Mobile Device Information Privacy: The Effects of Risk Experience and Education on Information Disclosure

by

Print Friendly, PDF & Email

Erik Andersen and Dr. Mark Keith, Information Systems

Information privacy research has demonstrated that consumers vary greatly in terms of their understanding of the real risks of disclosing personal information and location data over mobile applications. Those who truly understand the risks behave rationally and base their disclosure decisions on a risk/reward tradeoff. Those who don’t understand the risks use heuristics to estimate threats and behave with “bounded” rationality.

Although it is known that consumers vary in terms of their rationality when making information disclosure decisions, the process by which consumers become rational decision makers is not understood. The purpose of this study is to understand how education and experience about the real risks of information disclosure over mobile applications will change consumers’ actual disclosure behaviors (i.e. rationality) over time.

Consumers learn about information privacy risks in two primary ways. First, they might read a news article or view a news report. Typically, this will lead them to become increasingly risk averse. Second, they learn from experience. By downloading and using mobile apps and disclosing information through them, consumers have the opportunity to learn by experience whether their information will be misused. However, recent news articles of gross privacy breaches by both Apple and Google have demonstrated that consumers will usually have no way of knowing whether an app provider is using their information unethically.

Therefore, to serve the purpose of this research requires a novel methodology. Simply creating survey or a mock news article will not create realistic fears and perceptions in the minds of research participants. Rather, it is critical to have the ability to both observe real consumer mobile app usage as well as manipulate variables of interest. As a result, the only way to accomplish this is by creating a mobile application and observing its usage based on data collected through the app.

My role in this project was to help create the mobile application to be used in the experiment. I created an app called BOLD which is currently available in the Apple App Store™. BOLD is a location analysis app. It is marketed to consumers as a utility that will help you understand what mobile apps can learn about you from collecting your location data “behind the scenes.” There are several key features of BOLD that allow for a detailed analysis of consumer behavior over time.

First, we obtained IRB approval to refrain from requiring participants to provide informed consent. Informing participants about the true nature of the app would almost certainly bias their behavior. Rather, we will announce to students that a local app company has asked for their help in evaluating a new app in the “Beta” stage and we need them to try it out. Next, the app is designed to record the consumer’s GPS location (a latitude, longitude pair) every 10 minutes. This is as often as any app could do this without draining the battery too fast. The point of this is to gather about as much data as the most offending apps could. This location data is then used to create a pie chart, bar graph, or table that summarizes each category of locations the consumer is known to have been to. For example, 68 percent “residential”, 10 percent “university”, 12 percent “shopping”, 5 percent “restaurant”, and 5 percent “travel”.

Next, the consumer is asked to disclose a variety of profile information (name, address, phone, gender, ethnicity, birthdate, relationship status, annual income) that varies in terms of sensitivity. This data is used to create prediction, based on their location data. In other words, based on the consumer’s location data, the app predicts the consumer’s gender, ethnicity, relationship status, income, education level, and employment tenure. Doing so allows the consumer to see how accurately their personal information can be determined from simple GPS location queries from a mobile app.

There are two primary manipulations within the app that will give us greater insight into the learning process. First, each consumer is randomly assigned to receive his or her location analysis in one of three forms: 1) pie chart, 2) bar chart, or 3) table summary. This will allow us to see whether data visualization affects risk sensitivity. Second, we will intentionally vary the accuracy of the personal information predictions. Consumers are randomly assigned to receive either very accurate or very inaccurate predictions.

Currently, the mobile app has been generated for iOS devices and is ready to be executed in a longitudinal data collection. An Android version will be ready by the end of the summer. The plan is to use student participants from three classes in the Fall 2013 semester (n=1000). Students will simply download the app and be reminded to examine the location data results periodically. The app has also been designed to detect all of the other apps currently installed on the consumer’s device. By tracking this over time, we will know whether consumers disclose more or less information over mobile apps as they gain knowledge about the information that any mobile app can potentially collect about them. Below is a sample of screenshots from the app I have developed. We anticipate that the results of this study will create new knowledge with a high degree of internal and external validity, which is not found in current research.