Xiaoyuan Wu (Carnegie Mellon University), Lydia Hu (Carnegie Mellon University), Eric Zeng (Carnegie Mellon University), Hana Habib (Carnegie Mellon University), Lujo Bauer (Carnegie Mellon University)

Apple's App Privacy Report (``privacy report''), released in 2021, aims to
inform iOS users about apps' access to their data and sensors (e.g., contacts,
camera) and, unlike other privacy dashboards, what domains are contacted by apps and websites. To evaluate the
effectiveness of the privacy report, we conducted semi-structured interviews
(textit{n} = 20) to examine users' reactions to the information, their understanding of relevant privacy
implications, and how they might change
their behavior to address privacy concerns. Participants easily understood which
apps accessed data and sensors at certain times on their phones, and knew how to
remove an app's permissions in case of unexpected access. In contrast,
participants had difficulty understanding apps' and websites' network
activities. They were confused about how and why network activities occurred,
overwhelmed by the number of domains their apps contacted, and uncertain about
what remedial actions they could take against potential privacy threats. While
the privacy report and similar tools can increase transparency by presenting
users with details about how their data is handled, we recommend providing more
interpretation or aggregation of technical details, such as the purpose of
contacting domains, to help users make informed decisions.

View More Papers

PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented...

Ye Liu (Singapore Management University), Yue Xue (MetaTrust Labs), Daoyuan Wu (The Hong Kong University of Science and Technology), Yuqiang Sun (Nanyang Technological University), Yi Li (Nanyang Technological University), Miaolei Shi (MetaTrust Labs), Yang Liu (Nanyang Technological University)

Read More

Poster: Securing IoT Edge Devices: Applying NIST IR 8259A...

Rahul Choutapally, Konika Reddy Saddikuti, Solomon Berhe (University of the Pacific)

Read More

“Do We Call Them That? Absolutely Not.”: Juxtaposing the...

Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Luca Favaro (Technical University of Munich), and Florian Matthes (Technical University of Munich)

Read More