Privacy of Default Apps in Apple's Mobile Ecosystem

Abstract

Users need to configure default apps when they first start using their devices. The privacy configurations of these apps do not always match what users think they have initially enabled. We first explored the privacy configurations of eight default apps Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My, and Touch ID. We discovered serious issues with the documentation of these apps. Based on this, we studied users' experiences with an interview study (N=15). We show that: the instructions for setting privacy configurations of default apps are vague and lack required steps; users were unable to disable default apps from accessing their personal information; users assumed they were being tracked by some default apps; default apps may cause tensions in family relationships because of information sharing. Our results illuminate on the privacy and security implications of configuring the privacy of default apps and how users understand the mobile ecosystem.