Gokhan Bal, Kai Rannenberg, and Jason Hong
International Information Security and Privacy Conference (SEC)
Modern smartphone platforms are highly privacy-affecting but not effective in properly communicating their privacy impacts to its users. Particularly, actual data-access behavior of apps is not considered in current privacy risk communication approaches. We argue that factors such as frequency of access to sensitive information is significantly affecting the privacy-invasiveness of applications. We introduce Styx, a novel privacy risk communication system that provides the user with more meaningful privacy information based on the actual behavior of apps. In a proof-of-concept study we evaluate the effectiveness of Styx.Our results show that more meaningful privacy warnings can increase user trust into smartphone platforms and also reduce privacy concerns.