Using Visualizations to Enhance Users’ Understanding of
App Activities on Android Devices
Chika Eze, Jason R. C. Nurse
∗
, and Jassim Happa
Department of Computer Science, University of Oxford, UK
Abstract
The ever-increasing number of third-party applications developed for Android devices has resulted
in a growing interest in the secondary activities that these applications perform and how they af-
fect a user’s privacy. Unfortunately, users continue to install these applications without any concrete
knowledge of the breadth of these activities; hence, they have little insight into the sensitive infor-
mation and resources accessed by these applications. In this paper, we explore users’ perception and
reaction when presented with a visual analysis of Android applications activities and their security
implications. This study uses interactive visual schemas to communicate the effect of applications
activities in order to support users with more understandable information about the risks they face
from such applications. Through findings from a user-based experiment, we demonstrate that when
visuals diagrams about application activities are presented to users, they became more aware and
sensitive to the privacy-intrusiveness of certain applications. This awareness and sensitivity stems
from the fact that some of these applications were accessing a significant number of resources and
sensitive information, and transferring data out of the devices, even when they arguably had little
reason to do so.
Keywords: Smartphone Security, Privacy, Android, Data Visualization, Visual Analytics, App Per-
missions, Resources, Information Leakage, Human Aspects, Decision-Making.
1 Introduction
The development and provision of innovative mobile device applications (apps) has fueled the rapid
growth of app markets. Android, a key player in this field, currently has over 1,400,000 apps in its
official app market – Google Play Store, as at February 2015 [1], which is significantly more than the
19,000 which it had in December 2009. One of the many reasons for this vast expansion of the Android
app market is the support for third-party development (via an extensive Application Programming In-
terface (API)) that gives new apps access to the device hardware, communication channels, user data,
and general device settings. These APIs provide developers with access to a multiplicity of sensitive
resources such as Camera, Contacts, Location, Microphone, Phone Details (IMEI, IMSI, ICCID), and
user information such as the user’s current location, contact list, pictures, messages, and so on.
Driven by the desire to explore the latest software and technology, today’s mobile users are keen
to download and use these third-party apps, unfortunately, with little concrete knowledge of their activi-
ties [2]. In an effort to restrict the privileges of third-party app developers, Android has equipped its APIs
with a permission-based security system to control each apps’ access to private and sensitive device re-
sources as well as users’ information. This permission-based system trusts that users have the capability
of discerning what permissions should or should not be granted to an app. In the still most used – but now
superseded – Android Version 4 and 5 permission models, users were expected to grant all permissions
requested by an app before it could be installed on the device. This “all-or-nothing” approach meant that
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 7:1 (Mar. 2016), pp. 39-57
∗
Corresponding author: Department of Computer Science, University of Oxford, Wolfson Building, Parks Road, Oxford,
39