Reengineering the user: privacy concerns about personal data on smartphones
Abstract
Purpose
This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed.
Design/methodology/approach
The impact of the applications’ evolutionary increment of permission requests from both the user’s and the developer’s point of view is studied, and finally, a series of remedies against the erosion of users’ privacy is proposed.
Findings
The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today’s smartphone operating systems do not provide an adequate level of protection for the user’s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices.
Research limitations/implications
The proposed approach was evaluated through an examination of the Android’s permission model, although issues arise in other operating systems. The authors’ future intention is to conduct a user study to measure the user’s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions.
Practical implications
The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices.
Social implications
The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware.
Originality/value
This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors’ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users’ privacy.
Keywords
Acknowledgements
Preliminary results of this work have been presented at the International Symposium on Human Aspects of Information Security & Assurance, HAISA 2014.
Citation
Tsavli, M., Efraimidis, P.S., Katos, V. and Mitrou, L. (2015), "Reengineering the user: privacy concerns about personal data on smartphones", Information and Computer Security, Vol. 23 No. 4, pp. 394-405. https://doi.org/10.1108/ICS-10-2014-0071
Publisher
:Emerald Group Publishing Limited
Copyright © 2015, Emerald Group Publishing Limited