Stuck in the Permissions With You: Developer & End-User Perspectives on App Permissions & Their Privacy Ramifications

TL;DR

This study explores the perspectives of developers and end-users on app permissions, revealing shared concerns about trust and privacy, and highlighting misunderstandings and responsibilities related to permission granting.

Contribution

It provides empirical insights into developer motivations, misconceptions, and end-user beliefs about permissions, bridging a gap in existing permission research.

Findings

Both groups are concerned about trust and privacy risks.

Developers sometimes request multiple permissions due to confusion.

End-users believe they are responsible for granting permissions.

Abstract

While the literature on permissions from the end-user perspective is rich, there is a lack of empirical research on why developers request permissions, their conceptualization of permissions, and how their perspectives compare with end-users' perspectives. Our study aims to address these gaps using a mixed-methods approach. Through interviews with 19 app developers and a survey of 309 Android and iOS end-users, we found that both groups shared similar concerns about unnecessary permissions breaking trust, damaging the app's reputation, and potentially allowing access to sensitive data. We also found that developer participants sometimes requested multiple permissions due to confusion about the scope of certain permissions or third-party library requirements. Additionally, most end-user participants believed they were responsible for granting a permission request, and it was their choice to do so, a belief shared by many developer participants. Our findings have implications for improving the permission ecosystem for both developers and end-users.