We report on a field study that uses a combination of OS measurements and qualitative interviews to highlight gaps between user expectations with respect to privacy and the result of using the existing permissions architecture to install mobile apps. Most of our participants expected advertising and analytics behavior, yet they were often surprised by applications’ data collection in the background and the level of data sharing with third parties that actually occurred. Given participant feedback, we propose platform support to reduce this “expectation gap” with transparency of data usage and constrained permissions.