Mobile apps need certain permissions to work. Granting permissions give apps access to your data. This may seem harmless, but apps are asking for permissions that leave users vulnerable to harm. For instance, camera, photo library, and location permissions are requested the most often by apps and are also some of the riskiest data. This exposes sensitive and private information not just to hackers, but also to companies seeking to make a profit from consumer data. With an ever increasing number of mobile app downloads and permissions granted, people are at risk of data theft and redistribution.
We first conducted a survey and interview to identify the specific pain points that people were having with technology. The survey results indicated that the most common issue that people were having with their technology wasn't usability, but more transparency and security fears. People reported being worried about not understanding what Bluetooth was and how the Cloud worked. Several interviewees also mentioned worrying about targeted ads and the data that companies were tracking/collecting. We narrowed our scope to designing for security and privacy.
We recruited and interviewed three experts in the areas of privacy, security, and political technology; Dr. Sameer Patil, Dr. Apu Kapadia, and Dr. Hamid Ekbia. Our interviews helped us understand that there isn’t just a single solution to privacy violations, a multi-pronged approach is needed. We learned that technology alone will not bring about change but must be coupled with new laws and regulations.
Dr. Sameer Patil offered us the opportunity to work with data from Android users mobile devices of the permissions that were requested from their downloaded apps. We decided to analyze this data to try and design for security and privacy. From looking at this data we realized that firstly, there were a lot of permissions that we had never heard of and couldn't understand. Secondly, apps were asking for permissions that they didn't seem to need for their functionality. We began by analyzing the data to calculate the average number of permissions that people were granting.
We collected exemplars of designs that we found inspiring to aid us in our design process. We identified these through a survey of existing websites and apps for privacy tracking as well as academic reserach on security and private.
We conducted a design workshop with groups of 3-4 people to understand what people were most concerned with in regards to their privacy and what designs would be the most useful for them to protect themselves.We showed participants a set of cards with "What If" questions such as "What if privacy agreements were in the form of a graphic novel?" with some simple sketches of the concepts we were describing.
We then asked participants to create their own cards based off of our initial cards, with new What If scenarios and sketches of concepts. We encouraged them to talk out loud to us and each other while completing this activity. The workshop revealed that participants found prominent warnings with visual representation to be the most useful for bringing about behavioral change, and that they wanted the facts about security issues, including the risks.
Building upon our insights from our expert interviews and design workshops we brainstormed ideas. By giving people control over their permissions and a way to change policy, we address helplessness. By showing people their security score and explaining the different permissions, we give them knowledge. By showing the the permissions that they are allowing, we help them have awareness of their behavior.