Are users aware of the permissions that they are giving to an app when they install it?
Topic: Consistency and Convention
Han and I did a brief study on design consistency. We found an article that describes a study on a corpus of apps in the Android App store and their inconsistencies with their public description, UI, and code.
Alharbi, Khalid, et al. “Android Apps Consistency Scrutinized.” CHI 2014 Extended Abstracts on Human Factors in Computing Systems. Toronto, ON, Canada: ACM, 2014, 2347-2352. 26 April 2014. Web. 29 January 2016.
In the article “Android Apps Consistency Scrutinized,” the authors present their preliminary findings in the study of identifying inconsistencies in Android apps. For this study, they use around 180,000 apps published on Google Play Store with their main analysis focused on user permissions for cameras. In this article, the authors describe the technical steps that they take and also share 3 different inconsistencies that they find.
In order to perform their work, the authors create an Android app descriptor that allows them to compare different apps targeting public, user interface (UI), and code features. They collect a variety of public features like descriptions, reviews, app titles, and permissions directly from Google Play Store using an unofficial open source API. They only analyzed the text and layout of the UI features. The data collected from their work is the product of reverse-engineering techniques. The code features they take into consideration are methods, Android library calls, and relationships between user events. For the methods that launch after each of those user events, the authors disassemble and decompile the APK file for each app in their study.
Of the 180,000 apps that were analyzed, about 9.9% of them described camera usage on a public description level. 300 of those didn’t request for the camera on the permission level and 500 of them did but had inconsistencies on the code level. The 3 camera permission inconsistencies that the authors found are inconsistencies between public and interface features, interface and code features, and public and code features. The first one basically talks about the use of the camera component in an app that launches by using objects on the UI, but the public description of the app never describes this use. The inconsistency between the interface and the code features describes the behavior of an app’s code that launches the camera from an UI object without the knowledge of the user. The last inconsistency that the authors share is between public and code features that takes place when publicly an app’s description defines the features of that app, but its code launches the camera feature at some point.
Finally, the authors make a claim about their limitations on this study since they are not taking in consideration images, for instance. But they point out some others parameters that they will use for their future studies like statistics, other kinds of permissions, and presence of advertisement to have a better way to look for inconsistencies in Android apps.
- Are users aware of the permissions that they are giving to an app when they install it? What are features of consistencies that users look for in mobile apps?
- Inconsistency in apps may leave the user surprised, confused, annoyed, or even harmed. When an app gains more permissions than it needs, is it a bug, malice, or feature?
Real World Example - Barcode Scanners:
We compared some barcode scanner apps from the Google Android Play Store and contrasted their consistency in relation to their rankings and user count. We found that apps that require more permission than described had either lower rating or less users. Apps that were consistent and conventional had higher ratings and reasonable amount of users.
Actual user comments about permission consistency from the barcode scanner reviews.
In the case of Barcode Scanner (Rating: 4.1, Users: 764,382), they publicly described the reasons for requiring their many permissions, therefore remaining consistent. Their slightly lower rating may be from users that do not agree with this.
This study really opened my eyes to the bigger picture pertaining to the deeper ends of mobile applications. We live in a generation that survives on mobile apps everyday yet most of us are unaware of the potential extra features it may have. There should be enforced standards of internal consistency that apps should be required to follow before being able to be submitted into the store.