The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
This addresses privacy misalignment for mobile users by automating permission decisions, though it is incremental as it builds on existing context-aware methods.
The study tackled the problem of ineffective smartphone app permission prompts by developing a classifier that predicts user privacy decisions based on context changes and past behavior, achieving 96.8% accuracy and a four-fold error reduction compared to current systems.
Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to account for context: the circumstances under which an application first requests access to data may be vastly different than the circumstances under which it subsequently requests access. We performed a longitudinal 131-person field study to analyze the contextuality behind user privacy decisions to regulate access to sensitive resources. We built a classifier to make privacy decisions on the user's behalf by detecting when context has changed and, when necessary, inferring privacy preferences based on the user's past decisions and behavior. Our goal is to automatically grant appropriate resource requests without further user intervention, deny inappropriate requests, and only prompt the user when the system is uncertain of the user's preferences. We show that our approach can accurately predict users' privacy decisions 96.8% of the time, which is a four-fold reduction in error rate compared to current systems.