Mobile App Privacy and the Consumer: Cranor Offers Insight into the Strained Relationship

Consumers want to know what’s going to happen to their data when they accept mobile application permissions, said Lorrie Faith Cranor, Carnegie Mellon professor, at a Federal Trade Commission (FTC) workshop last week. Professor Cranor sat on the Mobile Privacy Disclosures panel with five other privacy experts during the FTC’s Advertising & Privacy Disclosures workshop.

Mobile applications have widespread use – almost 30 billion apps were downloaded in 2011 alone – but there are no hard-and-fast rules for privacy policies, making them confusing and often inconsistent among applications.

The Carnegie Mellon professor is no stranger to how consumers feel about mobile applications’ privacy policies. Professor Cranor discussed a study she conducted to determine whether Android smartphone users read or understood smartphone permissions screens. The study found that users did not understand how Android was protecting them, and were unaware of the security risks for mobile applications in general.

Other panelists suggested ways to better educate mobile app users. Ilana Westerman from Create with Context believes transparency is important for consumers to trust mobile applications. When consumers are aware of how the app will affect their data, they feel in control, she said; however, when expectations are violated, trust is eroded.

Westerman mentioned that trust icons, or buttons that designate an app is secure, may help create transparency, but there seemed to be some dissent among the panelists to whether these icons were indeed effective. Jim Brock of PrivacyChoice noted that with so many different policies, icons could be cryptic to users. There are challenges with trust icons because an icon cannot convey the nuances of a privacy policy, and, put more simply by Professor Cranor, “privacy doesn’t lend itself to pictograms.”

It is less a question about icons and more about trust in the brand. World Privacy Forum’s Pam Dixon says consistency is key to building trust with mobile app users. Kevin Trilli from TRUSTe believes that consumers are looking for experts they trust to guide them on what an appropriate privacy policy should look like.

Ultimately, it comes down to giving consumers the information they need to know when reading and accepting privacy policies. People need to be able to make informed decisions, Professor Cranor said, and they should have meaningful choices.