Written By: Security.org Team | Published: April 14, 2021

Today’s ecosystem of personalized online content is powered in great part by smartphone apps, many of which are constantly collecting data about their users. For consumers, it can be hard to tell how much they’re collecting and where it’s going. A prior study from Pew Research Center confirmed what many of us might think: that a majority of Americans are concerned and confused about data privacy. Many people felt a lack of control over their personal information and how companies are able to use it. Taking this research into account, we wondered what would happen if we tested mobile app users’ knowledge of their smartphone’s management of their data. Would their existing privacy concerns encourage them to take user agreements more seriously?

Key Takeaways

  • The vast majority of Americans do not fully read privacy agreements before agreeing to them. 98% of respondents agreed to a fake consent form that offered the naming rights to their firstborn child. Less than 2% caught the prank.
  • 100% of people who said they usually read user agreements, terms of service, and privacy policies thoroughly before signing wound up agreeing to our bogus consent form.
  • On average, Americans were only able to correctly identify the types of data their phone gathers with 54% accuracy.
  • In general, people were very interested in seeing what companies do with their data: 77% of people said they’d be interested in seeing regular reports from said companies on what’s being done with their personal data. 92% of respondents said these reports should be legally required.

Managing Cybersecurity

Smartphone users are responsible for managing their privacy online. We began our study by asking Americans how they typically handle cybersecurity when downloading a new app.

Only 16 people (out of more than 1,000!) caught our sneaky clause in the dummy consent form at the beginning of our survey. Ninety-eight percent agreed to allow us to name their firstborn child, despite language in the consent form notifying them that they could still complete the survey if they declined. Even the 11% who claimed they typically read user agreements, terms of service, and privacy policies thoroughly before signing didn’t catch on: 100% of those respondents agreed to our fake consent form.

Learn More: To find out how you can protect yourself online, read our cyber security tips.

This portion of our study confirms the results of a similar experiment conducted by a group of researchers prior to ours. They also discovered it was very easy to get people to agree to absurd things, like giving up their firstborn child as payment or permitting the app to deliver all data to the NSA. The study concluded that only 9% of people actually read terms and conditions, with that number plummeting to 3% among younger people from ages 18-34.

According to our data, the most common reason people don’t want to read such agreements is because they’re too wordy. With many services bearing privacy policies and user agreements with word counts in the thousands, it’s no wonder that so many Americans skip the fine print when downloading an app.

Digital Privacy Quiz

The next part of our study tested people’s knowledge about the different types of data their devices track. How aware are Americans about the private information they’re sharing? Take a look at their eye-opening quiz results below.

To determine America’s digital privacy score, we asked people to correctly identify the types of information the apps on their phone collect from them. We based it on the apps they said they currently have installed. The huge number of people who failed this quiz – 78% – revealed a wide knowledge gap between Americans’ perceptions of the data their phones track and the information they actually track.

FYI: Wondering if your password hygiene is up to snuff? Use our secure password checker for free.

Data Usage

Many companies collect a large amount of data about their users, which begs the question: What should these businesses be allowed to do with the information? Here’s how most Americans think their data should be used.

Most Americans were interested in regular data usage reports to see what companies are doing with their personal information. A strong majority believed this practice should be the law: 92% of people felt companies should be required to prepare reports on what is done with user data. Federal data privacy legislation would need to be passed to make reports like these the norm across the country.

Data privacy protection in the U.S. is currently a hodgepodge of state and federal laws that are often sector-specific. While there is no single regulation in place, the Federal Trade Commission (FTC) Act protects consumers from unfair or deceptive practices. For example, the FTC is authorized to take action against a company that fails to implement or maintain reasonable data security measures. They also protect Americans from companies that transfer personal information in a way that’s not disclosed in the app’s privacy policy.

Many Americans, including government leaders, seek to improve and standardize data privacy practices in the U.S. through federal legislation. They’re pushing for the passage of a comprehensive federal data privacy law to benefit both consumers and businesses.

Support for Data Privacy Legislation

We concluded our research by asking people how they feel about data privacy laws, especially if new legislation would affect personalized advertising on their social media feeds.

Most Americans would support a policy that would keep companies from selling their personal data, even though it could cause a disruption of personalized or targeted advertising on their online and social platforms:

  • 77% of Americans would be likely to support such a law, while only 8% said they would be unlikely to do so.
  • Three out of 4 people who said they like their social media feeds to be tailored to them also said they’d support this legislation.
  • 75% of those who said they like personalized advertising also said they’d support this legislation.

These findings seem to indicate that people prioritize data privacy over convenience; however, this may just be lip service given that our earlier findings show that people can’t or won’t invest enough time in their privacy to read the fine print. A more likely conclusion is that people generally don’t fully understand the vital connection between user-data trafficking and personalized content. Americans are caught in a tug-of-war between convenience and privacy, and we can’t seem to make up our mind.

Conclusion

The majority of Americans are very concerned about data privacy; however, these feelings didn’t affect how much attention most people paid to our consent agreement. We were able to fool almost the entire group into allowing us the privilege of naming their firstborn child. In the near future, terms of service agreements may be governed by federal regulation to help users better understand what they’re signing. In the meantime, smartphone users can take advantage of the many different ways they can currently enhance their personal digital security.

Our Data

Data used in this analysis were gathered from a survey of 1,011 American smartphone owners. Approximately, 52% were men, 47% were women, and less than 1% were nonbinary or nonconforming. The average age of respondents was 36.9 years with a standard deviation of 12.4. Millennials are overrepresented in the sample, with 56% of respondents being born between 1981 and 1997. 25% were Generation X, and 13% were baby boomers. The remaining 6% were from Generation Z or from generations older than Generation X.

The experiment with the fake consent form was designed in such a way that if a respondent noticed the bogus clause, they were very likely to see the next sentence which informed them that declining the form would not disqualify them from completing the survey. This was done to reduce risk that respondents would notice the bogus clause and decide not to complete the survey.

Quiz scores were determined by checking the types of data collected by apps the respondent indicated they have on their phone against the types of data respondents thought their phones gathered from them. Correctly identifying that their phone did or did not gather a piece of data resulted in an addition of 1 point to their score. “Don’t know” responses did not count toward a positive score. Since there were 15 data types included in the survey, the maximum possible score was 15/15 (100%).

A primary limitation of this survey is reliance on self-report, which is faced with several issues, such as exaggeration, telescoping, and recency bias.