Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University)
Apple's App Privacy Report (``privacy report''), released in 2021, aims to
inform iOS users about apps' access to their data and sensors (e.g., contacts,
camera) and, unlike other privacy dashboards, what domains are contacted by apps and websites. To evaluate the
effectiveness of the privacy report, we conducted semi-structured interviews
(textit{n} = 20) to examine users' reactions to the information, their understanding of relevant privacy
implications, and how they might change
their behavior to address privacy concerns. Participants easily understood which
apps accessed data and sensors at certain times on their phones, and knew how to
remove an app's permissions in case of unexpected access. In contrast,
participants had difficulty understanding apps' and websites' network
activities. They were confused about how and why network activities occurred,
overwhelmed by the number of domains their apps contacted, and uncertain about
what remedial actions they could take against potential privacy threats. While
the privacy report and similar tools can increase transparency by presenting
users with details about how their data is handled, we recommend providing more
interpretation or aggregation of technical details, such as the purpose of
contacting domains, to help users make informed decisions.