How Security and Privacy Concerns Shape App Usage

As the conversation over data leakage and mobile app security continues to gain traction, more and more users have growing concerns over the lack of privacy and security that mobile apps can guarantee. In their article, “Post hoc security and privacy concerns in mobile apps: the moderating roles of mobile apps’ features and providers,” Hamid Reza Nikkhah (University of Nevada, Las Vegas), Varun Grover, and Rajiv Sabherwal examine how users’ concerns about apps and providers’ privacy and security affect app usage and investigate whether things such as privacy policies decrease these concerns.  

Mobile cloud computing often requires users to provide personal information for better functionality of the apps. This data is automatically sent to the cloud to provide larger storage capacity and access across various mobile devices, which are the main benefits of this application format. Cloud access allows for a wider reach across devices, improved user experience, real-time analytics, and cost efficiency for providers.

Despite the vitality of mobile cloud computing in modern technology, privacy and security concerns have proven costly for app developers and providers. For many mobile cloud computing (MMC) users, one of the main concerns is the lack of control over where their personal information and data are being shared. Nikkhah, Grover, and Sabherwal examine how developers can build user trust to decrease privacy and security concerns. 

What are users’ concerns? 

Users have specific concerns about privacy and security measures on MCC applications, primarily that they would lose control over the spread of the information they provide through these apps. Previous research found that users are wary of their information being spread and sold as data to advertisers and marketers to improve their market research.

MCC users also expressed concerns about security, primarily the exposed threat of hackers. Specific fears regarding this often include denial-of-service, eavesdropping, masquerading, IP spoofing, and man-in-the-middle. The most common reaction to these perceived threats was avoidance of these apps entirely! Developers are losing users before they can even try the app. 

Generally, users are willing to relinquish privacy and security in exchange for perceived benefit. Privacy calculus refers to the decision that users make to sacrifice their concerns of privacy and security in exchange for digital service. Every day, users must decide if they are willing to relinquish a piece of their online freedom to be a part of that app and its benefits. Earlier research analyzed how users weigh these concerns, showing how the usefulness of MCC apps plays into this privacy calculus.

Trust in the app and its developers largely determines how much the user is willing to compromise in exchange for these benefits. When users have more trust in their app, they are willing to provide more information under the idea that their information is more secure with a secure developer. Previous research found that security and privacy interventions, such as privacy policy acknowledgment, affect levels of trust and decrease levels of distrust of MCC apps.

What happens after the first download? 

While these findings are relevant to pre-adoption behavior, Nikkhah, Grover, and Sabherwal examine how privacy and security measures affect behavior after the first use. To decipher this, they conducted a scenario-based survey of 694 MCC app users to measure perceived security threats, value of data transfer, enjoyment, usefulness, and effectiveness of privacy and security measures on a seven-point scale.  

Their research found that as users are asked to provide more personal information and data, their security concerns become more prevalent. Many MCC apps ask for access to things such as photos, microphones, contacts, location, and more after the initial download, leading users to become more wary as they grant more access. Security concerns such as these can be detrimental to app developers and often convince users to stop using these apps after first use. 

Their discoveries suggest that despite attempts to decrease privacy and security concerns, this challenge remains unyielding, leaving developers to wonder: “What can we do to solve this problem?” One of the most common attempts to increase user trust is adopting the ISO 27018 standard that provides guidelines and best practices on how apps should manage personal information provided by users. Nikkhah, Grover, and Sabherwal found that, despite the added benefits of privacy and security, adopting this standard is not an effective way to increase user trust as the average user will not know that this is a standard for the cloud.  

They also analyzed how privacy policies affect user perception of privacy and security. Although these privacy policies outline the measures that app developers take to maintain the privacy of users, the study found that this intervention does not decrease privacy concerns. Often, users will skip past privacy policies as they are usually lengthy and only require the click of a button or touch of a screen to move on. Because of this, privacy policies were found to be ineffective in improving user trust.

So, what can developers do? 

It seems that until users can see concrete evidence that their information is secure, post-adoption behavior will not improve. For now, app developers will have to prove that their app is useful enough to be worth the decrease in privacy and security. While interventions seem to be ineffective in improving user trust, providers should still be moving forward with them to increase privacy and security. In this era of digital distrust, privacy and security is the currency of user engagement. Only once users feel safe to provide personal information will we see an increase in MCC app retention rates.