Thursday, March 23, 2017

Evaluation of Privacy Permissions Usability in Windows Phone, Android and Apple iOS

By Saeed Alharthi

Every modern mobile system nowadays provides the user with a level of privacy permission control to limit what information about the user an application can have access to or gather. It is very important for users to know which information about them is shared with an application on their phone. Users should always be in control of what the application can know about them and what information does the application have access to.

For that, we have examined the privacy permission settings for applications in three mobile operating systems (Windows Phone, Android and iOS) to evaluate them from the user usability perspective. We focused on what options are not clear to the user and which options are not available. We highlighted the best practices we found from the three operating systems and suggested some solutions to issues found by eight test users.

Issues Found

  1. Privacy permissions section is not visible on installation of a new application
Figure 1: In Windows Phone, no privacy permissions section appears on the top of the page, it is found at the bottom of the page under "This app can"
Figure 2:  In Android, privacy permissions section doesn’t appear on the top of the page, it is found at the bottom of page under "Permission details"
Figure 3:  In Apple iOS, privacy permissions section doesn’t appear on the top of the page nor can it be found at the bottom of page
Two of the Windows Phone users didn’t think the information was available in the page. This was due to the location of the permission info at the bottom of the page and how the page was filled with many textual information that the user must read through to find the permission info (Figure 1). Android users didn’t have difficulties locating the option at the bottom of page, this is due to the large size font used and the clear icon (Figure 2). iOS however doesn’t have an option to show what permission an app may use so none of the test users could complete the task (Figure 3).

Solution suggested: A section for privacy permissions should be added near the top of the page. In Figure 4, 5 and 6, we show an example of how the option for the privacy permissions can be added in each system.

Figure 4: The "Permission info" can be moved under the application rating section in Windows Phone
Figure 5: The "permission details" link can be added beside the install button in Android
Figure 6: A "Privacy" tab can be added to the links on top of the page

  1. No option to access the application permission from the app menu (shortcuts when holding the app icon)
When asked to perform the second task, one tester reported that Windows Phone, Android and Apple iOS do not provide a shortcut option to access the app privacy permission from application icon. On the other hand, some android third party launchers do have this shortcut option and its more convenient method to find the privacy permissions for an application as the tester suggested.

Solution suggested: An entry can be added to the application shortcuts menu that link to the system privacy permission page (or perhaps even to the complete settings menu) for the application as suggested in the figures below.


  1. No settings menu for a specific application’s permissions in Windows Phone. Only by permissions category.
Users were asked to find which permissions an application is granted. For apple iOS users, this was relatively easy since each application’s privacy permission page was accessible from the main settings menu. Even though there is no heading to point out that the privacy permissions were accessible from the application list. Similarly, for Android users the app permission is accessible through the apps section in the settings menu. However, for Windows Phone, the option was not available even after digging through the different sections of the settings menu. The only method to locate the privacy permissions in the settings was in a categorized list under the privacy option in the settings menu.

Solution suggested: A clear section for the privacy permission should be added to the setting menu in Windows Phone. For iOS, a heading needs to be added on top of the application list.

Figure 7: In Windows Phone, there is no option for permission list by application
Figure 8: Application permission is found under the "Apps" section in Android
Figure 9: Application permissions is found at the bottom of the settings menu without heading
  1. No option in Android and iOS to disable a permission category for all apps at once.
In Windows Phone, a feature that was noted by the test users was the option to disable a permission category with one toggle switch instead of having to disable each app’s access separately (Figure 10). A user noted that this is convenient because it works like an undo button when they re-enable a category (location for example), only the applications that have been granted the access previously will be re-enabled rather than having to go through the list and re-select which apps to grant the access to and which not.
This option is not available in Android and iOS however and based on the user feedback it will be a good feature to add in the future.

Figure 10: a single switch toggle to enable or disable access for all the apps to select permission
  1. Applications not working or crashing without a notification message of unauthorized access attempt in Windows Phone and Android
In Android: many applications do not detect the denied permission sitting and don’t give informative message to the user. For example, the camera in android will give the message “Can’t connect to the camera” which may suggest to the user that the issue might be in the camera hardware (Figure 12).
Similarly, in Windows Phone, it’s up to the developer to implement the privacy setting detection and notify the user which some developer may not pay attention to. For example, the camera application will display a warning message and ask the user to change the privacy setting where WhatsApp will simply ignore the user request with no feedback to the user (Figure 13).  

Solution suggested: To avoid such confusion between the apps and the operations system, a notification message should appear to the users notifying them of a denied access request from an application.

Figure 12: in Android, the camera app will not accurately identify the denied permissions
Figure 13: In Windows Phone, While the camera app will notify the user of denied permission, WhatsApp will simple ignore the user actions without feedback


The results we have from this evaluation show that each operating system approach has its advantages and disadvantages. The main flow in all three system is that they make it harder to access the privacy permission settings when it should be very easy. We pointed out where the design of the UI can be improved based on our testers feedback as well as some major issue with how applications are handling the denied permission errors.

No comments:

Post a Comment