To Deny, or Not to Deny: A Personalized Privacy Assistant for Mobile App Permissions [Draft]

Many smartphone users are uncomfortable with the permissions requested by their mobile apps. The sheer number of permissions can be so overwhelming that many users are unable to adequately manage their permission settings. We present a methodology for building personalized privacy assistants to recommend permission settings to users. We conducted two field studies with Android users: the first (n=84), to collect privacy preferences and build a recommendation system, the second (n=51), to evaluate the effectiveness of the recommendations. Results show that 73.7% of recommendations are accepted. Following interactions with the assistant, participants were motivated to further review and modify their settings with daily privacy nudges. Despite showing significant engagement and modifying permissions not covered in the recommendations, participants only modified 5.6% of the recommendations they had accepted. We discuss implications of our results for the design of existing permission managers and future privacy assistants.