Select Page
Research library

Using personal examples to improve risk communication for security & privacy decisions

IT security systems often attempt to support users in taking a decision by communicating associated risks. However, a lack of efficacy as well as problems with habituation in such systems are well known issues. In this paper, we propose to leverage the rich set of personal data available on smartphones to communicate risks using personalized examples. Examples of private information that may be at risk can draw the users’ attention to relevant information for a decision and also improve their response. We present two experiments that validate this approach in the context of Android app permissions. Private information that becomes accessible given certain permissions is displayed when a user wants to install an app, demonstrating the consequences this installation might have. We find that participants made more privacy-conscious choices when deciding which apps to install. Additionally, our results show that our approach causes a negative affect in participants, which makes them pay more attention.


You May Also Like