PICASO partner INUIT presented the paper “Understanding and granting Android permissions: A user survey” at the 51st International Carnahan Conference on Security Technology (ICCST 2017) on 25th October 2017, in Madrid, Spain. The presentation is available for download via the knowledge centre.

The ICCST paper is titled: “Understanding and granting Android permissions: A user survey”. PICASO representatives from INUIT are co-authors of the paper and have drawn on their experiences from the development of Apps to patients and their informal carers who will participate in the PICASO trials. The paper focuses on how users consider, interpret and react to differences in app permission information which is provided at three different instances of the app installation cycle. This issue is very relevant in the PICASO context as the App for the PICASO home-monitoring solution will transmit patients’ health data to the PICASO platform. Although all patient data in PICASO will be pseudonymised and will otherwise comply with the applicable data protection regulations, it is important from an ethical perspective that users fully understand what the permission entails and why it is necessary.

Christian Schunk, INUIT, presented the paper in Session S6B: Access Control, Wednesday 25 October 2017. The presentation discussed the study described in the paper followed by a presentation of PICASO focusing on the App and home-monitoring components used in the PICASO trials.

Article abstract:

“Whenever users install a new application on their smart devices with an Android KitKat or Lollipop operating system they are asked to grant the application (app) provider access to features of the device, ranging from data storage to device location and from device identity to the users personal contacts. The implications on users’ privacy and security are significant and therefore the users’ ability to give informed consent is highly important. Previous work has identified low rates of user attention and comprehension to permission warnings and concluded that these fail to inform the majority of users. Here we focus on how users consider, interpret and react to differences in app permission information which is provided at three different instances of the app installation cycle: 1. Before installation in the Google Play Store 2. During the installation process 3. After installation in the Application Manager. The information provided in these instances varies considerably in its granularity and detail. For this purpose, an online survey was developed in which users were asked questions regarding the installation of a mirror app whose main functionality is to use the user facing camera of the phone to mirror the users face (i.e. display an image of the face) on the phone’s screen. The survey participants were shown screen shots of the app description as presented in the Android Market store as well as of the various permission lists as they appear on the screen of the phone. The questions focused on the respondents’ perceptions and their hypothetical choices with regard to the installation of this app. Results show that the various presentations of permission information in Android versions KitKat or Lollipop cause concern and irritate a majority (51.67%) of users, especially those with some basic IT expertise. We conclude that the contextualization of app features and functionalities with the corresponding permissions needs to be improved especially for users with little IT expertise. Further user permission information should be made available at different
and consistent levels of granularity.”

The 51st International Carnahan Conference on Security Technology (ICCST 2017) was held from 23-26 October 2017, in Madrid, Spain.

PICASO at ICCST 2017