Building a mobile system for facilitating swift and personalized privacy provisioning in smartphone sharing situations

Abstract

In everyday life, people frequently share their smartphones, e.g., either by placing their device on the table while socializing with their friends, or showing vacation photographs to an office colleague. In such situations, a smartphone owner is vulnerable to sensitive information leaks which may arise from a private message notification that may get overseen by others. Furthermore, he may also accidentally expose sensitive information himself, e.g., by stumbling upon a private photograph in the course of swiping through his vacation photographs. Social interactions encompassing a user’s smartphone may nudge an individual to take some privacy measures, in-situ. For example, a device user may place his smartphone, face down, on a table for preventing information leaks from message notifications. However, the users of smartphones often perceive such actions as a barrier to their device usability. By flipping the screen down, users may no longer interact with their promptly delivered notifications. In this thesis, I newly conceptualize the idea of providing user-preferred just-in-time privacy provisioning means to smartphone users. To this end, a personalized just-in-time privacy provisioning service can facilitate usability-aware privacy decision-making support to its users when their smartphones are intentionally or inadvertently shared with others. To this point, it is worth noting that today’s privacy provisioning models, available on modern smartphones, are built on providing all-or-nothing information access. Thus, they require their users to make a single privacy choice for all applications and usage scenarios, hence, limits device usability. As a cornerstone, I performed preliminary user studies to explore individuals’ perspectives on dynamic information leaks, when their smartphone interaction encroaches on social space. From the results and inspiration delivered from the user studies, I conducted a design workshop for conceptualizing the design of a mobile system that supports smartphone users to configure their desired privacy preferences, in-situ, without sacrificing device usability. Later, I propose, PrivacyShield, that facilitates use of personalized gesture commands for achieving desired privacy configurations. To do so, the system provides privacy policies associated with gesture-command-inputs. The system leverages the screen I/O device (i.e., the screen digitizer) of smartphones to recognize gesture commands, even when the phone’s screen is turned off. Based on the gesture-command-inputs, various privacy-protection policies can be configured on-the-fly. The system also provides an Application Programming Interface (API) for smartphone apps to achieve selective hide functionality for their data, and thus better balance their privacy and usability. At last, we performed a field study with the system prototype. From the real-world usability study, this thesis uncovers novel user experiences to understand the effectiveness of PrivacyShield.