“Revoked just now!” Users’ Behaviors Toward Fitness-Data Sharing with Third-Party Applications
Détails
Télécharger: Zufferey2023PoPETS.pdf (4347.50 [Ko])
Etat: Public
Version: Final published version
Licence: CC BY 4.0
Etat: Public
Version: Final published version
Licence: CC BY 4.0
ID Serval
serval:BIB_1C9A39968549
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
“Revoked just now!” Users’ Behaviors Toward Fitness-Data Sharing with Third-Party Applications
Périodique
Proceedings on Privacy Enhancing Technologies
ISSN
2299-0984
Statut éditorial
Publié
Date de publication
01/2023
Peer-reviewed
Oui
Volume
2023
Numéro
1
Pages
47-67
Langue
anglais
Résumé
The number of users of wearable activity trackers (WATs) has rapidly increased over the last decade. While these devices enable their users to monitor their activities and health, they also raise new security and privacy concerns given the sensitive data (e.g., steps, heart rate) they collect and the information that can be inferred from this data (e.g., diseases). Besides the service providers (e.g., Fitbit), WAT users can share their fitness data with third-party applications (TPAs) and individuals. Understanding how and with whom users share their fitness data and what kind of approaches they take to preserve their privacy is key to assess the underlying privacy risks and to further design appropriate privacy-enhancing techniques. In this work, we perform, through a large-scale survey of 𝑁 = 628 WAT users, the first quantitative and qualitative analysis of users’ awareness, understanding, attitudes, and behaviors toward fitness-data sharing with TPAs and individuals. In particular, we explore users’ practices and actual behaviors toward fitness-data sharing, as well as their mental models by asking them to draw their thoughts. Our empirical results show that about half of WAT users underestimate the number of TPAs to which they have granted access to their data, while 63% share data with at least one TPA that they do not actively use (anymore). Moreover, 29% of the users did not revoke TPA access to their data because they forgot they had given access to it in the first place, and 8% were not even aware they could revoke access to their data. Finally, their mental models as well as some of their answers demonstrate substantial gaps in their understanding of the data-sharing process. In particular, 67% of the respondents think that TPAs cannot access the fitness data that was collected before they granted access to it, while TPAs actually can.
Données de la recherche
Open Access
Oui
Financement(s)
Fonds national suisse / Projets / 200021_178978
Armasuisse S+T / CYD-C-2020007
Création de la notice
06/09/2022 19:50
Dernière modification de la notice
11/02/2023 6:51