“Revoked just now!” Users’ Behaviors Toward Fitness-Data Sharing with Third-Party Applications

Details

Ressource 1Download: Zufferey2023PoPETS.pdf (4347.50 [Ko])
State: Public
Version: Final published version
License: CC BY 4.0
Serval ID
serval:BIB_1C9A39968549
Type
Article: article from journal or magazin.
Collection
Publications
Institution
Title
“Revoked just now!” Users’ Behaviors Toward Fitness-Data Sharing with Third-Party Applications
Journal
Proceedings on Privacy Enhancing Technologies
Author(s)
Zufferey Noé, Salehzadeh Niksirat Kavous, Humbert Mathias, Huguenin Kévin
ISSN
2299-0984
Publication state
Published
Issued date
01/2023
Peer-reviewed
Oui
Volume
2023
Number
1
Pages
47-67
Language
english
Abstract
The number of users of wearable activity trackers (WATs) has rapidly increased over the last decade. While these devices enable their users to monitor their activities and health, they also raise new security and privacy concerns given the sensitive data (e.g., steps, heart rate) they collect and the information that can be inferred from this data (e.g., diseases). Besides the service providers (e.g., Fitbit), WAT users can share their fitness data with third-party applications (TPAs) and individuals. Understanding how and with whom users share their fitness data and what kind of approaches they take to preserve their privacy is key to assess the underlying privacy risks and to further design appropriate privacy-enhancing techniques. In this work, we perform, through a large-scale survey of 𝑁 = 628 WAT users, the first quantitative and qualitative analysis of users’ awareness, understanding, attitudes, and behaviors toward fitness-data sharing with TPAs and individuals. In particular, we explore users’ practices and actual behaviors toward fitness-data sharing, as well as their mental models by asking them to draw their thoughts. Our empirical results show that about half of WAT users underestimate the number of TPAs to which they have granted access to their data, while 63% share data with at least one TPA that they do not actively use (anymore). Moreover, 29% of the users did not revoke TPA access to their data because they forgot they had given access to it in the first place, and 8% were not even aware they could revoke access to their data. Finally, their mental models as well as some of their answers demonstrate substantial gaps in their understanding of the data-sharing process. In particular, 67% of the respondents think that TPAs cannot access the fitness data that was collected before they granted access to it, while TPAs actually can.
Research datasets
Open Access
Yes
Funding(s)
Swiss National Science Foundation / Projects / 200021_178978
Armasuisse S+T / CYD-C-2020007
Create date
06/09/2022 19:50
Last modification date
11/02/2023 6:51
Usage data