Maritza Johnson, Oriana Riva, Jaeyeon Jung, and David Wagner
When users install an application on their mobile Android device, they must decide whether to grant the application access to privacy-sensitive information. Building upon recent research on the limitations of the current installation dialog, we investigate a new permission model better aligned with users' current understanding of data collection and privacy concerns. Using three mobile applications that offer highly personalized services, we conduct a series of online surveys (n = 1,316) varying the information disclosed in the installation screen and exploring the option to limit data collection. First, we identify two factors that significantly affect users' willingness to install applications---the frequency of data collection and the third party sharing policy---and find that in the absence of such information, as in the case of existing dialogs, many survey respondents incorrectly assume that an application's capabilities are more restricted than they actually are. Second, we find that offering a third option beyond existing all-or-nothing choice affects users' willingness to install applications. We further analyze how our participants would like to limit data collection, and compile a set of suggestions for the design of a permission model that can provide better privacy notice and meaningful controls to users.