Smartphone users are often unaware of mobile applications’ (“apps”) third-party data collection and sharing practices, which put them at higher risk of privacy breaches. One way to raise awareness of these practices is by providing unobtrusive but pervasive visualizations that can be presented in a glanceable manner. In this paper, we applied Wogalter et al.’s Communication-Human Information Processing model (C-HIP) to design and prototype eight different visualizations that depict smartphone apps’ data sharing activities. We varied the granularity and type (i.e., data-centric or app-centric) of information shown to users and used the screensaver/lock screen as a design probe. Through interview-based design probes with Android users (n=15), we investigated the aspects of the data exposure visualizations that influenced users’ comprehension and privacy awareness. Our results shed light on how users’ perceptions of privacy boundaries influence their preference regarding the information structure of these visualizations, and the tensions that exist in these visualizations between glanceability and granularity. We discuss how a pervasive, soft paternalistic approach to privacy-related visualization may raise awareness by enhancing the transparency of information flow, thereby, unobtrusively increasing users’ understanding of data sharing practices of mobile apps. We also discuss implications for privacy research and glanceable security.
 Y. Agarwal and M. Hall, “Protectmyprivacy: detecting and mitigating privacy leaks on ios devices using crowdsourcing,” in Proceeding of the 11th annual international conference on Mobile systems, applications, and services. ACM, 2013, pp. 97–110.
 J. Angulo, S. Fischer-Hübner, T. Pulls, and E. Wästlund, “Usable transparency with the data track: a tool for visualizing data disclosures,” in Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems. ACM, 2015, pp. 1803–1808.
 A. Azfar, K.-K. R. Choo, and L. Liu, “Forensic taxonomy of android productivity apps,” Multimedia Tools and Applications, vol. 76, no. 3, pp. 3313–3341, 2017.
 M. Backes, S. Bugiel, and E. Derr, “Reliable third-party library detection in android and its security applications,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2016, pp. 356–367.
 P. Bahirat, Y. He, A. Menon, and B. Knijnenburg, “A Data-Driven Approach to Developing IoT Privacy-Setting Interfaces,” in 23rd International Conference on Intelligent User Interfaces. ACM, 2018, pp. 165–176.
 K. Benton, L. J. Camp, and C. Small, “OpenFlow vulnerability assessment,” in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 151–152.
 R. Böhme and J. Grossklags, “The security cost of cheap user interaction,” in Proceedings of the 2011 workshop on New security paradigms workshop. ACM, 2011, pp. 67–82. [Online]. Available: http://dl.acm.org/citation.cfm?id=2073284
 R. Binns, U. Lyngs, M. Van Kleek, J. Zhao, T. Libert, and N. Shadbolt, “Third Party Tracking in the Mobile Ecosystem,” arXiv preprint arXiv:1804.03603, 2018.
 D. M. Boyd and N. B. Ellison, “Social network sites: Definition, history, and scholarship,” Journal of computer-mediated Communication, vol. 13, no. 1, pp. 210–230, 2007.
 K. Caine, “Local Standards for Sample Size at CHI,” in Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, ser. CHI ’16. New York, NY, USA: ACM, 2016, pp. 981–992, event-place: San Jose, California, USA. [Online]. Available: http://doi.acm.org/10.1145/2858036.2858498
 T. Chen, I. Ullah, M. A. Kaafar, and R. Boreli, “Information Leakage Through Mobile Analytics Services,” in Proceedings of the 15th Workshop on Mobile Computing Systems and Applications, ser. HotMobile ’14. New York, NY, USA: ACM, 2014, pp. 15:1–15:6. [Online]. Available: http://doi.acm.org/10.1145/2565585.2565593
 P. H. Chia, Y. Yamamoto, and N. Asokan, “Is this app safe?: a large scale study on application permissions and risk signals,” in Proceedings of the 21st international conference on World Wide Web. ACM, 2012, pp. 311–320. [Online]. Available: http://dl.acm.org/citation.cfm?id=2187879
 R. Compañó and W. Lusoli, “The policy maker’s anguish: Regulating personal data behavior between paradoxes and dilemmas,” in Economics of Information Security and Privacy. Springer, 2010, pp. 169–185.
 I. Dey, Qualitative data analysis: A user friendly guide for social scientists. Routledge, 2003.
 W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones,” ACM Transactions on Computer Systems (TOCS), vol. 32, no. 2, p. 5, 2014.
 A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner, “Android permissions: User attention, comprehension, and behavior,” in Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 2012, p. 3. [Online]. Available: http://dl.acm.org/citation.cfm?id=2335360
 S. Fischer-Hübner, J. Angulo, F. Karegar, and T. Pulls, “Transparency, Privacy and Trust–Technology for Tracking and Controlling My Data Disclosures: Does This Work?” in IFIP International Conference on Trust Management. Springer, 2016, pp. 3–14.
 H. Fu, Y. Yang, N. Shingte, J. Lindqvist, and M. Gruteser, “A field study of run-time location access disclosures on android smartphones,” Proc. USEC, vol. 14, 2014.
 R. Gouveia, E. Karapanos, and M. Hassenzahl, “How do we engage with activity trackers?: a longitudinal study of habito,” in Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 2015, pp. 1305–1316.
 R. Gouveia, F. Pereira, A. Caraban, S. A. Munson, and E. Karapanos, “You have 5 seconds: designing glanceable feedback for physical activity trackers,” in Adjunct Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers. ACM, 2015, pp. 643–647.
 R. Gouveia, F. Pereira, E. Karapanos, S. A. Munson, and M. Hassenzahl, “Exploring the design space of glanceable feedback for physical activity trackers,” in Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, 2016, pp. 144–155.
 R. Herbster, S. DellaTorre, P. Druschel, and B. Bhattacharjee, “Privacy Capsules: Preventing Information Leaks by Mobile Apps,” in Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, ser. MobiSys ’16. New York, NY, USA: ACM, 2016, pp. 399–411. [Online]. Available: http://doi.acm.org/10.1145/2906388.2906409
 Q. Ismail, T. Ahmed, K. Caine, A. Kapadia, and M. Reiter, “To permit or not to permit, that is the usability question: Crowdsourcing mobile apps’ privacy permission settings,” Proceedings on Privacy Enhancing Technologies, vol. 2017, no. 4, pp. 119–137, 2017.
 P. G. Kelley, J. Bresee, L. F. Cranor, and R. W. Reeder, “A “Nutrition Label” for Privacy,” in Proceedings of the 5th Symposium on Usable Privacy and Security, ser. SOUPS ’09. New York, NY, USA: ACM, 2009, pp. 4:1–4:12. [Online]. Available: http://doi.acm.org/10.1145/1572532.1572538
 P. G. Kelley, S. Consolvo, L. F. Cranor, J. Jung, N. Sadeh, and D. Wetherall, “A Conundrum of Permissions: Installing Applications on an Android Smartphone,” in Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science, J. Blyth, S. Dietrich, and L. J. Camp, Eds., vol. 7398. Springer Berlin Heidelberg, 2012, pp. 68–79.
 P. G. Kelley, L. F. Cranor, and N. Sadeh, “Privacy As Part of the App Decision-making Process,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ser. CHI ’13. New York, NY, USA: ACM, 2013, pp. 3393–3402. [Online]. Available: http://doi.acm.org/10.1145/2470654.2466466
 P. Klasnja, S. Consolvo, D. W. McDonald, J. A. Landay, and W. Pratt, “Using mobile & personal sensing technologies to support health behavior change in everyday life: lessons learned,” in AMIA Annual Symposium Proceedings, vol. 2009. American Medical Informatics Association, 2009, p. 338.
 B. P. Knijnenburg, “Privacy? I Can’t Even! Making a Case for User-Tailored Privacy,” IEEE Security & Privacy, vol. 15, no. 4, pp. 62–67, 2017.
 B. P. Knijnenburg and A. Kobsa, “Making decisions about privacy: information disclosure in context-aware recommender systems,” ACM Transactions on Interactive Intelligent Systems (TiiS), vol. 3, no. 3, p. 20, 2013.
 H. D. Laswell, “The structure and function of communication in society,” The communication of ideas, 1948.
 A. Le, J. Varmarken, S. Langhoff, A. Shuba, M. Gjoka, and A. Markopoulou, “AntMonitor: A system for monitoring from mobile devices,” in Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data. ACM, 2015, pp. 15–20.
 A. Le, J. Varmarken, S. Langhoff, A. Shuba, M. Gjoka, and A. Markopoulou, “Antmonitor: A system for monitoring from mobile devices,” in Proceedings of the 2015 ACM SIGCOMM Workshop on Crowdsourcing and Crowdsharing of Big (Internet) Data. ACM, 2015, pp. 15–20.
 J. Lin, S. Amini, J. I. Hong, N. Sadeh, J. Lindqvist, and J. Zhang, “Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy Through Crowd-sourcing,” in Proceedings of the 2012 ACM Conference on Ubiquitous Computing, ser. UbiComp ’12. New York, NY, USA: ACM, 2012, pp. 501–510. [Online]. Available: http://doi.acm.org/10.1145/2370216.2370290
 Y.-H. Lin, C.-H. Fang, and C.-L. Hsu, “Determining Uses and Gratifications for Mobile Phone Apps,” in Future Information Technology, ser. Lecture Notes in Electrical Engineering, J. J. J. H. Park, Y. Pan, C.-S. Kim, and Y. Yang, Eds. Springer Berlin Heidelberg, 2014, pp. 661–668.
 H. R. Lipford, A. Besmer, and J. Watson, “Understanding Privacy Settings in Facebook with an Audience View,” in Proceedings of the 1st Conference on Usability, Psychology, and Security, ser. UPSEC’08. Berkeley, CA, USA: USENIX Association, 2008, pp. 2:1–2:8. [Online]. Available: http://dl.acm.org/citation.cfm?id=1387649.1387651
 B. Liu, M. S. Andersen, F. Schaub, H. Almuhimedi, S. A. Zhang, N. Sadeh, Y. Agarwal, and A. Acquisti, “Follow my recommendations: A personalized privacy assistant for mobile app permissions,” in Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), 2016, pp. 27–41.
 B. Liu, J. Lin, and N. Sadeh, “Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?” in Proceedings of the 23rd International Conference on World Wide Web, ser. WWW ’14. New York, NY, USA: ACM, 2014, pp. 201–212. [Online]. Available: http://doi.acm.org/10.1145/2566486.2568035
 T. Matthews, D. Blais, A. Shick, J. Mankoff, J. Forlizzi, S. Rohrbach, and R. Klatzky, “Evaluating glanceable visuals for multitasking,” Technical Report EECS-2006-173. UC Berkeley, Tech. Rep., 2006.
 W. Nayam, A. Laolee, L. Charoenwatana, and K. Sripanidkulchai, “An Analysis of Mobile Application Network Behavior,” in Proceedings of the 12th Asian Internet Engineering Conference, ser. AINTEC ’16. New York, NY, USA: ACM, 2016, pp. 9–16. [Online]. Available: http://doi.acm.org/10.1145/3012695.3012697
 H. Nissenbaum, “A contextual approach to privacy online,” Daedalus, vol. 140, no. 4, pp. 32–48, 2011.
 A. Oglaza, R. Laborde, A. Benzekri, and F. Barrère, “A Recommender-Based System for Assisting Non-technical Users in Managing Android Permissions,” in 2016 11th International Conference on Availability, Reliability and Security (ARES), Aug. 2016, pp. 1–9.
 A. Oulasvirta, T. Rattenbury, L. Ma, and E. Raita, “Habits make smartphone use more pervasive,” Personal and Ubiquitous Computing, vol. 16, no. 1, pp. 105–114, 2012.
 S. Petronio, Boundaries of Privacy: Dialectics of Disclosure. SUNY Press, Feb. 2012, google-Books-ID: 8v89W_oJQ0wC.
 M. Pielot, A. Vradi, and S. Park, “Dismissed!: a detailed exploration of how mobile phone users handle push notifications,” in Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services. ACM, 2018, p. 3.
 A. Rao, F. Schaub, N. Sadeh, A. Acquisti, and R. Kang, “Expecting the unexpected: Understanding mismatched privacy expectations online,” in Symposium on Usable Privacy and Security (SOUPS), vol. 4, 2016, p. 2.
 A. Razaghpanah, N. Vallina-Rodriguez, S. Sundaresan, C. Kreibich, P. Gill, M. Allman, and V. Paxson, “Haystack: In situ mobile traffic analysis in user space,” ArXiv e-prints, 2015.
 J. Ren, M. Lindorfer, D. J. Dubois, A. Rao, D. Choffnes, and N. Vallina-Rodriguez, “Bug Fixes, Improvements,... and Privacy Leaks,” 2018.
 J. Ren, A. Rao, M. Lindorfer, A. Legout, and D. Choffnes, “ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic,” in Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, ser. MobiSys ’16. New York, NY, USA: ACM, 2016, pp. 361–374. [Online]. Available: http://doi.acm.org/10.1145/2906388.2906392
 Y. Rogers, W. R. Hazlewood, P. Marshall, N. Dalton, and S. Hertrich, “Ambient influence: Can twinkly lights lure and abstract representations trigger behavioral change?” in Proceedings of the 12th ACM international conference on Ubiquitous computing. ACM, 2010, pp. 261–270.
 R. Roshandel and R. Tyler, “User-centric Monitoring of Sensitive Information Access in Android Applications,” in Proceedings of the Second ACM International Conference on Mobile Software Engineering and Systems, ser. MOBILESoft ’15. Piscataway, NJ, USA: IEEE Press, 2015, pp. 144–145. [Online]. Available: http://dl.acm.org/citation.cfm?id=2825041.2825076
 G. L. Scoccia, I. Malavolta, M. Autili, A. Di Salle, and P. Inverardi, “User-centric Android Flexible Permissions,” in Proceedings of the 39th International Conference on Software Engineering Companion, ser. ICSE-C ’17. Piscataway, NJ, USA: IEEE Press, 2017, pp. 365–367. [Online]. Available: https://doi.org/10.1109/ICSE-C.2017.84
 C. E. Shannon, “A mathematical theory of communication,” ACM SIGMOBILE mobile computing and communications review, vol. 5, no. 1, pp. 3–55, 2001.
 I. Shklovski, S. D. Mainwaring, H. H. Skúladóttir, and H. Borgthorsson, “Leakiness and creepiness in app space: Perceptions of privacy and mobile app use,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2014, pp. 2347–2356.
 H. J. Smith, S. J. Milberg, and S. J. Burke, “Information privacy: measuring individuals’ concerns about organizational practices,” MIS quarterly, pp. 167–196, 1996. [Online]. Available: http://www.jstor.org/stable/249477
 G. Srivastava, S. Chitkara, K. Ku, S. K. Sahoo, M. Fredrikson, J. Hong, and Y. Agarwal, “PrivacyProxy: Leveraging Crowdsourcing and In Situ Traffic Analysis to Detect and Mitigate Information Leakage,” arXiv preprint arXiv:1708.06384, 2017.
 G. Srivastava, S. Chitkara, K. Ku, S. K. Sahoo, M. Fredrikson, J. I. Hong, and Y. Agarwal, “Privacyproxy: Leveraging crowdsourcing and in situ traffic analysis to detect and mitigate information leakage,” ArXiv, vol. abs/1708.06384, 2017.
 A. Strauss and J. Corbin, Basics of qualitative research: Procedures and techniques for developing grounded theory. Thousand Oaks, CA: Sage, 1998.
 J. A. Tran, K. S. Yang, K. Davis, and A. Hiniker, “Modeling the engagement-disengagement cycle of compulsive phone use,” in Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 2019, p. 312.
 M. Van Kleek, R. Binns, J. Zhao, A. Slack, S. Lee, D. Ottewell, and N. Shadbolt, “X-Ray Refine: Supporting the Exploration and Refinement of Information Exposure Resulting from Smartphone Apps,” in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, ser. CHI ’18. New York, NY, USA: ACM, 2018, pp. 393:1–393:13. [Online]. Available: http://doi.acm.org/10.1145/3173574.3173967
 J. Vitak, S. Blasiola, S. Patil, and E. Litt, “Balancing audience and privacy tensions on social network sites: Strategies of highly engaged users,” International Journal of Communication, vol. 9, p. 20, 2015.
 Y. Wang, P. G. Leon, K. Scott, X. Chen, A. Acquisti, and L. F. Cranor, “Privacy Nudges for Social Media: An Exploratory Facebook Study,” in Proceedings of the 22Nd International Conference on World Wide Web, ser. WWW ’13 Companion. New York, NY, USA: ACM, 2013, pp. 763–770. [Online]. Available: http://doi.acm.org/10.1145/2487788.2488038
 P. Wijesekera, A. Baokar, A. Hosseini, S. Egelman, D. Wagner, and K. Beznosov, “Android permissions remystified: A field study on contextual integrity,” in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 499–514.
 H. Xu, H.-H. Teo, B. C. Tan, and R. Agarwal, “Research noteeffects of individual self-protection, industry self-regulation, and government regulation on privacy concerns: a study of location-based services,” Information Systems Research, vol. 23, no. 4, pp. 1342–1363, 2012. [Online]. Available: http://pubsonline.informs.org/doi/abs/10.1287/isre.1120.0416
 J. Zang, K. Dummit, J. Graves, P. Lisker, and L. Sweeney, “Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps,” Proceeding of Technology Science, 2015.
 A. Zavou, V. Pappas, V. P. Kemerlis, M. Polychronakis, G. Portokalidis, and A. D. Keromytis, “Cloudopsy: An autopsy of data flows in the cloud,” in International Conference on Human Aspects of Information Security, Privacy, and Trust. Springer, 2013, pp. 366–375.