Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels (2312.03918v2)

Published 6 Dec 2023 in cs.HC

Abstract: Privacy labels -- standardized, compact representations of data collection and data use practices -- are often presented as a solution to the shortcomings of privacy policies. Apple introduced mandatory privacy labels for apps in its App Store in December 2020; Google introduced mandatory labels for Android apps in July 2022. iOS app privacy labels have been evaluated and critiqued in prior work. In this work, we evaluated Android Data Safety Labels and explored how differences between the two label designs impact user comprehension and label utility. We conducted a between-subjects, semi-structured interview study with 12 Android users and 12 iOS users. While some users found Android Data Safety Labels informative and helpful, other users found them too vague. Compared to iOS App Privacy Labels, Android users found the distinction between data collection groups more intuitive and found explicit inclusion of omitted data collection groups more salient. However, some users expressed skepticism regarding elided information about collected data type categories. Most users missed critical information due to not expanding the accordion interface, and they were surprised by collection practices excluded from Android's definitions. Our findings also revealed that Android users generally appreciated information about security practices included in the labels, and iOS users wanted that information added.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. Sheila Foster Anthony. 2001. The case for standardization of privacy policy formats. US FTC. https://doi.org/news-events/news/speeches/case-standardization-privacy-policy-formats
  2. A US-UK Usability Evaluation of Consent Management Platform Cookie Consent Interface Design on Desktop and Mobile. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (Hamburg, Germany) (CHI ’23). Association for Computing Machinery, New York, NY, USA, Article 163, 36 pages. https://doi.org/10.1145/3544548.3580725
  3. Fighting the fog: Evaluating the clarity of privacy disclosures in the age of CCPA. In Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society. 73–102.
  4. APA handbook of research methods in psychology, Vol 2: Research designs: Quantitative, qualitative, neuropsychological, and biological. American Psychological Association.
  5. A Large-Scale Evaluation of U.S. Financial Institutions’ Standardized Privacy Notices. ACM Trans. Web 10, 3, Article 17 (aug 2016), 33 pages. https://doi.org/10.1145/2911988
  6. Ask the experts: What should be on an IoT privacy and security label?. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 447–464.
  7. An informative security and privacy “nutrition” label for internet of things devices. IEEE Security & Privacy 20, 2 (2021), 31–39.
  8. Exploring how privacy and security factor into IoT device purchase behavior. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. 1–12.
  9. Helping Mobile Application Developers Create Accurate Privacy Labels. In 2022 IEEE European Symposium on Security and Privacy Workshops. 212–230. https://doi.org/10.1109/EuroSPW55150.2022.00028
  10. Google. 2022. Get more information about your apps in Google Play. https://blog.google/products/google-play/data-safety/.
  11. Hana Habib and Lorrie Faith Cranor. 2022. Evaluating the Usability of Privacy Choice Mechanisms. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association, Boston, MA, 273–289. https://www.usenix.org/conference/soups2022/presentation/habib
  12. “Okay, Whatever”: An Evaluation of Cookie Consent Interfaces. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (New Orleans, LA, USA) (CHI ’22). Association for Computing Machinery, New York, NY, USA, Article 621, 27 pages. https://doi.org/10.1145/3491102.3501985
  13. Apple Inc. 2020. App Privacy labels now live on the App Store - Latest News. https://developer.apple.com/news/?id=3wann9gh.
  14. ATLAS: Automatically Detecting Discrepancies Between Privacy Policies and Privacy Labels. arXiv preprint arXiv:2306.09247 (2023).
  15. A “nutrition label”’ for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security. 1–12.
  16. Standardizing privacy notices: an online study of the nutrition label approach. In Proceedings of the SIGCHI Conference on Human factors in Computing Systems. 1573–1582.
  17. Privacy as part of the app decision-making process. In Proceedings of the SIGCHI conference on human factors in computing systems. 3393–3402.
  18. The Overview of Privacy Labels and their Compatibility with Privacy Policies. arXiv preprint arXiv:2303.08213 (2023).
  19. Unpacking Privacy Labels: A Measurement and Developer Perspective on Google’s Data Safety Section. arXiv preprint arXiv:2306.08111 (2023).
  20. Keeping privacy labels honest. Proceedings on Privacy Enhancing Technologies 4 (2022), 486–506.
  21. Goodbye tracking? Impact of iOS app tracking transparency and privacy labels. In 2022 ACM Conference on Fairness, Accountability, and Transparency. 508–520.
  22. The challenges and impact of privacy policy comprehension. arXiv preprint arXiv:2005.08967 (2020).
  23. Honeysuckle: Annotation-Guided Code Generation of In-App Privacy Notices. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 5, 3, Article 112 (Sept 2021), 27 pages. https://doi.org/10.1145/3478097
  24. Understanding challenges for developers to create accurate privacy nutrition labels. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems. 1–24.
  25. Understanding iOS privacy nutrition labels: An exploratory large-scale analysis of app store data. In CHI Conference on Human Factors in Computing Systems Extended Abstracts. 1–7.
  26. Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.
  27. A comparative study of online privacy policies and formats. In Privacy Enhancing Technologies: 9th International Symposium, PETS 2009, Seattle, WA, USA, August 5-7, 2009. Proceedings 9. Springer, 37–55.
  28. Mozilla. 2023. Mozilla Study: Data Privacy labels for most top apps in Google play store are false or misleading. https://foundation.mozilla.org/en/campaigns/googles-data-safety-labels/
  29. Ambiguity in privacy policies and the impact of regulation. The Journal of Legal Studies 45, S2 (2016), S163–S190.
  30. Visual Interactive Privacy Policy: The Better Choice?. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1–12.
  31. Evaluating the readability of privacy policies in mobile environments. International Journal of Mobile Human Computer Interaction (IJMHCI) 3, 1 (2011), 55–78.
  32. Replication: How Well Do My Results Generalize Now? The External Validity of Online Privacy and Security Surveys. In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). USENIX Association, Boston, MA, 367–385. https://www.usenix.org/conference/soups2022/presentation/tang
  33. Defining privacy: How users interpret technical terms in privacy policies. Proceedings on Privacy Enhancing Technologies 2021, 3 (2021).
  34. Daniel Tkacik. 2022. CyLab researchers investigate Apple’s privacy labels. https://www.cylab.cmu.edu/news/2022/04/28-privacy-labels.html
  35. Maria Dolores C Tongco. 2007. Purposive sampling as a tool for informant selection. (2007).
  36. U.S. Census Bureau. 2021. QuickFacts. https://www.census.gov/quickfacts/fact/table/US/PST045221.
  37. Chris Velazco. 2022. What your Android phone’s new “data safety” labels mean. https://www.washingtonpost.com/technology/2022/05/05/android-app-data-safety-labels/
  38. Why we can’t be bothered to read privacy policies: Models of privacy economics as a lemons market. Economics of Information Security (2004), 143–153.
  39. Lalaine: Measuring and Characterizing Non-Compliance of Apple Privacy Labels. In 32nd USENIX Security Symposium (USENIX Security 23). 1091–1108.
  40. How Usable Are iOS App Privacy Labels? Proceedings on Privacy Enhancing Technologies 4 (2022), 204–228.
  41. Shikun Zhang and Norman Sadeh. 2023. Do Privacy Labels Answer Users’ Privacy Questions?. In Symposium on Usable Security and Privacy (USEC).
Citations (6)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now