The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences

TL;DR

This paper investigates the limitations of current permission systems on smartphones and proposes a context-aware classifier that predicts user privacy decisions with high accuracy, aiming to improve privacy management.

Contribution

It introduces a longitudinal study and a novel classifier that dynamically grants or denies permissions based on context and user behavior, reducing unnecessary prompts.

Findings

Achieved 96.8% accuracy in predicting privacy decisions.

Reduced error rate fourfold compared to existing systems.

Demonstrated effectiveness of context-aware permission management.

Abstract

Current smartphone operating systems regulate application permissions by prompting users on an ask-on-first-use basis. Prior research has shown that this method is ineffective because it fails to account for context: the circumstances under which an application first requests access to data may be vastly different than the circumstances under which it subsequently requests access. We performed a longitudinal 131-person field study to analyze the contextuality behind user privacy decisions to regulate access to sensitive resources. We built a classifier to make privacy decisions on the user's behalf by detecting when context has changed and, when necessary, inferring privacy preferences based on the user's past decisions and behavior. Our goal is to automatically grant appropriate resource requests without further user intervention, deny inappropriate requests, and only prompt the user when the system is uncertain of the user's preferences. We show that our approach can accurately predict users' privacy decisions 96.8% of the time, which is a four-fold reduction in error rate compared to current systems.