), 1–55 (2014)
Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501–510 (2012)
Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions. In: Twelfth Symposium on Usable Privacy and Security, pp. 27–41 (2016)
Mathur, A., et al.: Dark patterns at scale: findings from a crawl of 11k shop** websites. Proceedings of the ACM on Human-Computer Interaction, 3(CSCW), pp. 1–32 (2019)
Mohamed, I., Patel, D.: Android vs iOS security: a comparative study. In 2015 12th International Conference on Information Technology-New Generations, pp. 725–730. IEEE (2015)
Narayanan, A., Mathur, A., Chetty, M., Kshirsagar, M.: Dark patterns: Past, present, and future: the evolution of tricky user interfaces. Queue 18(2), 67–92 (2020)
Razaghpanah, A., et al.: Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem (2018)
Schreiner, M., Hess, T.: On the willingness to pay for privacy as a freemium model: first empirical evidence (2013)
Sensor Tower. Top charts: iphone - us - all categories, June 2021
Tversky, A., Kahneman, D.: Loss aversion in riskless choice: a reference-dependent model. Q. J. Econ. 106(4), 1039–1061 (1991)
Vallina-Rodriguez, N., et al.: Tracking the trackers: towards understanding the mobile advertising and tracking ecosystem. ar**v preprint ar**v:1609.07190 (2016)
Wijesekera, P., et al.: The feasibility of dynamically granted permissions: Aligning mobile privacy with user preferences. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 1077–1093. IEEE (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Follow-Up Survey Questions
A Follow-Up Survey Questions
In this Appendix, we provide the complete set of questions asked in our user study.
-
1.
“What percentage of the apps you have installed on your phone do you believe track you?” (Chosen on scale from 0–100)
-
2.
“If the mobile apps you use employed a permanent identifier to track your behavior across multiple apps and/or to link you to your other behavior online, how comfortable would you be with it?” (Very Comfortable/Somewhat comfortable/Neutral/Somewhat uncomfortable/Very uncomfortable)
-
3.
“How often have you noticed apps you use giving you an option to opt-in or opt-out of sharing a tracking identifier with the app?” (Never/A few times/Sometimes/Often/Always)
-
4.
“How often do you opt-out of tracking on the apps you use?” (Never Have/Have a few times/Sometimes/Usually/Always)
-
5.
(If did not respond “Never” to Question 4) “How difficult on average did you find it to opt-out of tracking on apps you use?” (Somewhat difficult/Neither difficult nor easy/Somewhat easy/Very easy)
-
6.
(If did not respond “Never” to Question 4) “How satisfied are you with the opt-out mechanisms you have used to opt out of tracking by mobile apps?” (Very satisfied/Somewhat satisfied/Neutral/Somewhat unsatisfied/Very unsatisfied)
-
7.
“What sort of smartphone do you primarily use?” (iPhone/Android device/Other/None)
-
8.
(If responded “iPhone” to Question 7) “What version of iOS is currently installed on your device?” (14.5 or higher/14.4 or lower/I don’t know)
-
9.
“What is your current age?” (18–24/25–34/35–44/45–59/60–74/75+)
-
10.
“What is your gender?” (Man/Woman/Non-binary person/Other)
-
11.
“Choose one or more races that you consider yourself to be:” (White/Black or African American/American Indian or Alaska Native/Asian/Pacific Islander or Native Hawaiian/Other)
-
12.
“In which country do you currently reside?” (list of countries)
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
DeGiulio, A., Lee, H., Birrell, E. (2021). “Ask App Not to Track”: The Effect of Opt-In Tracking Authorization on Mobile Privacy. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2021. Lecture Notes in Computer Science(), vol 13136. Springer, Cham. https://doi.org/10.1007/978-3-030-93747-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-93747-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93746-1
Online ISBN: 978-3-030-93747-8
eBook Packages: Computer ScienceComputer Science (R0)