Privacy concerns for mobile app download: An elaboration likelihood model perspective

    Privacy concerns for mobile app download: An elaboration likelihood model perspective Jie Gu, Yunjie (Calvin) Xu, Heng Xu, Cheng Zhang, Hong Ling PII: DOI: Reference:

S0167-9236(16)30178-6 doi:10.1016/j.dss.2016.10.002 DECSUP 12779

To appear in:

Decision Support Systems

Received date: Revised date: Accepted date:

20 November 2014 20 October 2016 24 October 2016

Please cite this article as: Jie Gu, Yunjie (Calvin) Xu, Heng Xu, Cheng Zhang, Hong Ling, Privacy concerns for mobile app download: An elaboration likelihood model perspective, Decision Support Systems (2016), doi:10.1016/j.dss.2016.10.002

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

ACCEPTED MANUSCRIPT

Privacy Concerns for Mobile App Download: An Elaboration Likelihood Model

IP

T

Perspective

SC R

ABSTRACT

In the mobile age, protecting users’ information from privacy-invasive apps becomes increasingly critical. To precaution users against possible privacy risks, a

NU

few Android app stores prominently disclose app permission requests on app

MA

download pages. Focusing on this emerging practice, this study investigates the effects of contextual cues (perceived permission sensitivity, permission justification

D

and perceived app popularity) on Android users’ privacy concerns, download

TE

intention, and their contingent effects dependent on users’ mobile privacy victim

CE P

experience. Drawing on Elaboration Likelihood Model, our empirical results suggest that perceived permission sensitivity makes users more concerned about privacy, while permission justification and perceived app popularity make them less concerned.

AC

Interestingly, users’ mobile privacy victim experience negatively moderates the effect of permission justification. In particular, the provision of permission justification makes users less concerned about their privacy only for those with less mobile privacy victim experience. Results also reveal a positive effect of perceived app popularity and a negative effect of privacy concerns on download intention. This study provides a better understanding of Android users’ information processing and the formation of their privacy concerns in the app download stage, and proposes and tests emerging privacy protection mechanisms including the prominent disclosure of app permission

1

ACCEPTED MANUSCRIPT

T

requests and the provision of permission justifications.

AC

CE P

TE

D

MA

NU

SC R

permission request, Elaboration Likelihood Model.

IP

Keywords: Privacy concerns, mobile applications, download intention, app

2

ACCEPTED MANUSCRIPT

1. INTRODUCTION

T

Mobile app market has undergone tremendous growth in recent years. Gartner

IP

reported that the worldwide downloads of mobile apps will reach 179 billion in 2015,

SC R

up from 63 billion in 2012 [23]. Many mobile apps provide localized and personalized services anytime and anywhere, such as real-time navigation, mobile social networking, mobile banking services, and etc. Despite the attractiveness of mobile

NU

apps, their unprecedented access to personal information opens a new door to mobile

MA

privacy invasion [44, 45]. Privacy-invasive apps are apps that collect personal information unnecessary for the functionality of the app, use information for

D

unauthorized purposes, or perform unauthorized information transmission [18, 21]. An

TE

investigation in 2012 revealed that more than 100,000 Android apps collected users’

CE P

location and contact information that was far beyond their stated functions [45]. It has also been reported that the number of Android apps which could potentially leak users’

AC

financial information increased by 500% in the second half of 2013 [44]. Privacy-invasive apps may not be easy to detect. Both technical tools and user precautions are needed. Not surprisingly, more and more Android users expressed concerns about information privacy [20]. A growing body of research has focused on mobile privacy issues pertaining to Android apps. Android Operating System follows a permission-based model which asks for users’ authorization to the permissions requested by an app at installation time [9]. A permission request is a demand of an app to control the mobile device and use personal information stored in the device, such as a request to vibrate the device, to

3

ACCEPTED MANUSCRIPT

access a user’s precise location through GPS, or to read a user’s contact information.

T

A few studies have found that the Android installation-time permission requests failed

IP

to attract users’ attention [20, 21]. Researchers also developed technical tools to better

SC R

detect privacy-invasive apps at app runtime – a stage when apps could bring substantial harms to users’ information privacy [17, 18]. Although prior research explored mobile privacy in app installation stage [20, 21] and runtime stage [17, 18],

NU

there has been little research examining mobile users’ privacy concerns in app

MA

download stage.

This study addresses Android users’ privacy concerns in app download stage.

D

Taking a context-specific perspective, this study defines privacy concerns as the

TE

extent to which Android users concern about the possible loss of privacy when they

CE P

are deciding whether to download an app. App download stage is critical for two reasons. First, for users, the download stage can be the first layer of defense against

AC

privacy-invasive apps. Recently, some Android app stores prominently disclose app permission requests on app download pages. The disclosed permission requests inform users of the personal information that an app will have access to. This practice gives users an opportunity to evaluate privacy concerns in download stage. Secondly, the profits of both app stores and developers are largely based on app downloads. To better understand users’ download decision-making, it is imperative for practitioners to learn the formation and the effect of users’ privacy concerns in app download stage. Focusing on the emerging practice of permission request disclosure in app download stage, this study seeks to answer the following research questions: How do contextual

4

ACCEPTED MANUSCRIPT

cues influence users’ privacy concerns when permission requests are prominently

T

disclosed in the app download stage? How are the effects of these contextual cues

IP

dependent on users’ past experience?

SC R

To answer these questions, perceived app popularity, perceived permission sensitivity and permission justification are identified as contextual cues that influence users’ privacy concerns and download intention. Perceived app popularity is

NU

identified based on the prevailing practice of reporting downloads of an app. It is a

MA

perception of how popular an app is adopted by other users. Perceived permission sensitivity is identified based on the emerging practice to prominently disclose all

D

permission requests of an app early in download stage. The disclosed permission

TE

requests can be of high or low sensitivity. This study defines perceived permission

CE P

sensitivity as the levels of discomfort users perceive when an app requests certain permissions to control their mobile devices and use their personal information. While

AC

privacy concerns of an app refer to a user’s overall evaluation of the app, perceived permission sensitivity pertains to only one aspect of the practice of the app, i.e. the permission requests. Permission justification is defined as the presence of a statement that declares the purpose of a permission request and the subsequent handling of collected information. A justification statement aims to justify an app’s request for permission. Although justification of information collection is not new in commercial websites [27, 50], no app store that adopts the permission request disclosure practice has provided justifications for such requests on app download pages. This study proposes permission justification as a new contextual cue, and investigates its effect

5

ACCEPTED MANUSCRIPT

on Android users’ privacy concerns.

T

Elaboration Likelihood Model (ELM) is employed as the theoretical foundation

IP

for this study. ELM posits that information processing occurs through two cognitive

SC R

routes, the central route and the peripheral route, which differ in the amount of cognitive elaboration [41, 43]. Drawing on ELM, we conceptualize perceived permission sensitivity and permission justification as two central cues and perceived

NU

app popularity as a peripheral cue to affect users’ privacy concerns. We further

MA

consider a user’s mobile privacy victim experience as a contingent determinant of privacy elaboration, i.e. the amount of thinking users devote to the consideration of

D

app privacy. Our results show that perceived permission sensitivity makes users more

TE

concerned about privacy while perceived app popularity makes users less concerned.

CE P

More interestingly, we found that the effect of permission justification on privacy concerns highly depends on users’ mobile privacy victim experience. This study contributes to existing privacy research by systematically examining

AC

users’ information processing and the formation of privacy concerns in app download stage. This study explains how perceived permission sensitivity, permission justification and perceived app popularity take their effects through users’ elaboration process. In particular, we provide a contingent explanation of how the effects of these contextual cues vary with users’ past privacy experiences. The rest of the paper proceeds as follows. In section 2, we review literature on information privacy and context-specific privacy concerns, privacy studies pertaining to mobile apps, and ELM research. In section 3, we develop the logic underlying our

6

ACCEPTED MANUSCRIPT

research hypotheses. This is followed by section 4 with a description of the research

T

method. Section 5 provides details of data analysis and our findings. This paper

IP

concludes with a discussion of the results and the implications of findings in section 6.

SC R

2. LITERATURE REVIEW

Three streams of research form the theoretical foundation of this study. We first present a brief overview of information privacy research and identify the

NU

context-specific perspective of privacy concerns for this study. Then we focus on

MA

privacy studies pertaining to mobile apps that are most relevant to our research context. We further review ELM that guides the development of our research model.

D

2.1 Information privacy and context-specific privacy concerns

TE

Information privacy is an important research topic in Information System (IS). A

CE P

rich stream of privacy research has examined the effect of privacy concerns on individuals’ privacy-related responses. A general conclusion of these studies is that

AC

individuals’ privacy concerns can hinder their willingness to accept new technologies [2], engage in e-commerce [14] or disclose personal information [34]. Recently, researchers have taken a context-specific approach to study privacy concerns. According to Xu et al. [54], context-specific privacy concerns “tie the individuals’ assessments of privacy concerns to a specific context with a specific external agent (p.1344)”. Compared with the notion of general privacy concerns which is defined as individuals’ inherent propensity toward privacy protection, the context-specific conceptualization suggests that privacy concerns not only vary across individuals, but also depend on situational factors in a particular context [54]. The

7

ACCEPTED MANUSCRIPT

notion of context-specific privacy concerns extends privacy research from focusing on

T

the consequences of general privacy concerns to investigating the effects of

IP

context-specific antecedents. For example, researchers have examined how certain

SC R

contextual cues, such as privacy icons, can be leveraged to influence subsequent privacy behaviors [28]. Malhotra et al. [37] suggested that a complete understanding of privacy-related reactions can only be achieved by examining privacy concerns in a

NU

specific context.

MA

2.2 Privacy studies pertaining to Android apps

A growing body of literature has focused on privacy issues in Android system due

D

to its large market share and its vulnerabilities to privacy-invasive apps [21]. An

TE

Android user typically goes through three stages of app-related decision-making:

CE P

download stage, installation stage and runtime stage. A few studies have investigated users’ perceptions of permission requests in app installation stage. Kelley et al. found that the jargon-filled description of permission requests at installation time is hard for

AC

users to understand [28]. Felt et al. indicated that users’ overriding desire to complete the primary task of app installation reduces their attention to the installation-time permission requests [19]. Other studies have examined users’ responses to apps’ information requests during the runtime. Particularly, a few studies examined users’ willingness to share their location when they run location-sensitive apps in pursuit of personalized and localized services [52, 55]. Technical work on Android privacy protection mainly focused on tracking the information flow during the runtime in order to detect privacy-invasive apps [17, 18].

8

ACCEPTED MANUSCRIPT

While prior studies have investigated mobile app privacy issues in the stages of

T

app installation and runtime, users’ privacy concerns in app download stage has not

IP

been systematically examined. Unlike iOS, mobile apps published to Android are not

SC R

pre-screened for potential privacy threats and security attacks [9]. The openness of Android system attracts a large number of privacy-invasive apps. Therefore, it is desirable for users to be informed of app permission requests before downloading, so

NU

that they can add the potential privacy risks of an app into download decision-making.

MA

However, app stores vary in their disclosure of app permission requests. For example, some app stores (e.g., app.baidu.com) do not disclose app permission

D

requests. Although Google Play does disclose app permission requests, the link of

TE

“permission detail” is buried deeply at the bottom of the app download page. A few

CE P

other app stores, such as mumayi.com, disclose permission requests at a prominent place on app download page.

AC

This study focuses on an Android app download context where app permission requests are prominently disclosed. Specifically, we study users’ elaboration of contextual cues in relation to their privacy concerns and download intention. This study identifies the main contextual cues and explains their effects on privacy concerns based on ELM. 2.3 Elaboration likelihood model (ELM) ELM provides a useful framework to understand how individuals process persuasive information. ELM is suitable for this study for two reasons. First, users’ app download decision-making often involves their processing of app-related

9

ACCEPTED MANUSCRIPT

information. Second, developers often make their best effort to present their apps on

T

download page in order to promote the app and to attract users. Therefore, the overall

IP

presentation of apps is a persuasive message.

SC R

ELM takes a process-oriented approach to explain how persuasion occurs via two distinct routes: central route and peripheral route [42, 43]. The central route of information processing involves extensive cognitive efforts, through which

NU

individuals think deliberately in an attempt to uncover all pros and cons of an issue. In

MA

the peripheral route of information processing, however, individuals tend to devote a limited cognitive effort. Their attitude is primarily formed by the association and

D

inference of contextual shortcuts such as the endorser of an issue, rather than the

TE

indigenous quality of the issue.

CE P

The route taken by an individual is contingent on the elaboration likelihood [42]. Elaboration refers to the amount of thinking individuals put forth in scrutinizing an

AC

issue. The extent of elaboration is determined by one’s motivation and ability to process available information. When individuals are motivated and able to evaluate information content, they are high in elaboration and tend to take the central route to assess messages. In contrast, those with no motivation or ability to process central messages are often low in elaboration and rely mostly on peripheral cues to form an attitude. Motivational factors identified in prior ELM studies include perceived relevance of information [2, 10], personal involvement [41, 42] and need for cognition [3, 47]. Ability factors in prior ELM studies include topic-relevant experience and knowledge that enhance individuals’ cognitive ability to process persuasive

10

ACCEPTED MANUSCRIPT

information [2, 10].

T

Recently, ELM has been extended to privacy research. The study by Yang et al.

IP

[56] is one of the first to use ELM to examine the effect of third-party seals in an

SC R

Internet shopping context. They found that the presence of third-party seals is a peripheral cue which positively influenced customers’ initial trust toward an e-tailer. They also suggested that the effect of product information quality outweighs the

NU

presence of third-party seals for customers with high product involvement. Bansal et

MA

al. [6] found that individuals with high general privacy concerns base their website trust on the central cue such as quality of privacy statement, whereas those with low

D

general privacy concerns are more influenced by the peripheral cue such as the

TE

presence of a privacy seal. In the context of mobile banking, Zhou [57] found that

CE P

self-efficacy moderated the effect of central variables such as information quality and service quality, and the effect of peripheral cues such as system quality, structural

AC

assurance and reputation on customers’ initial trust in mobile banking. 3. RESEARCH MODEL AND HYPOTHESES While typical ELM research takes a general measure of attitudinal evaluation as its main outcome, this research extends ELM to examine the formation of users’ privacy concerns as an outcome of contextual information processing. Drawing on ELM, we propose two central factors, perceived permission sensitivity and permission justification, and a peripheral factor, perceived app popularity, as contextual cues to privacy concerns. According to ELM, an individual’s route of information processing is contingent on the extent of elaboration. This study identifies users’ mobile privacy

11

ACCEPTED MANUSCRIPT

victim experience as a key determinant of privacy elaboration and proposes that the

T

effects of contextual cues are contingent on the level of users’ mobile privacy victim

IP

experience. Furthermore, based on the logic of privacy calculus, we study the effect of

SC R

privacy concerns and perceived app popularity on users’ download intention. 3.1 Central-route processing in app privacy evaluation

When individuals process information through the central route, their attitude is

NU

determined by information that is directly relevant to the communicated topic [56].

MA

Argument quality is considered a central cue in ELM literature [10, 41]. In an advertising context, the central cues include arguments that focus on the functional

D

attributes of a product [35] or address the competitive advantages of the product [32].

TE

In the app download stage, perceived permission sensitivity is central to users’

CE P

privacy concerns. Literature on information privacy has shown that privacy concerns are highly dependent on collected information which can induce different levels of

AC

sensitivity perceptions [7, 13, 37]. Bansal et al. [7] suggested that when individuals use web-based healthcare services, they concern about revealing health information when they perceive the information to be sensitive. Since the perception of information sensitivity is directly related to privacy concerns, it is expected to be central in individuals’ privacy consideration. Following this perspective, perceived permission sensitivity is likely to invoke the central route of information processing in forming privacy concerns: when app permission requests are prominently disclosed, users are likely to be engaged in the evaluation of the sensitivity of requested permissions. Users who perceive a higher level of permission sensitivity will be more

12

ACCEPTED MANUSCRIPT

concerned about the potential damage of unintended information leak and misuse. Thus we hypothesize:

IP

T

Hypothesis 1: Perceived permission sensitivity is positively related to users’

SC R

privacy concerns for mobile app download.

Permission justification informs users how collected information will be used and who can have an access to their information. Permission justification invokes

NU

central-route processing because it is a direct explanation of an app’s practice of

MA

information privacy. The Fair Information Practice Principles suggest that the information collector shall inform users with the purpose of information collection

D

and subsequent handling of collected information [12]. The justification for app

TE

permission request is aimed at providing such information. Previous studies have

CE P

proposed that the provision of privacy justification for information collection can alleviate online customers’ privacy concerns [27, 50]. For example, Kelley et al. found

AC

that explaining the purpose of information collection is an effective way to ease customers’ privacy concerns [27]. Spears found that online customers tend to perceive a higher level of privacy assurance when they are notified with a collector’s information practices [50]. In current Android market, app stores have not yet provided permission justification on app download pages. This study introduces permission justification as a new contextual cue in app download stage. We hypothesize: Hypothesis 2: The presence of a permission justification is negatively related to users’ privacy concerns for mobile app download.

13

ACCEPTED MANUSCRIPT

3.2 Peripheral-route processing in app privacy evaluation

T

Individuals taking the peripheral-route processing rely on mental shortcuts and

IP

simple cues to form their attitude. For example, consumers may form a favorable

SC R

attitude of a product just because they like the advertising endorser [42]. In this case, individuals accept an argument because of their belief in the source [2, 46]. Drawing on ELM, we argue that users’ privacy concerns can be influenced by

NU

heuristic processing of perceived app popularity. App popularity is usually represented

MA

as the number of prior adopters [15]. It has been proposed as a peripheral cue in persuasion [10, 40]. Perceived app popularity is not an indigenous attribute of

D

information privacy because it does not reveal any practice of the collection and usage

TE

of users’ personal information. However, users may follow a heuristic thinking that

CE P

“popular app can be trusted”. Users trust a popular product because they believe that earlier adopters should have carefully evaluated the product [15]. In this sense,

AC

although perceived popularity is not a central factor related to privacy concerns, we argue that it alleviates privacy concerns via the peripheral route. Hypothesis 3: Perceived app popularity is negatively related to users’ privacy concerns for mobile app download. 3.3 Moderating effects of privacy victim experience ELM posits elaboration as a contingent factor for information processing [42]. ELM identifies motivation and ability as two antecedents of the extent of elaboration [10]. In our context, we posit that a user’s mobile privacy victim experience represents a key determinant of privacy elaboration for two reasons. First, mobile privacy victim

14

ACCEPTED MANUSCRIPT

experience boosts users’ motivation to deliberate on privacy-related messages. Users

T

who have suffered from mobile privacy invasion would be more concerned for

IP

information privacy [49]. Consequently, they are motivated to attend to and scrutinize

SC R

privacy-related cues in order to make an informed decision. In contrast, those who have little negative experience tend to underestimate the likelihood of mobile privacy invasion [29]. As a result, they lack the motivation to process privacy-related cues.

NU

Second, victim experience increases elaboration by enhancing users’ ability to

MA

evaluate messages related to privacy invasion. If users have suffered from mobile privacy invasion, it is easier for them to recognize privacy-related circumstances and

D

evaluate the possible negative consequences. To summarize, mobile privacy victim

TE

experience influences privacy elaboration by enhancing both users’ motivation and

CE P

ability to process app permission requests and corresponding justifications. Users who have experienced mobile privacy invasion not only have high

AC

elaboration likelihood, but also develop a strong negative attitude toward unfamiliar apps in fear of privacy invasion. According to ELM, biased processing occurs when high-elaboration individuals possess a strong prior attitude. Individuals tend to draw on previous experiences to assess the presented information [42]. Under biased processing, individuals are more inclined to messages that are consistent with their prior experience and established attitude, while take a defensive response to counter-attitudinal messages [46]. Petty and Cacioppo proposed that under the high elaboration condition, the probability of rejecting counter-attitudinal messages and accepting pro-attitudinal messages are both higher than what should be if messages

15

ACCEPTED MANUSCRIPT

are processed objectively [43]. According to the biased information processing

T

argument, we expect that perceived permission sensitivity represents a pro-attitudinal

IP

message for those with more mobile privacy victim experience, while a permission

SC R

justification is likely to be regarded as a counter-attitudinal message. Therefore, the effect of perceived permission sensitivity on privacy concerns is strengthened for users with more mobile privacy victim experience. Meanwhile, permission

NU

justification has a weaker alleviating effect on privacy concerns for these users.

MA

Hypothesis 4: Mobile privacy victim experience positively moderates the effect of perceived permission sensitivity on users’ privacy concerns for mobile app

D

download.

TE

Hypothesis 5: Mobile privacy victim experience negatively moderates the effect

CE P

of permission justification on users’ privacy concerns for mobile app download. Previous research has suggested that the influence of peripheral cues has a greater

AC

impact under low rather than high elaboration condition [42]. When elaboration likelihood is low, individuals do not scrutinize the content of central messages. Instead, they make simple inferences based on peripheral cues [42]. Maheswaran and Chaiken proposed group opinion as a typical peripheral cue to influence a customer’s decision-making [36]. Their study suggested that the influence of group opinion is only significant under low-elaboration condition. In accordance with their findings, we expect that the effect of perceived app popularity to alleviate privacy concerns decreases with users’ mobile privacy victim experience. For users who have less mobile privacy victim experience, they lack motivation and ability to deliberate on

16

ACCEPTED MANUSCRIPT

central privacy-related information such as permission requests. Instead, they rely on

T

easy-to-process cue, such as perceived app popularity, to form their privacy concerns.

IP

In contrast, users with mobile privacy victim experience are motivated to evaluate the

SC R

privacy-related practices of an app. They are less likely to rely on peripheral cues. Hypothesis 6: Mobile privacy victim experience negatively moderates the effect

NU

of perceived app popularity on users’ privacy concerns for mobile app download. 3.4 Privacy calculus in app download intention more comprehensive

picture

of

users’

app download

MA

To provide a

decision-making, we also proposed two hypotheses to account for the effect of

D

perceived app popularity and privacy concerns on download intention based on

TE

privacy calculus theory (PCT). PCT has been considered as “the most useful

CE P

framework for understanding privacy concerns” [55]. Recently, this calculus perspective has been extended to examine users’ mobile app acceptance intention [16,

AC

26]. According to PCT, individuals perform a cost-benefit analysis that accounts for their behavioral decisions in face of privacy concerns. Privacy concerns have been considered as the main cost in information disclosure behavior [33, 54]. If individuals have high context-specific privacy concerns, they would have a low intention to accept a system or interact with a website [33, 54]. In app download stage, it is reasonable to assume that users with high privacy concerns are less likely to download an app. Hypothesis 7: Users’ privacy concerns for mobile app download are negatively related to download intention.

17

ACCEPTED MANUSCRIPT

PCT also posits that benefits can counterbalance privacy concerns in individuals’

T

behavioral decisions. Benefits associated with information disclosure include

IP

economic compensations [30], product attractiveness [30], personalized services [55]

SC R

and social benefits [34]. In our context, perceived app popularity is a benefit sign. It indicates not only the number of choices made by early adopters, but also the product attractiveness [15]. Users are more likely to download an app which they perceive as

NU

popular because popularity signals quality [15]. In particular, if an app that contains

MA

social functions, popularity also signals a network externality effect. The network externality effect suggests that as the number of users increases, so does its value and

D

usefulness. Therefore, potential users are more willing to download the app.

TE

Hypothesis 8: Perceived app popularity is positively related to download

CE P

intention.

Prior studies pointed to a number of additional factors that could influence

AC

individuals’ privacy concerns. To control for the variance explained by these variables, we include them as control variables in our research model: 1. Age [37, 39] and gender [37, 38]. The effects of these two variables on privacy concerns and related privacy behaviors have been widely studied in prior research. For example, Milne and Rohm have found that younger users are more reluctant to disclose their personal information to firms [39]. Midha pointed out that females are more concerned about privacy threat than males. Hence, we control the effects of age and gender in our research model [38]. 2. General privacy concerns [4, 37]. Prior research has recognized general privacy

18

ACCEPTED MANUSCRIPT

concerns as a critical determinant of privacy-related behaviors [4, 37]. For

T

example, Awad and Krishnan found that individuals who are generally more

IP

concerned about information privacy pay more attention to information

SC R

transparency, consequently are less willing to be profiled online [4]. Therefore, we expect that users who have higher general privacy concerns have a lower level of download intention. We also expect that users who concern for privacy in general

NU

are more concerned about mobile privacy in the specific context of app download.

MA

3. The number of installed apps. The number of installed apps is an indicator of mobile users’ app download experience: the more apps one has installed, the more

D

experienced one is with the process of app download. In examining individuals’

TE

privacy concerns toward Internet usage, researchers have found that prior Internet

CE P

experience reduces individuals’ privacy risk beliefs [37]. Likewise, users who have more prior experience with app download tend to have a lower level of privacy

AC

concerns. The full research model is illustrated in Figure 1. INSERT FIGURE 1 HERE

4. RESEARCH METHOD 4.1 Research design A vignette-based survey was used to collect data. A vignette is a manipulated scenario presented to subjects before they answer a questionnaire [1, 51]. Instead of asking subjects to recall their past experience, we designed manipulated vignettes to better put subjects in a new app download scenario and to avoid subjects’ biased recall of only trusted apps. These vignettes represented different combinations of three main

19

ACCEPTED MANUSCRIPT

contextual cues (perceived app popularity, perceived permission sensitivity and the

T

presence or absence of permission justification). Except for the three manipulated

IP

variables, extraneous factors were controlled as constant in vignettes. Subjects were

SC R

randomly assigned to each vignette. The purpose of this experiment-like design was to better establish relationship between manipulated contextual cues and users’ privacy concerns and download intention, while minimizing alternative explanations caused

NU

by extraneous factors.

MA

In each design of vignette, subjects were instructed to download an app named “Delicacy” from an Android app store named “Android App World”. The core function

D

of “Delicacy” was to provide restaurant descriptions and customer reviews. The name

TE

of the app and the name of the app store were both coined to avoid influence from

CE P

extraneous factors such as subjects’ prior knowledge or friends’ recommendations. Subjects were presented with two pages. The first page was an app ranking page

AC

which ranked apps in a descending order of monthly downloads. “Delicacy” was highlighted on this page. The second page was an app download page with app details. The download page was adapted from an actual app store for mundane reality. Users’ comments, app version and developer’s information were omitted. After reading app information, subjects were asked to fill a questionnaire. We created 8 designs of app download vignettes based on 222 combinations of app popularity, permission sensitivity and permission justification. This design was to increase the variance of subjects’ perception of permission sensitivity and app popularity, and to manipulate the presence or absence of permission justification. In

20

ACCEPTED MANUSCRIPT

this way, both subjective perceptions and the presence or absence of permission

T

justification can be considered as exogenous variables, because they were manipulated

IP

by researchers.

SC R

App popularity was manipulated by the position of Delicacy in the ranking list on app ranking page. High popularity was manipulated as the 1st with more than 220,000 downloads, whereas low popularity was manipulated as the 40th with only 300

NU

downloads.

MA

Permission sensitivity was manipulated by both the number of requested permissions and the risk level of permission requests on app download page [16].

D

Android Operating System classifies app permissions into different types according to

TE

risk levels [9]. For example, the permission requests “access to the vibrator” and

CE P

“keeping device screen awake” are considered as of low risk. “Access to location information” and “access to contact information” are considered as of high risk.

AC

Subjects in the low-sensitivity group were presented with only the first two permission requests while those in the high-sensitivity group were presented with all four permission requests. Permission justification was manipulated by the presence or absence of justification statement for each permission request on app download page. In the group with justification, the purpose of each permission request was related to an app function, and subjects were assured that the information collected (if any) will not be transferred to any unauthorized third party. Regarding four permission requests used in our design, their corresponding justifications were as follows. The justification for

21

ACCEPTED MANUSCRIPT

“access to the vibrator” was to “remind users when there is a new announcement”.

T

The justification for “keeping device screen awake” was to “prevent the running

IP

application from being interrupted when the device turns into sleeping mode”. The

SC R

justification for “access to GPS location” was to “provide personalized recommendations of local restaurants; location information will not be disclosed to any unauthorized third party”. The justification for “access to contact list” was to

NU

“enable Delicacy’s social network function (share consumption experiences with

MA

friends anytime, anywhere); user’s contact list will not be disclosed to any unauthorized third party”.

D

4.2 Operationalization of variables

TE

In the research model, permission justification was defined as the presence or

CE P

absence of justifications. Hence it was measured as a binary variable (0 = absence, 1 = presence). Mobile privacy victim experience was measured by a 7-point scale asking

AC

about the frequency of a subject’s prior mobile privacy invasion experience (1 = very infrequently, 7 = very frequently). This one-item question was adapted from online privacy victim scale developed by Malhotra et al. [37]. Items for general privacy concerns were based on the scale of global information privacy concerns from Malhotra et al. [37]. Download intention, perceived app popularity, perceived permission sensitivity and privacy concerns were measured by 7-point multiple-item scales developed for this study. All four subjective constructs were reflective constructs.

22

ACCEPTED MANUSCRIPT

4.3 Pilot study and formal study

T

The instrument was tested in two phases: (1) face-to-face interviews and (2) an

IP

online pilot study of university students recruited from a university mailing list. In the

SC R

first phase, 20 doctoral students were recruited to evaluate the vignette designs. According to their feedbacks, the manipulation of popularity was changed from an initial design of only presenting the number of app downloads to highlighting the app

NU

in a ranking list. In the second phase, 94 valid responses of Android users were

MA

collected to examine the convergent and discriminant validity of survey instruments. According to exploratory factor analysis, our instruments had satisfactory discriminant

D

validity. However, one item for general privacy concerns was dropped as it failed the

TE

convergent validity test1. The online survey also recorded time subjects spent on the

CE P

app download page. We expected that users with more mobile privacy victim experience to spend more time on the elaboration of app information. We regressed the time spent on the download pages on users’ mobile privacy victim experience. The

AC

significant coefficient (β=6.67, p<0.001, R2=0.384) confirmed our prediction. Procedure for the formal study was as follows. We first recruited subjects from a major university in China. University students are representative of smartphone users. In China, university students account for the largest portion of Android usage with highest daily downloads [5]. Meanwhile, university students are common subjects in privacy literatures [24, 53]. We first asked subjects about the Operating System of their phone and the number of apps they have installed. The purpose of the two 1

The item is: “All things considered, mobile app ______ (1=completely won’t, 7=surely will) cause privacy problems.” This item was dropped because it did not load well (factor loading <0.5) on the intended construct. 23

ACCEPTED MANUSCRIPT

questions was to select subjects who were Android users and used apps. Next, subjects

T

were randomly assigned to one of the 8 manipulated vignettes. They read the app

SC R

material and questionnaire were originally in Chinese.

IP

ranking page and download page, and then answered the questionnaire. The vignette

In the formal study, 286 student subjects were recruited. None of them participated in the pilot study. To motivate subjects to complete the vignette-based survey, a small

NU

gift was offered for all subjects regardless of their mobile Operating System. 260

MA

subjects completed the study. According to their answers, 165 were identified as Android users and all of them used mobile apps.

D

We restricted our data analysis to 165 Android users. Among the 165 respondents,

TE

there were 68 males (41.2%) and 97 females (58.8%). The average age of subjects

CE P

was 20. The average number of installed apps was 33. Mann-Whitney tests showed that gender ratio, age and the number of installed apps did not differ significantly

AC

across vignettes. ANOVA revealed that subjects in different vignettes did not differ significantly in terms of their mobile privacy victim experience and general privacy concerns. Hence, the random assignment process was effective. ANOVA also indicated subjects in the high-popularity group perceived a higher level of app popularity (p<0.001) and subjects in the high-sensitivity group perceived a higher level of permission sensitivity (p<0.001). These results suggested that the manipulation of the two subjective constructs were effective in producing perceptual variance between vignettes. In the questionnaire, a single question (i.e. Does the app explain its purpose of requesting access to phone resources and users’ information?

24

ACCEPTED MANUSCRIPT

Yes or No) was developed to check subjects’ awareness of the manipulation on

T

permission justification. Logistic regression showed a significant effect (p<0.01) of

IP

the manipulation on the answer, suggesting that the manipulation of justification was

SC R

successful. 5. DATA ANALYSIS 5.1 Measurement model

NU

We used Partial Least Square (PLS) for data analysis. PLS estimates model

MA

parameters by maximizing the explained variance of endogenous variables in an iterative sequence of ordinary least squares regressions [48]. The estimating procedure

D

of PLS does not require constructs to follow multivariate normality. PLS is also a

TE

suitable tool to test moderating effects [25].

CE P

Before proceeding to hypotheses testing, a confirmatory factor analysis (CFA) was conducted to test the convergent and discriminative validity of the measurement

AC

model for all perceptual constructs. Researchers have proposed three criteria for convergent validity [22]: (1) item loadings on each factor should be significant and greater than 0.7, (2) the average variance extracted (AVE) for each factor should be greater than 0.5, and (3) the composite factor reliability (CFR) and Cronbach’s alpha (α) should be greater than 0.7. According to results in Table 1, the standardized item loadings for items were all significant. The smallest item loading was 0.802 (>0.7). The smallest AVE of construct was 0.732 (>0.5). Further, the smallest value for CFR was 0.857 and the smallest value for α was 0.82; both were greater than 0.7. Hence, the measurement model was satisfactory for convergent validity.

25

ACCEPTED MANUSCRIPT

INSERT TABLE 1 HERE

T

To satisfy discriminant validity of constructs, the square root of AVE for each

IP

construct should exceed the correlations between that construct and all other

SC R

constructs. Results in Table 2 met the discriminant validity criterion. INSERT TABLE 2 HERE 5.2 Structural model

NU

Figure 2 reported the results of model fitting. The results indicated that perceived

MA

permission sensitivity exacerbated privacy concerns (b=0.512, p<0.01), supporting Hypothesis 1. In contrast, the provision of permission justification alleviated privacy

D

concerns (b=-0.510, p<0.01), supporting Hypothesis 2. Perceived app popularity

TE

significantly alleviated privacy concerns (b=-0.148, p<0.01), supporting Hypothesis 3.

CE P

We also hypothesized the interactions between mobile privacy victim experience and contextual cues (H4-6). Following the moderation testing procedure of PLS [25],

AC

however, the moderating effects of past experience on perceived permission sensitivity and perceived app popularity were not significant. Hence Hypothesis 4 and Hypothesis 6 were not supported. This result suggested that perceived permission sensitivity and perceived app popularity had a consistent effect on privacy concerns for all users, regardless of their prior privacy victim experience. Interestingly, mobile privacy victim experience had a significant moderating effect with permission justification on privacy concerns (b=0.539, p<0.05), supporting Hypothesis 5. It suggested that the alleviating effect of justification on privacy concerns was weaker for individuals who had more mobile privacy victim experience. Compared to a

26

ACCEPTED MANUSCRIPT

reduced model without interaction effects, the R2 for privacy concerns increased from 40.5% to 51%. Following Carte and Russell [11], an F-statistic was calculated to test

IP

T

the overall significance of interaction terms. The F-statistic was F(4,152) = 8.143

SC R

(p<0.01), suggesting that the variance explained by the full research model with interaction terms was significantly better than the reduced model with only main

NU

effects.

Results also indicated a significantly negative effect of privacy concerns on

MA

download intention (b=-0.160, p<0.05). This confirmed the importance of privacy concerns in app download and supported Hypothesis 7. Perceived app popularity was

TE

Hypothesis 8 was supported.

D

found to significantly increase download intention (b=0.367, p<0.01), hence

CE P

INSERT FIGURE 2 HERE

Examining control variables in the research model also offered some insights.

AC

Among the control variables, age and the number of installed apps were insignificant to either privacy concerns or download intention. General privacy concerns had a positive effect on privacy concerns for app download (b=0.131, p<0.01). It indicated that those who were more concerned about information privacy in general were also more concerned about privacy in a specific context. However, the effect of general privacy concerns on download intention was not significant. This result implies that in a specific context, it is context-specific privacy concerns rather than general privacy concerns that shape individuals’ behavioral intention. In fact, Li et al. [31] pointed out that the effect of general privacy concerns can be overridden by context-specific

27

ACCEPTED MANUSCRIPT

privacy concerns because individuals are highly influenced by their assessment of

T

contextual cues. Finally, women were more likely to download the app than men (1 =

IP

female, 0 = male; b=0.263, p<0.01).

SC R

6. DISCUSSION AND IMPLICATIONS 6.1 Discussion

This study seeks to uncover the effects of contextual cues on privacy concerns for

NU

mobile app download and to examine how their effects are dependent upon privacy

MA

elaboration. Drawing on ELM, we propose that perceived permission sensitivity and permission justification affect privacy concerns via the central route of information

D

processing. Perceived app popularity is proposed as a peripheral cue to alleviate

TE

privacy concerns. Users’ mobile privacy victim experience serves as a major driver for

CE P

privacy elaboration. Particularly, due to biased information processing, users with more mobile privacy victim experience tend to downplay the counter-attitudinal justification. Our results also suggest that both privacy concerns and perceived app

AC

popularity influence users’ download intention. Overall, this study provides a comprehensive understanding for mobile users’ privacy decision-making in the app download stage in light of these contextual cues. While most of our hypotheses were supported, a few were not. For Hypothesis 4, the interaction between perceived permission sensitivity and mobile privacy victim experience was insignificant. This implies that perceived permission sensitivity is so vital in information privacy that all individuals, regardless of their elaboration level, are influenced by it.

28

ACCEPTED MANUSCRIPT

The hypothesized interaction between perceived app popularity and mobile

T

privacy victim experience (H6) was not significant. A plausible explanation is the

IP

multiple roles of peripheral cues in information processing [10]. Areni et al. [3] found

SC R

high-elaboration individuals not only scrutinize central arguments but also deliberate on peripheral cues of group opinion in a “central” way. From this perspective, a peripheral cue could take its effect through peripheral route for low-elaboration

NU

individuals but acts as a central message for high-elaboration individuals. In this study,

MA

perceived app popularity might have undergone careful elaboration by the group with more mobile privacy victim experience. As a result, regardless of users’ elaboration

D

level, perceived app popularity helped alleviate their privacy concerns.

TE

To generate further insights into the significant interaction between mobile

CE P

privacy victim experience and permission justification, we conducted a follow-up analysis. We first divided the entire sample into two groups based on whether their

AC

mobile privacy victim experience was above or below the sample median. Then we conducted PLS analysis separately for each group. Results confirmed a significant difference in the effect of permission justification on privacy concerns. The path coefficient was -0.263 (p=0.023) for the low-elaboration group, and 0.150 (p>0.1) for the high elaboration group. This additional analysis suggests that although the provision of permission justification generally alleviates privacy concerns as postulated in Hypothesis 2, it is ineffective to alleviate privacy concerns for users with high privacy elaboration as suggested by biased information processing.

29

ACCEPTED MANUSCRIPT

6.2 Implications

T

The contribution of this study to privacy research is multifold. First, this study

IP

provides a better understanding of users’ privacy concerns in app download stage.

SC R

Although a few studies have studied mobile privacy [8, 18, 21], this study identifies the contextual cues and examines their effects on privacy concerns particularly for mobile app download.

NU

Second, this study examines the emerging practice of prominent permission

MA

request disclosure in Android app market. The current practice of most app stores has sadly overlooked the importance of prominent disclosure of app permission requests.

D

This is understandable given their business model which is to attract more app

TE

downloads. However, the prevailing practice does not provide the best privacy

CE P

protection for users. Recently, some app stores prominently disclose app permission requests as a way to precaution users against privacy-invasive apps that over-request permissions. Although the prominent disclosure practice may potentially reduce app

AC

downloads, it indicates app stores’ respect for users’ privacy and thus may benefit developers and app stores in a long term. We investigate this emerging practice and incorporate perceived permission sensitivity as an important contextual cue of privacy concerns. Furthermore, we study another mechanism, permission justification, as a means to enhance the communication between developers and users, so that the welfare of both developers and users are improved. Our results indicate that permission justification does help to alleviate users’ privacy concerns. Third, drawing on ELM, this study takes an information processing perspective in

30

ACCEPTED MANUSCRIPT

examining privacy concerns. In particular, this study proposes the contingent effect of

T

mobile privacy victim experience on privacy concerns. Although mobile privacy

IP

victim experience has been included in a few research models, it was often treated as a

SC R

control variable with no significant effect [33, 37]. Our findings suggest that the effect of permission justification varies to the mobile privacy victim experience of users. If users have experienced more mobile privacy invasion, they would discount the

NU

efficacy of permission justification. This result suggests that there is a spill-over effect

MA

of privacy experience: when users encounter negative privacy experiences from some apps, they tend to doubt about more apps.

D

Our findings also provide practical implications for app developers, app stores and

TE

mobile users. Because the profits for both Android developers and app stores hinge on

CE P

app downloads, it is imperative for them to understand users’ privacy concerns in this stage. First, since perceived permission sensitivity significantly increases privacy

AC

concerns and subsequently discourages download intention, developers shall be careful in requesting app permissions. This includes both the number of permissions and the sensitivity of permissions. Second, if a permission request is necessary for the functionality of an app, it is important for developers to explain the purpose and data protection practice to users, although the provision of justification may not work equally effective for all users. In order to protect users, it is important for app stores to disclose permission requests of apps. The disclosed permission requests and justifications are the two major determinants of privacy concerns in app download. While app stores might be

31

ACCEPTED MANUSCRIPT

concerned about the negative impact of the prominent permission disclosure practice on their revenue, we offer a solution, i.e. permission justification, to achieve a better

IP

T

“win-win” outcome.

SC R

Third, considering the significant effect of perceived app popularity on privacy decision-making, we suggest app stores to highlight the popularity cues on the app download pages. From a user’s perspective, however, we suggest that individual users

NU

should avoid over-relying on app popularity. The insignificant interaction between

MA

perceived app popularity and mobile privacy victim experience implies that even users who have prior privacy victim experience still rely heavily on this cue. The heavy

D

reliance on popularity in privacy decision-making may lead to a herding consequence

TE

that the diffusion of a privacy-invasive app is hard to stop once a critical mass has

CE P

been reached. Thus, individual users should treat app popularity with caution. 6.3 Limitation and future direction

AC

There are several limitations in this study which also suggest opportunities for future research. First, as our vignette design employed only one app, the application of our findings to other types of apps should be treated with caution. Because perceived app popularity, perceived permission sensitivity, and users’ prior privacy experience are constructs general to most apps, we expect these results to be generalizable to other apps. Permission justification operationalized in this study is found to be useful in alleviating users’ privacy concerns. However, in order to facilitate communication between developers and users, future research may explore better mechanisms of permission justification to ease users’ privacy concerns. Second, besides the proposed

32

ACCEPTED MANUSCRIPT

contextual cues, there are other contextual cues, such as other users’ comments of the

T

app and developer’s information, could influence users’ privacy concerns. This study

IP

can serve as a theoretical basis for future examination of other contextual cues. Third,

SC R

our sample consisted of only university students. While they are typical app users, future research may extend to different populations. Fourth, we used a vignette-based survey to avoid biased recall of apps. While this research methodology has its

NU

advantages, subjects’ interactions with the hypothetical app and app store may not

MA

represent actual experience in real world. A field experiment may offer better external validity. Finally, privacy regulation and privacy-related culture in China could be

TE

differences in mobile privacy.

D

different from other countries. Future research may examine the cross-country

CE P

6.4 Conclusion

Mobile privacy is an increasingly important issue with the wide adoption of various smart devices. Because app download stage is the first stage in users’ privacy

AC

consideration, it is important to investigate users’ privacy decision-making in this stage. This study theoretically develops and empirically tests a research model in the Android app download stage. Our findings indicate that perceived permission sensitivity exacerbates privacy concerns while permission justification and perceived app popularity alleviate privacy concerns. More interestingly, we found our operationalization of permission justification alleviates privacy concerns only for users with less mobile privacy victim experience. Results also suggest a positive effect of perceived app popularity and a negative effect of privacy concerns on users’

33

ACCEPTED MANUSCRIPT

download intention. These findings help to enrich the understanding of Android users’

T

information processing and the formation of privacy concerns in app download stage.

IP

This study also offers a practical guidance for developers to communicate permission

SC R

requests using permission justifications, so as to alleviate users’ privacy concerns

AC

CE P

TE

D

MA

NU

induced by the practice of permission request disclosure.

34

ACCEPTED MANUSCRIPT

T

7. REFERENCES

IP

[1] Alexander, C. S., & Becker, H. J. (1978). The use of vignettes in survey research.

SC R

Public Opinion Quarterly. 42(1), p. 93-104.

[2] Angst, C. M., & Agarwal, R. (2009). Adoption of electronic health records in the

NU

presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly. 33(2), p. 339-370.

MA

[3] Areni, C. S., Ferrell, M. E., & Wilcox, J. B. (2000). The persuasive impact of reported group opinions on individuals low vs. high in need for cognition:

D

Rationalization vs. biased elaboration? Psychology and Marketing. 17(10), p. 855 -

TE

875.

CE P

[4] Awad, N. F., & Krishnan, M. S. (2006). The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled

AC

online for personalization. MIS Quarterly. 30(1), p. 13-28. [5] Baidu (2014). Mobile app distribution report. Retrieved on July 30, 2016, from http://developer.baidu.com/static/assets/reportpdf/%E7%99%BE%E5%BA%A6%E7 %A7%BB%E5%8A%A8%E5%88%86%E5%8F%91%E6%8A%A5%E5%91%8A20 14H1.pdf. [6] Bansal, G., Zahedi, F., & Gefen, D. (2008). The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: A multiple-context investigation. In Proceedings of the 29th AIS International Conference on Information Systems. Paris, France. December 14-17.

35

ACCEPTED MANUSCRIPT

[7] Bansal, G., Zahedi, F., & Gefen, D. (2010). The impact of personal dispositions on

T

information sensitivity, privacy concern and trust in disclosing health information

IP

online. Decision Support Systems. 49(2), p. 138-150.

SC R

[8] Barrera, D., Clark, J., McCarney, D., & Van Oorschot, P. C. (2012). Understanding and improving app installation security mechanisms through empirical analysis of Android. In Proceedings of the second ACM Workshop on Security and

NU

Privacy in Smartphones and Mobile Devices. Raleigh, NC, USA. October 16-18. p.

MA

81-92.

[9] Barrera, D., Kayacik, H. G., van Oorschot, P. C., & Somayaji, A. (2010). A

D

methodology for empirical analysis of permission-based security models and its

TE

application to Android. In Proceedings of the 17th ACM Conference on Computer and

CE P

Communications Security. Chicago, IL, USA. October 04-08. p. 73-84. [10] Bhattacherjee, A., & Sanford, C. (2006). Influence processes for information

805-825.

AC

technology acceptance: An elaboration likelihood model. MIS Quarterly. 30(4), p.

[11] Carte, T. A., & Russell, C. J. (2003). In pursuit of moderation: Nine common errors and their solutions. MIS Quarterly. 27(3), p. 479-501. [12] Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science. 10(1), p. 104-115. [13] Dinev, T., Xu, H., Smith, J. H., & Hart, P. (2013). Information privacy and correlates: An empirical attempt to bridge and distinguish privacy-related concepts.

36

ACCEPTED MANUSCRIPT

European Journal of Information Systems. 22(3), p. 295-316.

T

[14] Dinev, T., & Hart, P. (2006). An extended privacy calculus model for

IP

e-commerce transactions. Information Systems Research. 17(1), p. 61-80.

SC R

[15] Duan, W., Gu, B., & Whinston, A. B. (2009). Informational cascades and software adoption on the internet: An empirical investigation. Management Information Systems Quarterly. 33(1), p. 23-48.

NU

[16] Eling, N., Krasnova, H., Widjaja, T., & Buxmann, P. (2013). Will you accept an

MA

app? Empirical investigation of the decisional calculus behind the adoption of applications on Facebook. In Proceedings of the 34th International Conference on

D

Information Systems. Milano, Italy. December 15-18.

TE

[17] Enck, W., Gilbert, P., Chun, B., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N.

CE P

(2014). TaintDroid: An information flow tracking system for real-time privacy monitoring on smartphones. ACM Transactions on Computer Systems. 57(3), p.

AC

99-106.

[18] Felt, A. P., Chin, E., Hanna, S., Song, D., & Wagner, D. (2011). Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security. Chicago, IL, USA. October 17-21. p. 627-638. [19] Felt, A. P., Egelman, S., Finifter, M., Akhawe, D., & Wagner, D. (2012). How to Ask for Permission. In Proceedings of the USENIX Conference on Hot Topics in Security (HotSec). Bellevue, WA, USA. August 8-10. p. 7. [20] Felt, A. P., Egelman, S., & Wagner, D. (2012). I've got 99 problems, but vibration ain't one: A survey of smartphone users' concerns. In Proceedings of the

37

ACCEPTED MANUSCRIPT

second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices.

T

Raleigh, NC, USA. October 16-18. p. 33-44.

IP

[21] Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012).

SC R

Android permissions: User attention, comprehension, and behavior. In Proceedings of the 8th Symposium on Usable Privacy and Security. Washington, DC, USA. July 11-13.

NU

[22] Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with

MA

unobservable variables and measurement error. Journal of Marketing Research. 18(1), p. 39-50.

in

2013.

Retrieved

on

TE

Billion

D

[23] Gartner (2013). Mobile App Stores Will See Annual Downloads Reach 102 July

12,

2014,

from

CE P

http://www.gartner.com/newsroom/id/2592315/. [24] Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online

AC

social networks. In Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society. Alexandria, VA, USA. November 07-10. p. 71-80. [25] Henseler, J., & Fassott, G. (2010). Testing moderating effects in PLS path models: An illustration of available procedures. Handbook of partial least squares. Springer: Berlin Heidelberg. p. 713-735. [26] Keith, M. J., Thompson, S. C., Hale, J., Lowry, P. B., & Greer, C. (2013). Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior. International Journal of Human-Computer Studies. 71(12), p. 1163-1173.

38

ACCEPTED MANUSCRIPT

[27] Kelley, P. G., Bresee, J., Cranor, L. F., & Reeder, R. W. (2009). A nutrition label

T

for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security.

IP

Mountain View, CA. July 15-17.

SC R

[28] Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J., Sadeh, N., & Wetherall, D. (2012). A conundrum of permissions: installing applications on an android smartphone. In International Conference on Financial Cryptography and Data

NU

Security. Kralendijk, Bonaire. Februray 27-March 2. p. 68-79.

MA

[29] Krasnova, H., Kolesnikova, E., & Guenther, O. (2009). "It won't happen to me!": Self-disclosure in online social networks. In Americas Conference on Information

D

Systems (AMCIS): Paper 343. San Francisco, California, USA. August 06-09.

TE

[30] Li, H., Sarathy, R., & Xu, H. (2010). Understanding situational online

CE P

information disclosure as a privacy calculus. Journal of Computer Information Systems. 51(1), p. 62-71.

AC

[31] Li, H., Sarathy, R., & Xu, H. (2011). The role of affect and cognition on online consumers' decision to disclose personal information to unfamiliar online vendors. Decision Support Systems. 51(3), p. 434-445. [32] Lord, K. R., Lee, M., & Sauer, P. L. (1995). The combined influence hypothesis: Central and peripheral antecedents of attitude toward the ad. Journal of Advertising. 24(1), p. 73-85. [33] Lowry, P. B., Moody, G., Vance, A., Jensen, M., Jenkins, J., & Wells, T. (2012). Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers. Journal of the American Society

39

ACCEPTED MANUSCRIPT

for Information Science and Technology. 63(4), p. 755-776.

T

[34] Lu, Y., Tan, B., & Hui, K. (2004). Inducing customers to disclose personal

IP

information to internet businesses with social adjustment benefits. In Proceedings of

SC R

the 25th Annual International Conference on Information Systems. Washington, USA. December 9-12. p. 570-582.

[35] MacInnis, D. J., & Stayman, D. M. (1993). Focal and emotional integration:

NU

Constructs, measures, and preliminary evidence. Journal of Advertising. 22(4), p.

MA

51-66.

[36] Maheswaran, D., & Chaiken, S. (1991). Promoting systematic processing in

D

low-motivation settings: Effect of incongruent information on processing and

TE

judgment. Journal of Personality and Social Psychology. 61(1), p. 13-25.

CE P

[37] Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information

AC

Systems Research. 15(4), p. 336-355. [38] Midha, V. (2012). Impact of consumer empowerment on online trust: An examination across genders. Decision Support Systems. 54(1), p. 198-205. [39] Milne, G. R., & Rohm, A. J. (2000). Consumer privacy and name removal across direct marketing channels: Exploring opt-in and opt-out alternatives. Journal of Public Policy & Marketing. 19(2), p. 238-249. [40] Park, D., Lee, J., & Han, I. (2007). The effect of on-line consumer reviews on consumer purchasing intention: The moderating role of involvement. International Journal of Electronic Commerce. 11(4), p. 125-148.

40

ACCEPTED MANUSCRIPT

[41] Petty, R. E., Cacioppo, J. T., & Goldman, R. (1981). Personal involvement as a

T

determinant of argument-based persuasion. Journal of Personality and Social

IP

Psychology. 41(5), p. 847 - 855.

SC R

[42] Petty, R. E., Cacioppo, J. T., & Schumann, D. (1983). Central and peripheral routes to advertising effectiveness: the moderating role of involvement. Journal of Consumer Research. 10(2), p. 135-146.

NU

[43] Petty, R. E., & Cacioppo, J. T. (1979). Issue involvement can increase or

MA

decrease persuasion by enhancing message-relevant cognitive responses. Journal of Personality and Social Psychology. 37(10), p. 1915-1926.

30,

2016,

TE

July

D

[44] Pichai, S. (2015). Billions of Android apps vulnerable to hackers. Retrieved on from

15-02-27/.

CE P

http://www.marketwatch.com/story/billions-of-android-apps-vulnerable-to-hackers-20

30,

AC

[45] Robertson, J. (2012). Android apps collect too much user data. Retrieved on July 2016,

from

http://www.smh.com.au/digital-life/digital-life-news/android-apps-collect-too-much-u ser-data-researcher-says-20121102-28oie.html/. [46] Rucker, D. D., & Petty, R. E. (2006). Increasing the effectiveness of communications to consumers: Recommendations based on elaboration likelihood and attitude certainty perspectives. Journal of Public Policy & Marketing. 25(1), p. 39-52. [47] SanJose-Cabezudo, R., Gutierrez-Arranz, A. M., & Gutierrez-Cillan, J. (2009). The combined influence of central and peripheral routes in the online persuasion

41

ACCEPTED MANUSCRIPT

process. CyberPsychology & Behavior. 12(3), p. 299-308.

T

[48] Shook, C. L., Ketchen, D. J., Hult, G. T. M., & Kacmar, K. M. (2004). An

IP

assessment of the use of structural equation modeling in strategic management

SC R

research. Strategic Management Journal. 25(4), p. 397-404.

[49] Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: An interdisciplinary review. MIS Quarterly. 35(4), p. 989-1016.

NU

[50] Spears, J. L. (2013). The effects of notice versus awareness: An empirical

MA

examination of an online consumer's privacy risk treatment. In Proceedings of the 46th Hawaii International Conference in System Sciences. Maui, Hawaii. January

D

7-10. p. 3229-3238.

TE

[51] Wang, X., Hong, Z., Xu, Y. C., Zhang, C., & Ling, H. (2014). Relevance

CE P

judgments of mobile commercial information. Journal of the Association for Information Science and Technology. 65(7), p. 1335-1348.

AC

[52] Wiese, J., Kelley, P. G., Cranor, L. F., Dabbish, L., Hong, J. I., & Zimmerman, J. (2011). Are you close with me? Are you nearby?: Investigating social groups, closeness, and willingness to share. In Proceedings of the 13th International Conference on Ubiquitous Computing. Beijing, China. September 17-21. p. 197-206. [53] Xu, H., Dinev, T., Smith, J., & Hart, P. (2011). Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems. 12(12), p. 798-824. [54] Xu, H., Teo, H., Tan, B. C. Y., & Agarwal, R. (2012). Research note-effects of individual self-protection, industry self-regulation, and government regulation on

42

ACCEPTED MANUSCRIPT

privacy concerns: a study of location-based services. Information Systems Research.

T

23(4), p. 1342-1363.

IP

[55] Xu, H., Teo, H., Tan, B. C., & Agarwal, R. (2009). The role of push-pull

SC R

technology in privacy calculus: the case of location-based services. Journal of Management Information Systems. 26(3), p. 135-174.

NU

[56] Yang, S. C., Hung, W. C., Sung, K., & Farn, C. K. (2006). Investigating initial trust toward e‐tailers from the elaboration likelihood model perspective. Psychology

MA

& Marketing. 23(5), p. 429-445.

[57] Zhou, T. (2012). Understanding users' initial trust in mobile banking: an

D

elaboration likelihood perspective. Computers in Human Behavior. 28(4), p.

AC

CE P

TE

1518-1525.

43

ACCEPTED MANUSCRIPT

Biography Jie Gu ([email protected]) is an assistant researcher in Shanghai Academy of Social

T

Science. She got her PhD in Information Management and Information Systems, School of

SC R

networks, mobile privacy, and electronic commerce.

IP

Management, Fudan University, Shanghai, China. Her research interests include online social

Yunjie (Calvin) Xu* ([email protected]) is a professor at the School of Management,

NU

Fudan University, Shanghai, China. He got his Ph.D. in Management Information Systems from Syracuse University, New York. His research interests cover electronic commerce,

MA

knowledge management, and online social network analysis. His publications appeared in Journal of Management Information Systems, Journal of Association for Information Systems, Journal of the American Society for Information Science and Technology, IEEE Transactions on

D

Professional Communication, Communication of the ACM, International Journal of Electronic

TE

Commerce, Journal of Retailing, Decision Support Systems, and more.

CE P

Heng Xu ([email protected]) is an associate professor of Information Sciences and Technology at the Pennsylvania State University. Her current research focus is on the interplay between social and technological issues associated with information privacy. She has authored and

AC

co-authored over 90 research papers on information privacy, security management, human-computer interaction, and technology innovation adoption. Her work has been published in premier outlets across various fields such as Information Systems, Law, Computer Science, and Human-Computer Interaction, including MIS Quarterly, Information Systems Research, University of Pennsylvania Journal of Constitutional Law, Proceedings of the International World Wide Web Conference (WWW), Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI), Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing (CSCW), and many others.

Cheng Zhang ([email protected]) is a professor at the School of Management, Fudan University, Shanghai, China. He got his Ph.D. in Information Systems from National University of Singapore. His research interests cover electronic commerce, the diffusion of information 44

ACCEPTED MANUSCRIPT

technologies, and online social network analysis. His publications appeared in Journal of Management Information Systems, Journal of the American Society for Information Science

T

and Technology, European Journal of Information Systems, Decision Support Systems, Journal

IP

of Electronic Commerce Research, Journal of International Marketing, Journal of Global

SC R

Information Management.

Hong Ling ([email protected]) is a professor and the chair of the Department of Information Management and Information Systems, School of Management, Fudan

NU

University, China. He got his Ph.D. degree from Fudan University. He has worked as a Research Fellow at the City University of Hong Kong and as a visiting scholar at Sloan School

MA

of Management, MIT. He has published more than 100 papers in professional journals and conferences such as Journal of Management Information Systems， Communications of the

D

ACM, Knowledge Management Research & Practice, International Journal of Innovative

TE

Computing, Information & Control，ICIC Express Letters, Journal of the Operations Research Society. His research interests include IT strategy and management, business process

AC

CE P

reengineering, electronic business, and knowledge management.

45

ACCEPTED MANUSCRIPT

T

8. FIGURES AND TABLES

H8

IP

Perceived app popularity

H1

H7

Privacy concerns

H2 Permission justification

H6

H4

NU

Perceived permission sensitivity

SC R

H3

H5

MA

Mobile privacy victim experience

Download intention

Control variables -Age, gender -General privacy concerns -number of installed apps

Perceived app popularity

TE

D

Figure 1 Research Model

0.367**

CE P

-0.148**

0.512**

Perceived permission sensitivity

AC

R2=22.8%

R2=51% -0.16*

-0.510**

Privacy concerns

Download intention

0.131** -0.016

0.025

General privacy concerns

Permission justification -0.011

0.263** Gender

0.064 0.539**

Mobile privacy victim experience

*p<0.05, **p<0.01

Figure 2 Results of model fitting

46

ACCEPTED MANUSCRIPT

Item

CR

Construct

IP

T

Table 1 The convergent validity of the measurement model

DI1: I am _____ to download Delicacy. (1=very unwilling, 7=very willing)

Std Loadinga

AVE

CFR

α

0.893

US

DI2: After reading the related information of Delicacy, I am _____ to try Delicacy. (1=very Download

MA N

unwilling, 7=very willing) intention

0.932 0.821 0.919 0.89

DI3: After reading the related information of Delicacy, I am _____ to consider Delicacy as a 0.893

TE D

preferred app to download in the food recommendation category. (1=very unwilling, 7=very willing)

CE P

PC1: I think Delicacy _____ over-collects my personal information. (1=will never, 7=will surely)

0.820

AC

PC2: I _____ worry that Delicacy leaks my personal information to irrelevant third-parties. 0.883

Privacy

(1=completely won’t, 7=surely will)

concerns

PC3: If I were to download and use this app, I _____ be concerned that Delicacy would

0.777 0.915 0.90 0.925

violate my privacy. (1=completely won’ t, 7=surely will) PC4: If I were to download and use this app, I _____ be concern that Delicacy would misuse 0.894 my personal information. (1=completely won’t, 7=surely will)

47

ACCEPTED MANUSCRIPT

POP1: I think Delicacy is _____. (1=very unpopular, 7=very popular)

0.907

App

POP2: The download of Delicacy is _____. (1=very few, 7=numerous)

0.904

popularity

POP3: I think Delicacy is _____ among users. (1=very cold, 7=very hot)

CR

IP

T

Perceived

Perceived

US

SENS1: The permissions requested by Delicacy are _____. (1=very few, 7=a lot)

0.933 0.802

SENS2: The personal information requested by Delicacy is _____. (1=very insensitive,

MA N

permission 7=very sensitive) sensitivity

0.837 0.928 0.90

0.898 0.732 0.857 0.82

SENS3: The potential risk related to the permission requests of the app is _____. (1=very

TE D

low, 7=very high)

0.864

GPC1: I am _____ to privacy-related issues. (1=very insensitive, 7=very sensitive)

0.897

GPC2: To me, it is _____ to protect privacy. (1=very unimportant, 7=very important)

0.872

CE P

General privacy

0.756 0.876 0.84

GPC3: I am_____ concerned about potential privacy threats. (1=very much not , 7=very much) a

0.839

AC

concerns

All item loadings were significant at p<0.001 with t-statistics greater than 14.

48

ACCEPTED MANUSCRIPT

Table 2 Descriptive statistics and construct correlation mean

sd.

DI

POP

SENS

JUS

GPC

MPVE

Gender

Age

DI

3.54

1.08

0.906

PC

4.40

1.20

-.195*

0.881

POP

3.91

1.13

.369**

-0.17*

0.915

SENS

3.97

0.91

-.237**

0.57**

-0.01

0.855

JUS

---

---

-0.10

0.01

-0.00

0.08

1

GPC

5.19

1.03

0.03

.27**

0.16*

0.22**

0.06

0.869

MPVE

3.96

1.56

0.07

.38**

-0.01

0.14

0.02

.25**

1

Gender

---

---

0.22**

0.10

-0.06

0.08

-0.17

0.12

-0.01

1

Age

20.27

2.72

-0.024

0.146

-0.119

0.068

0.019

0.114

0.264*

-0.126

1

Apps

33.15

20.80

-0.052

-0.002

0.068

0.056

0.054

-0.013

0.124

-0.015

-0.154*

Apps

AC

CE P

TE D

MA N

US

CR

IP

PC

T

Construct

1

Note. *p<0.05, **p<0.01. The diagonal cells less than one are the square roots of the average variances extracted (AVEs) for latent constructs. DI=download intention, PC=privacy concerns for mobile app download, POP=perceived app popularity, SENS=perceived permission sensitivity, JUS=permission justification, GPC=general privacy concerns, MPVE=mobile privacy victim experience, Apps=the number of installed apps.

49

ACCEPTED MANUSCRIPT

CE P

TE D

MA N

US

CR

IP

We focus on Android users’ privacy decision making in app download stage. Perceived permission sensitivity makes users more concerned for privacy. Permission justification makes users less concerned for privacy. Perceived app popularity make users less concerned for privacy. Mobile privacy victim experience reduces the alleviating effect of permission justification on privacy concerns.

AC

1. 2. 3. 4. 5.

T

Highlights

50