Short Description

PrEvoke investigates the consequences of revoking privacy decisions. In particular, users are generally unaware of how such decisions affect an app's functionality, behavior, or content.

PrEvoke - Supporting Users in Informed Privacy Permission Revocation

Personalizing digital services/apps requires access to sensitive data, such as users’ location, calendar, or personal stored content, among others. At the same time, the influence of (not) granting access to this data is generally unclear to users. Today's prevailing approach for privacy permissions is that users decide once, upon setup or first use, whether or not to grant the requested permissions. This cognitive process is commonly known as “privacy calculus”,  i.e., users decide if they consider the expected benefit from using the service/app to match the value of the provided data.

The challenge is that in most cases, users never reconsider and/or revoke those decisions.


Understanding Users’ Concerns and Expectations

With this project, we aim at understanding users’ concerns regarding the consequences of revoking privacy decisions, i.e., whether this will affect an app’s or service’s core functionality and/or how the quality or appropriateness of content selection and behavior will be affected. To this end, we will assess users’ expected consequences and concerns of revoking privacy permissions, whether these match reality and how concepts can be created to address misconceptions and concerns.


Understanding Service / App Behavior

Moreover, we will assess how revoking particular permissions influences the actual functionality of a set of web services and mobile apps. We will compare the findings from this assessment (i.e., actual behavior of services and applications) with users’ expectations. This will allow us to identify misconceptions as well as information that needs to be conveyed through a privacy permission revocation assistant to address these.

Application Areas: Web Services and Smartphone Apps

We will focus on privacy permissions in two application areas: web services and smartphone apps. This allows for investigating a broad range of privacy  permissions. Examples include, but are not limited to, body sensors, calendar, call logs, camera, contacts, files and media, location, microphone, payment information, physical activity, SMS, device name, and ad identifier. We expect the findings to be applicable beyond these application areas, in particular to smart home / Internet of Things and Augmented Reality devices.


Funded by: Google Munich; Project duration: 12/2021 - 12/2022