Skip, Skip, Skip, Accept!!!: A Study on the Usability of Smartphone Manufacturer Provided Default Features and User Privacy

TL;DR

This study investigates smartphone users' awareness, perceptions, and practices regarding default features and privacy, revealing limited awareness and challenges in configuring privacy settings, which can leave users vulnerable.

Contribution

It provides new insights into user interactions with default features and privacy controls, highlighting usability issues and coping strategies across Android and iOS.

Findings

Users have limited awareness of default features and privacy implications.

Difficulty in locating and adjusting privacy settings due to hidden controls.

Users employ various coping strategies, some increasing vulnerability.

Abstract

Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users' data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard -- their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smartphone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy. We explored the following: users' awareness of these features, why and when do they change the settings of these features, the challenges they face while configuring these features, and finally the mitigation strategies they adopt. Our findings reveal that users of both platforms have limited awareness of these features and their privacy implications. Awareness of these features does not imply that a user can easily locate and adjust them when needed. Furthermore, users attribute their failure to configure default features to hidden controls and insufficient knowledge on how to configure them. To cope with difficulties of finding controls, users employ various coping strategies, some of which are platform specific but most often applicable to both platforms. However, some of these coping strategies leave users vulnerable.