Time Frame: February 2019-April 2019 (3 months)
Team: Kavya Basu, Lisa Butler, Yunyan Yang, Sihan Zha
Methods: Survey, Interviews, Design Workshops, Competitive Analysis, Information Architecture, Wireframing, Visual Design, Usability Testing


Mobile apps need certain permissions to work. Granting permissions give apps access to your data. This may seem harmless, but apps are asking for permissions that leave users vulnerable to harm. For instance, camera, photo library, and location permissions are requested the most often by apps and are also some of the riskiest data. This exposes sensitive and private information not just to hackers, but also to companies seeking to make a profit from consumer data. With an ever increasing number of mobile app downloads and permissions granted, people are at risk of data theft and redistribution.


How might we best enable people to control their privacy in this era of data breaches while giving them the tools to bring about policy change?


Finding the pain points

We first conducted a survey and interview to identify the specific pain points that people were having with technology. The survey results indicated that the most common issue that people were having with their technology wasn't usability, but more transparency and security fears. People reported being worried about not understanding what Bluetooth was and how the Cloud worked. Several interviewees also mentioned worrying about targeted ads and the data that companies were tracking/collecting. We narrowed our scope to designing for security and privacy.

Giving people the tools to protect themselves

We recruited and interviewed three experts in the areas of privacy, security, and political technology; Dr. Sameer Patil, Dr. Apu Kapadia, and Dr. Hamid Ekbia. Our interviews helped us understand that there isn’t just a single solution to privacy violations, a multi-pronged approach is needed. We learned that technology alone will not bring about change but must be coupled with new laws and regulations.

Mobile app permissions are confusing for people to manage

Dr. Sameer Patil offered us the opportunity to work with data from Android users mobile devices of the permissions that were requested from their downloaded apps. We decided to analyze this data to try and design for security and privacy. From looking at this data we realized that firstly, there were a lot of permissions that we had never heard of and couldn't understand. Secondly, apps were asking for permissions that they didn't seem to need for their functionality. We began by analyzing the data to calculate the average number of permissions that people were granting.

Data visualization helps people make informed choices

We collected exemplars of designs that we found inspiring to aid us in our design process. We identified these through a survey of existing websites and apps for privacy tracking as well as academic reserach on security and private.

Prominent warnings with visual representation help bring about behavior change

We conducted a design workshop with groups of 3-4 people to understand what people were most concerned with in regards to their privacy and what designs would be the most useful for them to protect themselves.We showed participants a set of cards with "What If" questions such as "What if privacy agreements were in the form of a graphic novel?" with some simple sketches of the concepts we were describing.

We then asked participants to create their own cards based off of our initial cards, with new What If scenarios and sketches of concepts. We encouraged them to talk out loud to us and each other while completing this activity. The workshop revealed that participants found prominent warnings with visual representation to be the most useful for bringing about behavioral change, and that they wanted the facts about security issues, including the risks.


How can we design to help people with the lack of agency, knowledge, and awareness of behavior that they experience with regards to their data privacy & security?


Building upon our insights from our expert interviews and design workshops we brainstormed ideas. By giving people control over their permissions and a way to change policy, we address helplessness. By showing people their security score and explaining the different permissions, we give them knowledge. By showing the the permissions that they are allowing, we help them have awareness of their behavior.




Home Screen

Full Report