It's Automatic: CMU Smartphone App Manages Your Privacy Preferences
By Byron Spice
Chalk up one more task a smartphone app may do better than you: figuring out your privacy settings.
A field study suggests that a personalized privacy assistant app being developed at Carnegie Mellon University can simplify the chore of setting permissions for your smartphone apps. That's a task that requires well over a hundred decisions — an unmanageable number for the typical user.
The privacy assistant can learn the user's preferences and quickly recommend the most appropriate settings, such as with which app to share the user's location or contact list.
In the study, people accepted almost 80 percent of the recommendations made by the privacy assistant and, at the end of the study, these people indicated they were more comfortable with their privacy settings than users who did not have a privacy assistant.
"It's clear that people just can't cope with the complexities of privacy settings associated with the apps they have on their smartphones," said Norman Sadeh, professor of computer science. "And its not just smartphone apps. The growing number of sensors and other smart devices that make up the so-called internet of things will impact privacy and make it even more challenging for users to retain control over their data and how it is being used."
In the study, which was presented at the Symposium on Usable Privacy and Security (SOUPS) in Denver, the app recommended settings for the users, which they could accept or reject. But eventually a privacy assistant may prove trustworthy enough to automatically make many of those decisions.
"Previous studies have shown that most people are unaware of many of the privacy settings for their apps, or aren't comfortable with the permissions they consented to at some earlier point," Sadeh said.
Sadeh's research has shown people's preferences can generally be organized in a small number of categories or "profiles" that differ based on people's willingness to grant different types of applications access to their information.
The privacy assistant can determine to which of these categories a person belongs. Machine learning techniques enable the assistant to analyze a user's response to a small number of questions focusing on the particular apps they have on their phones, said Bin Liu, a Ph.D. student in the Societal Computing Program in the School of Computer Science's Institute for Software Research.
In the study, 49 people used the privacy assistant and 23 did not. Those using the privacy assistant adopted almost 80 percent of its privacy recommendations.
Both groups were then sent daily "privacy nudges," messages alerting them to what may be surprising behavior by apps. Such a nudge might note that a certain app or set of apps had shared their location with a third party multiple times. Previous work has shown that these nudges can help a person better determine the privacy settings they prefer. Over the course of the study, participants changed only 5 percent of the settings that had originally been recommended by the personal privacy assistant.
"Our findings suggest that the personal privacy assistant does a good job of properly profiling each user and that its recommendations based on those profiles were useful," Sadeh said.
The personal privacy assistant is being developed with support from the Defense Advanced Research Projects Agency and the National Science Foundation. The Air Force Research Laboratory also sponsored this study. The study received the 2016 SOUPS Privacy Award sponsored by the International Association of Privacy Professionals.