Jingwen Yan (Clemson University), Mohammed Aldeen (Clemson University), Jalil Harris (Clemson University), Kellen Grossenbacher (Clemson University), Aurore Munyaneza (Texas Tech University), Song Liao (Texas Tech University), Long Cheng (Clemson University)

As the number of mobile applications continues to grow, privacy labels (e.g. Apple’s Privacy Labels and Google’s Data Safety Section) emerge as a potential solution to help users understand how apps collect, use and share their data. However, it remains unclear whether these labels actually enhance user understanding to build trust in app developers or influence their download decisions. In this paper, we investigate user perceptions of privacy labels through a comprehensive analysis of online discussions and a structured user study. We first collect and analyze Reddit posts related to privacy labels, and manually analyze the discussions to understand users’ concerns and suggestions. Our analysis reveals that users are skeptical of self-reported privacy labels provided by developers and they struggle to interpret the terminology used in the labels. Users also expressed a desire for clearer explanations about why specific data is collected and emphasized the importance of third-party verification to ensure the accuracy of privacy labels. To complement our Reddit analysis, we conducted a user study with 50 participants recruited via Amazon Mechanical Turk and Qualtrics. The study revealed that 76% of the participants indicated that privacy labels influence their app download decisions and the amount of data practice in the privacy label is the most significant factor.

View More Papers

Query Privacy in Data Spaces

Shuwen Liu (School of Data Science, The Chinese University of Hong Kong, Shenzhen, China), George C. Polyzos (School of Data Science, The Chinese University of Hong Kong, Shenzhen, China and ExcID P.C., Athens, Greece)

Read More

“Where Are We On Cyber?” – A Qualitative Study...

Jens Christian Opdenbusch (Ruhr University Bochum), Jonas Hielscher (Ruhr University Bochum), M. Angela Sasse (Ruhr University Bochum, University College London)

Read More

Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel

Hang Zhang (Indiana University Bloomington), Jangha Kim (The Affiliated Institute of ETRI, ROK), Chuhong Yuan (Georgia Institute of Technology), Zhiyun Qian (University of California, Riverside), Taesoo Kim (Georgia Institute of Technology)

Read More

Oreo: Protecting ASLR Against Microarchitectural Attacks

Shixin Song (Massachusetts Institute of Technology), Joseph Zhang (Massachusetts Institute of Technology), Mengjia Yan (Massachusetts Institute of Technology)

Read More