Despite privacy concerns, social media users continue to share vast amounts of personal information online, and to use services that can access this data. But are users fully aware of what information they are sharing when they install an app, or are they making these decisions from a weak position? In this paper, we focused on Facebook apps and set out to understand how well informed users are about the information they are sharing and how concerned they are about privacy.
We recruited 120 subjects for an experiment. Subjects completed a survey about their beliefs and concerns regarding the information Facebook apps could access in their profiles. They were shown additional information from different sources that explained what data apps could access, and then asked to re-take the survey. We found that after viewing the information about app data access, overall concern about privacy on Facbeook increased, as did concern about identity theft, and unauthorized people gaining access to subjects' data. Furthermore, after viewing the data, subjects had a better understanding of what data apps were able to access from their profile. At the same time, even after viewing explicit information on the topic, many subjects still did not fully understand what data apps could access.
We present the results of our study, address how these results can inform future work on educating users about privacy risks and policies, discuss and the implications this has for cybersecurity, social media, and HCI.