Buying Privacy: User Perceptions of Privacy Threats from Mobile Apps

Abstract: As technology and technology companies have grown in power, ubiquity, and societal influence, some companies -- and notably some mobile apps -- have come to be perceived as privacy threats. Prior work has considered how various factors impact perceptions of threat, including social factors, political speech, and user-interface design. In this work, we investigate how user-visible context clues impact perceptions about whether a mobile application application poses a privacy threat. We conduct a user study with 2109 users in which we find that users depend on context clues -- such as presence of advertising and occurrence (and timing of payment) -- to determine the extent to which a mobile app poses a privacy threat. We also quantify how accurately user assessments match published data collection practices, and we identify a commonly-held misconception about how payments are processed. This work provides new insight into how users assess the privacy threat posed by mobile apps and into social norms around data collection.