Each time a user installs an application on their Android

phone they are presented with a full screen of information describing

what access they will be granting that application. This information

is intended to help them make two choices: whether or not they trust

that the application will not damage the security of their device and

whether or not they are willing to share their information with the ap-

plication, developer, and partners in question. We performed a series

of semi-structured interviews in two cities to determine whether people

read and understand these permissions screens, and to better understand

how people perceive the implications of these decisions. We find that the

permissions displays are generally viewed and read, but not understood

by Android users. Alarmingly, we find that people are unaware of the

security risks associated with mobile apps and believe that app mar-

ketplaces test and reject applications. In sum, users are not currently

well prepared to make informed privacy and security decisions around

installing applications.

Publisher  Workshop on Usable Security

Details