The privacy assistant simplifies this tedious process by learning the smartphone user’s preferences and quickly recommending the most appropriate settings, such as which application to share the user’s location or contact list.
Research shows that people’s preferences can generally be organized into a small number of categories, or “profiles,” that differ based on a person’s willingness to grant different types of applications access to his or her information, says Norman Sadeh, professor of computer science at CMU.
The privacy assistant can determine to which of these categories a person belongs. Machine learning techniques enable the assistant to analyze a user’s response to a small number of questions focusing on the particular applications the person has on his or her phone.
“It’s clear that people just can’t cope with the complexities of privacy settings associated with the apps they have on their smartphones,” Sadeh says. “And it’s not just smartphone apps. The growing number of sensors and other smart devices that make up the so-called Internet of Things will impact privacy and make it even more challenging for users to retain control over their data and how it is being used.”
In a field study conducted by CMU, 49 people used the privacy assistant and 23 did not. Of those using the privacy assistant, nearly 80% adopted its privacy recommendations.
Both groups were sent daily “privacy nudges”—messages alerting them to what may be surprising behavior by applications. Such a nudge might note that a certain application or set of applications had shared the user's location with a third party multiple times. Previous work has shown that these nudges can help a person better determine the privacy settings he or she prefers.
Over the course of the study, participants changed only 5% of the settings that had originally been recommended to them by the personal privacy assistant.
“Our findings suggest that the personal privacy assistant does a good job of properly profiling each user and that its recommendations based on those profiles were useful,” Sadeh says.