{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T07:59:47Z","timestamp":1761897587636,"version":"3.41.2"},"reference-count":36,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2021,8,12]],"date-time":"2021-08-12T00:00:00Z","timestamp":1628726400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,10,26]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>With the rapid deployment of internet of things (IoT) technologies, it has been essential to address the security and privacy issues through maintaining transparency in data practices. The prior research focused on identifying people's privacy preferences in different contexts of IoT usage and their mental models of security threats. However, there is a dearth in existing literature to understand the mismatch between user's perceptions and the actual data practices of IoT devices. Such mismatches could lead users unknowingly sharing their private information, exposing themselves to unanticipated privacy risks. The paper aims to identify these mismatched privacy perceptions in this work.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The authors conducted a lab study with 42 participants, where they compared participants\u2019 perceptions with the data practices stated in the privacy policy of 28 IoT devices from different categories, including health and exercise, entertainment, smart homes, toys and games and pets.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The authors identified the mismatched privacy perceptions of users in terms of data collection, sharing, protection and storage period. The findings revealed the mismatches between user's perceptions and the data practices of IoT devices for various types of information, including personal, contact, financial, heath, location, media, connected device, online social media and IoT device usage.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The findings from this study lead to the recommendations on designing simplified privacy notice by highlighting the unexpected data practices, which in turn, would contribute to the secure and privacy-preserving use of IoT devices.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-08-2020-0134","type":"journal-article","created":{"date-parts":[[2021,8,11]],"date-time":"2021-08-11T03:50:09Z","timestamp":1628653809000},"page":"573-588","source":"Crossref","is-referenced-by-count":7,"title":["A look into user\u2019s privacy perceptions and data practices of IoT devices"],"prefix":"10.1108","volume":"29","author":[{"given":"Mahdi Nasrullah","family":"Al-Ameen","sequence":"first","affiliation":[]},{"given":"Apoorva","family":"Chauhan","sequence":"additional","affiliation":[]},{"given":"M.A. Manazir","family":"Ahsan","sequence":"additional","affiliation":[]},{"given":"Huzeyfe","family":"Kocabas","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,8,12]]},"reference":[{"key":"key2021102306412619700_ref001","first-page":"605","article-title":"Exploring the potential of geopass: a geographic location-password scheme","volume":"29","year":"2017","journal-title":"Interacting with Computers"},{"first-page":"185","article-title":"The impact of cues and user interaction on the memorability of system-assigned recognition-based graphical passwords","year":"2015","key":"key2021102306412619700_ref002"},{"year":"2020","key":"key2021102306412619700_ref003","article-title":"\u2018Most companies share whatever they can to make money!\u2019: comparing user\u2019s perceptions with the data practices of IoT devices"},{"first-page":"32","article-title":"We don\u2019t give a second thought before providing our information: understanding users\u2019 perceptions of information collection by apps in urban Bangladesh","year":"2020","key":"key2021102306412619700_ref004"},{"key":"key2021102306412619700_ref005","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.ijhcs.2015.05.005","article-title":"Why phishing still works: user strategies for combating phishing attacks","volume":"82","year":"2015","journal-title":"International Journal of Human-Computer Studies"},{"issue":"4","key":"key2021102306412619700_ref006","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2333112.2333114","article-title":"Graphical passwords: learning from the first twelve years","volume":"44","year":"2012","journal-title":"ACM Computing Surveys"},{"issue":"2","key":"key2021102306412619700_ref007","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1109\/MSP.2010.84","article-title":"The limits of notice and choice","volume":"8","year":"2010","journal-title":"IEEE Security and Privacy Magazine"},{"issue":"2","key":"key2021102306412619700_ref008","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.ijhcs.2013.10.003","article-title":"Using the health belief model to explore users\u2019 perceptions of \u2018being safe and secure\u2019 in the world of technology mediated financial transactions","volume":"72","year":"2014","journal-title":"International Journal of Human-Computer Studies"},{"key":"key2021102306412619700_ref009","first-page":"534","article-title":"Exploring how privacy and security factor into IoT device purchase behavior","volume-title":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems","year":"2019"},{"first-page":"1","article-title":"Who\u2019s in control? Interactions in multi-user smart homes","year":"2019","key":"key2021102306412619700_ref010"},{"first-page":"321","article-title":"How short is too short? Implications of length and framing on the effectiveness of privacy notices","year":"2016","key":"key2021102306412619700_ref011"},{"key":"key2021102306412619700_ref012","first-page":"1","article-title":"Privacy vulnerabilities in public digital service centers in Dhaka, Bangladesh","volume-title":"Proceedings of the 2020 International Conference on Information and Communication Technologies and Development","year":"2020"},{"first-page":"327","article-title":"\u2018\u2026 No one can hack my mind\u2019: comparing expert and non-expert security practices","year":"2015","key":"key2021102306412619700_ref013"},{"key":"key2021102306412619700_ref014","unstructured":"Kaplan, D. (2016), \u201cMajority of Americans have an IoT device \u2013 and they\u2019re open to advertising\u201d, available at: https:\/\/geomarketing.com\/majority-of-americans-have-an-iot-device"},{"key":"key2021102306412619700_ref015","doi-asserted-by":"crossref","first-page":"1573","DOI":"10.1145\/1753326.1753561","article-title":"Standardizing privacy notices: an online study of the nutrition label approach","volume-title":"Proceedings of the SIGCHI Conference on Human factors in Computing Systems","year":"2010"},{"key":"key2021102306412619700_ref016","first-page":"292","article-title":"Text-based detection of unauthorized users of social media accounts","volume-title":"Canadian Conference on Artificial Intelligence","year":"2018"},{"year":"2016","key":"key2021102306412619700_ref017","article-title":"Comics as a medium for privacy notices"},{"article-title":"Password logbooks and what their amazon reviews reveal about their users\u2019 motivations, beliefs, and behaviors","volume-title":"European Workshop on Usable Security","year":"2017","key":"key2021102306412619700_ref018"},{"first-page":"229","article-title":"How effective is anti-phishing training for children?","year":"2017","key":"key2021102306412619700_ref019"},{"first-page":"1","article-title":"Alexa, are you listening? Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers","year":"2018","key":"key2021102306412619700_ref020"},{"first-page":"27","article-title":"Follow my recommendations: a personalized privacy assistant for mobile app permissions","year":"2016","key":"key2021102306412619700_ref021"},{"first-page":"37","article-title":"A comparative study of online privacy policies and formats","year":"2009","key":"key2021102306412619700_ref022"},{"first-page":"250","article-title":"Privacy attitudes of smart speaker users","year":"2019","key":"key2021102306412619700_ref023"},{"key":"key2021102306412619700_ref024","first-page":"16","article-title":"Addressing misconceptions about password security effectively","volume-title":"Workshop on Socio-Technical Aspects in Security and Trust","year":"2018"},{"key":"key2021102306412619700_ref025","first-page":"173","article-title":"Measuring password guessability for an entire university","volume-title":"Proceedings of the 2013 ACM SIGSAC conference on Computer and communications security","year":"2013"},{"first-page":"399","article-title":"Privacy expectations and preferences in an IoT world","year":"2017","key":"key2021102306412619700_ref026"},{"key":"key2021102306412619700_ref027","unstructured":"of Statistics, B.B. (2008), \u201cLiteracy assessment survey 2008\u201d, available at: www.un-bd.org\/Docs\/Publication\/Bangladesh_Literacy_Assessment_Survey_2008.Pdf"},{"year":"2018","key":"key2021102306412619700_ref028","article-title":"The internet of what? Understanding differences in perceptions and adoption for the internet of things"},{"key":"key2021102306412619700_ref029","article-title":"Internet of things-IoT: definition, characteristics, architecture, enabling technologies, application and future challenges","volume":"6","year":"2016","journal-title":"International Journal of Engineering Science and Computing"},{"first-page":"77","article-title":"Expecting the unexpected: understanding mismatched privacy expectations online","year":"2016","key":"key2021102306412619700_ref030"},{"key":"key2021102306412619700_ref031","doi-asserted-by":"crossref","first-page":"666","DOI":"10.1145\/2976749.2978307","article-title":"How I learned to be secure: a census-representative survey of security advice sources and behavior","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","year":"2016"},{"first-page":"1","article-title":"A design space for effective privacy notices","year":"2015","key":"key2021102306412619700_ref032"},{"article-title":"Understanding users\u2019 decision of clicking on posts in Facebook with implications for phishing","volume-title":"Workshop on Technology and Consumer Protection (ConPro)","year":"2018","key":"key2021102306412619700_ref033"},{"issue":"3","key":"key2021102306412619700_ref034","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3183341","article-title":"The password life cycle","volume":"21","year":"2018","journal-title":"ACM Transactions on Privacy and Security"},{"first-page":"65","article-title":"End user security and privacy concerns with smart homes","year":"2017","key":"key2021102306412619700_ref035"},{"issue":"12","key":"key2021102306412619700_ref036","doi-asserted-by":"crossref","first-page":"2728","DOI":"10.1002\/sec.795","article-title":"Privacy in the internet of things: threats and challenges","volume":"7","year":"2014","journal-title":"Security and Communication Networks"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2020-0134\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2020-0134\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:08Z","timestamp":1753406588000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/4\/573-588\/105389"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,12]]},"references-count":36,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,8,12]]},"published-print":{"date-parts":[[2021,10,26]]}},"alternative-id":["10.1108\/ICS-08-2020-0134"],"URL":"https:\/\/doi.org\/10.1108\/ics-08-2020-0134","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2021,8,12]]}}}