Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Journal of Business and Technology 15.1, 2020

Kelley School of Business Research Paper No. 2020-57

46 Pages Posted: 26 Mar 2020

See all articles by Anjanette Raymond

Anjanette Raymond

Indiana University - Kelley School of Business - Department of Business Law; Queen Mary University of London, School of Law; Indiana University Maurer School of Law

Jonathan Schubauer

affiliation not provided to SSRN

Dhruv Madappa

Indiana University, School of of Informatics, Computing & Engineering

Date Written: February 29, 2020

Abstract

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become ‘over-privileged’ to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited.

Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the over-reliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem.

Suggested Citation

Raymond, Anjanette and Schubauer, Jonathan and Madappa, Dhruv, Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance (February 29, 2020). Journal of Business and Technology 15.1, 2020; Kelley School of Business Research Paper No. 2020-57. Available at SSRN: https://ssrn.com/abstract=3546518

Anjanette Raymond (Contact Author)

Indiana University - Kelley School of Business - Department of Business Law ( email )

Bloomington, IN 47405
United States

Queen Mary University of London, School of Law ( email )

67-69 Lincoln’s Inn Fields
London, WC2A 3JB
United Kingdom

Indiana University Maurer School of Law ( email )

211 S. Indiana Avenue
Bloomington, IN 47405
United States

Jonathan Schubauer

affiliation not provided to SSRN

Dhruv Madappa

Indiana University, School of of Informatics, Computing & Engineering ( email )

United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
13
Abstract Views
121
PlumX Metrics