Article Preview
TopIntroduction
Use of mobile devices continues to increase as mobile devices become entrenched in the everyday lives of most of the world’s population. It is estimated that 75% of the world’s population use mobile devices, and more than 5 billion mobile devices are in use throughout the world (Statista, 2018b). As mobile devices have become ubiquitous in modern society, privacy issues are continually a point of concern for users, developers, and governments.
Prior research indicates privacy is complex, multifaceted, and highly contextual (Nissenbaum, 2004). Individual attitudes toward privacy can vary, and users often express that they are concerned about privacy but behave in ways contrary to this concern (Acquisti and Gross, 2006). In addition, research has shown that managing online privacy, including understanding and managing mobile device permissions, is challenging for many users (Richter, Besmer, and Watson, 2008; Besmer, Watson, and Lipford, 2010).
Modern mobile device applications often request and sometimes even require access to personal information, typically through the mobile device’s components. Application permissions have evolved overtime from requesting permission at install time to asking for permission during runtime and in the context of the user’s task. However, if users are unwilling to provide access, they may not be able to use certain features of the application or they may not be able to use the application at all. Although application developers typically provide justification for access in their privacy policies, many users are still uncomfortable relinquishing private information to untrusted third parties (Wijesekera, Baokar, Hosseini, Egelman, Wagner, & Beznosov, 2015).
This article explores how concerns about privacy influence sentiment in the use of mobile applications by examining both privacy-related reviews (PRR) and non-privacy related reviews (NPRR). Privacy related reviews are those user-submitted reviews that contain at least one element of a privacy problem or praise. For example, both complaining about intrusive usage of contact information and praising minimal permissions and developer respect of user privacy would be considered privacy-related reviews. Non-privacy related reviews are those reviews which contain no element of privacy discussion. For example, a review which discusses how a user can interact with all the contacts on their phone would not be considered related to privacy even though the word “contacts” is present in the review. Specifically, the following research questions are examined concerning privacy and sentiment in the context of mobile application use:
RQ1: How do privacy-related reviews compare to non-privacy-related reviews for mobile applications?
RQ2: What concerns do people have when posting privacy-related reviews and what is important to people who post privacy-related reviews for mobile applications?
Research studies examining similar questions are often deception based to avoid privacy biasing of participants by obfuscating purpose of the study. In addition to careful ethical planning, this research methodology can limit the quality, nature, and generalizability of study results. This article avoids these limitations by using text submitted from users in a natural setting, completely avoiding the privacy bias. Thus, the purpose of this research is to understand privacy issues in the mobile application domain without being impaired by a deception-based study design or the biases and drawbacks inherent in such research. This article does not attempt to solve the problem of privacy in mobile applications, instead, it helps researchers, industry experts, and product designers better understand the problem of privacy in mobile applications domain so they can apply the results to their respective domains.
The data used for the analysis was extracted from nearly five million user-submitted free-text mobile application reviews and star ratings collected over a four-year period. Using supervised machine learning, privacy-related reviews and non-privacy-related reviews were classified. Natural language processing sentiment techniques were also applied to each review and were qualitatively and quantitatively analyzed. The results of the analysis contribute to research by: