Table of Contents
Fetching ...

(Mis-)Informed Consent: Predatory Apps and the Exploitation of Populations with Limited Literacy

Muhammad Muneeb Pervez, Muhammad Qasim Atiq Ullah, Ibrahim Ahmed Khan, Roshnik Rahat, Muhammad Fareed Zaffar, Rashid Tahir, Talal Rahwan, Yasir Zaki

TL;DR

The paper investigates how informed consent is undermined for populations with limited literacy in LMIC smartphone markets by predatory financial apps. It employs a three-phase approach comprising user interviews, static permission analysis of 50 apps, and an LLM-driven, multi-modal intervention (audio Urdu summaries and risk visuals) to improve consent clarity. Key findings include a high rate of permission misunderstanding (85%) and widespread over-permissioning (80%), with interventions that combine simplified summaries and visuals significantly enhancing risk awareness and cautious decision-making, especially among women. The work highlights regulatory blind spots and proposes scalable, AI-assisted privacy-literacy tools and policy changes to strengthen consent in financially risky mobile apps.

Abstract

Among populations with limited literacy in emerging digital markets, the adoption of mobile phones, combined with comprehension barriers and poor cybersecurity hygiene, has created hidden privacy risks. This paper examines how informed consent is often abused by predatory financial applications, leading to financial scams that disproportionately affect users with low literacy. We focus on predatory loan, gambling, and trading apps, analyzing a dataset of 50 Google Play Store apps to measure how many omit or obfuscate critical privacy disclosures. We also evaluate comprehension gaps among users with low literacy via a targeted user study and assess whether Large Language Model (LLM)-generated summaries, translations, and visual cues can improve consent clarity. Our findings show that 85% of study participants did not understand basic app permissions, underscoring the urgent need for stronger regulatory oversight and scalable LLM-driven privacy-literacy tools.

(Mis-)Informed Consent: Predatory Apps and the Exploitation of Populations with Limited Literacy

TL;DR

The paper investigates how informed consent is undermined for populations with limited literacy in LMIC smartphone markets by predatory financial apps. It employs a three-phase approach comprising user interviews, static permission analysis of 50 apps, and an LLM-driven, multi-modal intervention (audio Urdu summaries and risk visuals) to improve consent clarity. Key findings include a high rate of permission misunderstanding (85%) and widespread over-permissioning (80%), with interventions that combine simplified summaries and visuals significantly enhancing risk awareness and cautious decision-making, especially among women. The work highlights regulatory blind spots and proposes scalable, AI-assisted privacy-literacy tools and policy changes to strengthen consent in financially risky mobile apps.

Abstract

Among populations with limited literacy in emerging digital markets, the adoption of mobile phones, combined with comprehension barriers and poor cybersecurity hygiene, has created hidden privacy risks. This paper examines how informed consent is often abused by predatory financial applications, leading to financial scams that disproportionately affect users with low literacy. We focus on predatory loan, gambling, and trading apps, analyzing a dataset of 50 Google Play Store apps to measure how many omit or obfuscate critical privacy disclosures. We also evaluate comprehension gaps among users with low literacy via a targeted user study and assess whether Large Language Model (LLM)-generated summaries, translations, and visual cues can improve consent clarity. Our findings show that 85% of study participants did not understand basic app permissions, underscoring the urgent need for stronger regulatory oversight and scalable LLM-driven privacy-literacy tools.
Paper Structure (32 sections, 5 figures, 6 tables)

This paper contains 32 sections, 5 figures, 6 tables.

Figures (5)

  • Figure 1: Play Store permissions (left), runtime permissions (center), and sample privacy policy (right).
  • Figure 2: Number of MobSF-classified dangerous permissions across 50 shortlisted applications.
  • Figure 3: Top 15 most frequent permissions declared across our application suite.
  • Figure 4: Stepwise pipeline for our Machine Learning-based Privacy Policy Interventions
  • Figure 5: The intervention designs: Location (Left) and Camera (Right).