Designing a Choice Architecture for Mobile Device Privacy and Security

Smartphones offer advanced hardware and software features that allow developers to design feature-rich applications. But with great power comes great responsibility: untrustworthy smartphone applications have the ability to access personal information, damage hardware, or even incur charges on a user’s phone bill. To mitigate these risks, several smartphone platforms feature permission-granting interfaces in order to facilitate a notice and consent process: the user can see what abilities an application is requesting and then must explicitly approve the requests. In this talk, I describe several experiments I have performed to examine whether or not smartphone users currently understand these permissions interfaces, whether or not they consider them as part of a larger decision to install a particular application, and how the architecture of this notice and consent process can be improved.

Speaker Details

Serge is a postdoctoral researcher at the University of California, Berkeley. His research focuses on usable security, with the specific aim of better understanding how people make decisions surrounding their privacy and security, and then creating improved interfaces that better align stated preferences with outcomes. This has included human subjects research on social networking privacy, access controls, authentication mechanisms, web browser security warnings, and privacy-enhancing technologies. He received his PhD from Carnegie Mellon University and prior to that was an undergraduate at the University of Virginia. He has also performed research at NIST, Brown University, Microsoft Research, and Xerox PARC

Series:
Microsoft Research Talks
Date:
Speakers:
Serge Egelman
Affiliation:
UC Berkeley

    • Portrait of Jeff Running

      Jeff Running

Series: Microsoft Research Talks