Researchers have been working on tools (like AppFence) to help users control how their personal information is used by applications. Recently, some colleagues and I asked 25 Android users to tell us about their bad experiences with applications, to provide insight into whether there is real user demand for more control over how applications access and use their personal information.
We asked, “Have you ever uninstalled (or stopped using) an application because you didn’t like what it was doing with your personal information?” 6 of 25 people said yes:
- Spam. Three people said that they’d uninstalled apps that sent them spam and/or used their accounts to send spam to others. For example, one person reported that an application had misused her Twitter account: “I logged on and it was posting crazy stuff like, ‘Oh! I just won $1000 while doing this or something’ … And I’m like, that definitely wasn’t me, it was the app.”
- Social privacy. One person said that she didn’t like how an application shared information about her on Facebook. “I went on [app name] to buy tickets and if you went on Facebook you could see who bought tickets where and what their names are. So I chose not to buy tickets on [app name] because I didn’t want anyone to see where I sat if they went on to Facebook.”
- Programming errors. Two people said that they had used applications with logic errors that affected their personal information. For example, “But what it did was, if I sent a text message to one person, it would send it to everyone in my list.”
- General privacy. One person read a Wall Street Journal article that listed applications that share user data with other parties like advertising networks. “…I went through my phone and went through that list, and got rid of all of them except for one. … Shazam was the only one I kept, because the functionality. I know people are taking my stuff but functionality-wise I need that.”
Two other users said that they would uninstall applications if the applications misused their personal information, but they had no way of knowing how their data was being used.