The document discusses the challenges of mobile app privacy, emphasizing that both users and developers share responsibility for protecting personal information. It highlights the inconsistency in user decision-making regarding privacy and the importance of providing digestible privacy information at the point of decision. Moreover, it suggests that affordability is central to privacy improvements and encourages collaborative efforts between users and developers.

1. Mobile App Privacy —
You’re Doing It Wrong
(and so am I)
Graham Lee, Smartphone Security Boffin,
Fuzzy Aliens Limited
fuzzyaliens.com

2. Mobile App Privacy —
You’re Doing It Wrong
(and so am I)
Graham Lee, Smartphone Security Boffin,
Fuzzy Aliens Limited

3. Mobile App Privacy —
You’re Doing It Wrong
(and so am I)
Graham Lee, Smartphone Security Boffin,
Fuzzy Aliens Limited
Desktop
Server
Telecom CO
Particle Accelerator

4. Mobile App Privacy —
You’re Doing It Wrong
(and so am I)
Graham Lee, Smartphone Security Boffin,
Fuzzy Aliens Limited
Desktop
Server UX
Telecom CO Requirements Eng
Particle Accelerator Dev Ops
Source Control
…

5. Pre-intro Disclaimer

6. Introductory Story

7. Introductory Story
• I can’t explain why I did what I did

8. Introductory Story
• I can’t explain why I did what I did
• It’s not just hard to explain the
rules, I don’t know them

9. Introductory Story
• I can’t explain why I did what I did
• It’s not just hard to explain the
rules, I don’t know them
• Ask me, I’ll not only give the
wrong answer, I’ll do something
different

10. Introductory Story
• I can’t explain why I did what I did
• It’s not just hard to explain the
rules, I don’t know them
• Ask me, I’ll not only give the
wrong answer, I’ll do something
different
• My original plan got replaced at
run-time in the face of new
inputs

11. Erm…privacy?

12. Erm…privacy?

13. TAP HERE TO
SMASH THEM
PIGS
Erm…privacy?

14. Erm…privacy?

15. iOS Example

16. iOS Example

17. iOS Example

18. iOS Example

19. Historical Example
“ The Platform for Privacy Preferences
Project (P3P) enables Websites to
express their privacy practices in a
standard format that can be retrieved
automatically and interpreted easily
by user agents. P3P user agents will
allow users to be informed of site
practices (in both machine- and
human-readable formats) and to
automate decision-making based on
these practices when appropriate.
Thus users need not read the
privacy policies at every site they
visit. ”

20. What can we draw
from this?

21. What can we draw
from this?
• People are capricious

22. What can we draw
from this?
• People are capricious
• We can’t tell you what information we’ll
use to make any decision

23. What can we draw
from this?
• People are capricious
• We can’t tell you what information we’ll
use to make any decision
• A rational choice made earlier can be
overridden by novel changes in
environment

24. What can we draw
from this?
• People are capricious
• We can’t tell you what information we’ll
use to make any decision
• A rational choice made earlier can be
overridden by novel changes in
environment amme rs a n d
Sp
phish e rs k n o w
t his

25. Therefore, give users an
easily-digestible amount
of pertinent
information AT
DECISION TIME

26. Just-in-time information
what I’m trying to do
how it’s going

27. Social Media

28. Social Media
Your mum can read what you post!
Change privacy settings

29. Social Media

30. Social Media
IN REPLY TO DM

31. Confidential Data

32. Confidential Data
Warning: attachment includes credit card data.
Delete Attachment

33. Summary
• Users can help
themselves to privacy…
• …if app developers do
their part and help out
• AFFORDABILITY IS
KEY (in everything)
• Read these books ➡

34. Summary
• Users can help
themselves to privacy…
• …if app developers do
their part and help out
• AFFORDABILITY IS
KEY (in everything)
• Read these books ➡

35. Summary
• Users can help
themselves to privacy…
• …if app developers do
their part and help out
• AFFORDABILITY IS
KEY (in everything)
• Read these books ➡

36. Summary
• Users can help
themselves to privacy…
• …if app developers do
their part and help out
• AFFORDABILITY IS
KEY (in everything)
• Read these books ➡

37. @iamleeg

38. @iamleeg
fuzzyaliens.com

39. @iamleeg
fuzzyaliens.com