Technical Report TR743:
Behnood Momenzadeh, Jean Camp
A Bayesian Evaluation of User App Choice in the Presence of Risk Communication on Android Devices
(Sep 2019), 10 pages
In this work we empirically explore the possibility that people lack the information to make risk-aware decisions when choosing between mobile apps, and if given such information would change their behavior. Specifically we examine the choice of apps by users when risk information is embedded in the display of apps. Currently, no such information is readily available. Despite the presence of permissions information, it is not cognitively feasible to compare apps on permission, nor security or privacy in current app stores. One component to resolving this lack of information is the creation of clear, effective risk communication at time of app selection. One core test of risk communication is if it influences decision-making. Here we test indicators that allow users to differentiate the risk associated with apps, and examine the impact on decision-making in four app categories. We use an experimental model grounded in medical interventions, where we add an intervention in multiple situations (in this case app categories) and compare these to the pre-existing baseline. The question we address here is not if such an indicator can be reliably generated, but rather if were clearly indicated would it make a difference? To answer this we built an extended Android Play Store that embedded indicators using the lock icon as a cue. We recruited sixty participants to test the interaction using tablets running the extended store on Jelly Bean. The Play Store was otherwise unaltered, and included the standard user ratings, download count, and permissions interface. The result was that participants systematically choose apps with lower ratings or lesser download counts instead choosing apps with higher ratings with respect to risk. We compare our results to the users’ behavior in Android Market, indicating that individuals not only prefer higher privacy with no loss of functionality, but also that some participants may trade-off functionality for privacy.
- Available as: