Empowering Users to Make Privacy and Security Decisions on Mobile Devices

April 15, 2013
Serge Egelman | University of California, Berkeley

Mobile platforms employ permission-granting mechanisms so that users can exert control over how third-party applications access their personal data. Some platforms take a paternalistic approach by relying on a review process before an application can be approved for public consumption. At the opposite end of the spectrum, other platforms aim for transparency by presenting users with a list of requested permissions every time an application is installed. The former approach is opaque and does not allow users to understand how their data will be used, whereas the latter approach results in habituation when users are bombarded with requests they either do not understand or do not find concerning. In this talk, I discuss how balancing transparency with concerns over habituation empowers users to make better decisions about their privacy and security. Specifically, I describe previous and ongoing human subjects research to replace unnecessary permission requests with audit mechanisms, how to improve necessary permission requests, as well as how to tell the difference.

Speaker Details

Serge Egelman is a research scientist at the University of California, Berkeley. His research focuses on usable security, with the specific aim of better understanding how people make decisions surrounding their privacy and security, and then creating improved interfaces that better align stated preferences with outcomes. This has included human subjects research on social networking privacy, access controls, authentication mechanisms, web browser security warnings, and privacy-enhancing technologies. He received his PhD from Carnegie Mellon University and prior to that was an undergraduate at the University of Virginia. He has also performed research at NIST, Brown University, Microsoft Research, and Xerox PARC.