The Design of the User Interfaces for Privacy Enhancements for Android Jason I. Hong, Yuvraj Agarwal, Matt Fredrikson, Mike Czapik, Shawn Hanna, Swarup Sahoo, Judy Chun, Won-Woo Chung, Aniruddh Iyer, Ally Liu, Shen Lu, Rituparna Roychoudhury, Qian Wang, Shan Wang, Siqi Wang, Vida Zhang, Jessica Zhao, Yuan Jiang, Haojian Jin, Sam Kim, Evelyn Kuo, Tianshi Li, Jinping Liu, Yile Liu, Robert Zhang Carnegie Mellon University,
[email protected] We present the design and design rationale for the user interfaces for Privacy Enhancements for Android (PE for Android). These UIs are built around two core ideas, namely that developers should explicitly declare the purpose of why sensitive data is being used, and these permission-purpose pairs should be split by first party and third party uses. We also present a taxonomy of purposes and ways of how these ideas can be deployed in the existing Android ecosystem. CCS CONCEPTS •Human-centered computing~Ubiquitous and mobile computing~Ubiquitous and mobile computing systems and tools •Security and privacy~Human and societal aspects of security and privacy~Privacy protections •Security and privacy~Human and societal aspects of security and privacy~Usability in security and privacy Additional Keywords and Phrases: Smartphone, privacy, Android, Privacy Enhancements for Android, user interface design 1 INTRODUCTION Privacy Enhancements for Android (PE for Android1) is a DARPA-funded project seeking to improve the privacy of the Android Open Source Project (AOSP). In this white paper, we focus on one specific aspect of PE for Android, namely the new privacy-focused user interfaces that our team has been designing, prototyping, and testing over the past four years of this project.