PROJECT SUMMARY
This project focuses on data privacy issues that current mobile OSs like Android face. To combat this, we've proposed a new Privacy-Enhanced Android OS. This is done by modifying 4 major parts of the existing Android OS and designing an application on the new Privacy-Enhanced Android (a.k.a PE Android) to control all privacy settings. This application is called — Privacy Manager.
Team– Aniruddh Iyer, Won-Woo Chung, Qian Wang, Ally Liu
Role– Interaction Design, UX/UI Design, Information Architecture
Duration– 7 months
PROBLEM
Here are privacy problems faced by users of a mobile OS like Android:
  1. Current mobile OS's allow users to modify and configure data access to apps but these users have no idea how the data requested is being used by app developers.
  2. App developers may request data access from users in order to leak information to a third party who could use users' data in any way they desire, potentially including malicious purposes.
  3. While data privacy may not be so much of a concern to many people, it becomes an extremely serious issue in government and military scenarios.
Why is this a problem?
The misuse of data in this form can damage users' property or can even endanger lives (in government / military scenarios). Third party agencies can make use of personal data and sell it to those who have malicious intents.
SOLUTION
We designed an application for a new Privacy Enhanced Android OS to provide complete control over all privacy settings. We call this application Privacy Manager. In addition to this, the new Privacy Enhanced Android OS has 4 modifications from the existing OS. These modifications are present in Notifications, Quick Settings, Application Runtime and Application Installation.
MAIN FEATURES
Privacy Manager
Homepage
The homepage shows users an overview of how their data is being accessed. It provides recommendations for privacy configurations based on peoples' current and previous behavior. Additionally, it acts as an entry point to configure global and individual app settings.
Global Settings
The global settings page, as the name suggests, provides the ability to configure settings for ALL applications. The design makes use of progressive disclosure and a what-why-where (what data is used, why it is used and where is it being used) information hierarchy to avoid an overload of information.
PRIVACY MODEs
Privacy Modes enable organizations to list a set of privacy configurations for any device used by employees. These configurations can easily be applied to the system by turning the specific privacy mode on. With this, employees can also switch between different modes in different situations. (DARPA's military)
WIZARD to add modes
In order to ensure that users understand what and how exactly an organization's privacy mode will affect their system and usage, we designed a wizard to add new privacy modes. In addition to scanning and adding modes, the wizard also gives users a preview of privacy configurations specified by the privacy mode.
Modifications
QUIck Settings
On Privacy Enhanced Android, quick settings let you easily enable or disable the privacy mode. Once the privacy mode is enabled, affected settings are labelled with the organization name. This will prevent those particular settings from being configured depending on the organization's policy.
Install time
While users install apps on their device, we show them the app settings. These app settings show users what, why and where permissions are being requested/used. Additionally, these requests are segregated into common and uncommon requests depending on current similar apps' requests.
runtime
On PE Android, users can set permissions to "Ask". This mean that an application will ask users whenever it requires access to a permission. In addition, we show users the "what-why-where" of data usage by the app. This provides more real-time and contextual information to users.
notifications
Notifications in PE Android are designed in a way to quickly inform users that a permission was requested but blocked either due to a global setting, app setting or a privacy mode. We provide users the ability to "Allow Once" to prevent the burden of a layered process for immediate access. (Exception - Privacy Mode)
PROCESS
Initial Steps
Due to the fact that this project was ongoing when my team joined it, we started off with understanding the problem and past generative research. This helped us conduct a bit more generative research and focus on evaluative research. We perused privacy related regulations like the GDPR, application usage statistics along android permission libraries and their documentation.
Our initial steps provided us a good scope for what we had to figure out. Essentially, we realized that we had to come up with information hierarchy for data usage.
Card Sorting
To help us figure out the information hierarchy, we made use of the card sorting technique. We created permission cards along with cards for "what data", "where it will be used" and "why that data". Each of our participants were asked to organize the cards in order of importance to them. It turned out that a majority of our participants sorted the information in a "what-why-where" sequence.
Product Logic with Developers
To ensure that our design made sense from an implementation perspective, we sat down with developers to craft the product logic and flow of control. We realized that the order of priority for each layer of setting had to be established before we designed the flow of control.
A/B Testing
Based on our Product Logic, we set out to design the necessary features. Through our design process, we realized that multiple versions of the design seemed to make sense. To help us narrow down on a singular design, we conducted A/B tests with different sets of versions to see how they perform and compare against each other. This really helped us understand the pros and cons of our screens and guided us to our final design.
Final Designs
Our final designs for the privacy manager, take into account the most beneficial and user friendly versions of our A/B tests. The designs make use of progressive disclosure so as to not front-load a large amount of information to users. In addition to progressive disclosure, we made sure that the designs always follow the "what-why-where" information architecture. This was done by chunking the information visually. By representing information in the form of cards that can expand we achieved both progressive disclosure and the desired information architecture. The following screens below encompass all of our final designs.
Improvements Over Android OS
In addition to the privacy manager, how do our modifications provide value to users? Our modifications provide substantial improvement with regards to keeping users informed of privacy related activities that take place on their devices. These modifications are in place to make sure that at every step of application usage, users' data is used appropriately. Details on each of these improvements can be seen below.
Success Metrics
Throughout the process of the design phase, every step of refinement was completed with user tests. We would walkthrough and test our designs with people of different backgrounds (Network Engineers, System Engineers, Designers, Law Enforcement). On an average, we conducted 2-3 user tests per week. There were three major criteria that we used to assess our designs.
  1. Ease of Use
  2. Facility to better Understand
  3. Alignment with Material Design
EASE OF USE
Since our designs are trying to provide users with significant amount of information, we wanted to make sure that it's easy to maneuver through the system by minimizing the number of steps to accomplish a task.
Facility to understand
While trying to minimize the number steps, it is also necessary to convey the right information at the right time in order to facilitate better understanding. Thus finding the right balance between "Ease of Use" and "Facility to Understand" is quintessential.
material design alignment
Since our focus was on improving the Android OS (coming up with Privacy Enhanced Android OS), it was useful and necessary to follow Google's Material Design guidelines.
Outcome of our Work
Our final designs were presented to our client DARPA (Defence Advanced Research Projects Agency). They were extremely impressed by the utility of having privacy modes especially with the line of work their employees are in. Eventually, the designs were even presented to Google to accommodate or update to a more privacy enhanced Android. Android 10's new privacy features seem to display signs of our work being taken seriously and incorporated.
OVERALL REFLECTION
The fact that I joined this project towards its second quarter was a different kind of experience for me as I've generally worked on projects from their very first steps. Understanding the problem space based on previous generative research made me realize the importance of data privacy on our devices. I've observed a "creepy" tendency of applications to show advertisements related to something I said or searched on the internet outside of the application. This means that those applications were making use of permission requests to feed data to third party advertisers. Being someone that experienced this (along with a large number of similar cases for others), I definitely felt that the solution would protect people and provide better control over OUR OWN DATA.
©2019 Aniruddh Iyer