Research: Slight Changes to Appearance of Privacy Warnings Significantly Improves Attention

attention message bubble in smartphone

New research from a team at Brigham Young University finds that people tend to tune out security warnings as they see them more often. Conducted by information systems professors Anthony Vance, Bonnie Anderson and Jeff Jenkins, the study was funded by the National Science Foundation and follows on previous work the researchers have conducted with Brock Kirwan, a neuroscience professor at BYU.

"The problem — and something everyone has experienced — is that warnings just fade away and disappear over time in our consciousness because we're exposed to them so often," said Vance, lead author on the study, in a prepared statement.

Previously, the team had looked at snapshots of user attention and neural response. This time, the researchers combined a five-day lab experiment that tracked neural and visual responses to security warnings with a three-week field experiment that observed users interacting with their devices naturally and tracked their responses to privacy permissions warnings.

The field study required participants to install and evaluate three apps from the Android Play store each day for 15 days. Warnings popped up for each app listing any permissions the app requested related to accessing or modifying data, with some, such as "Sell your web-browsing data" or "Record microphone audio any time," representing significant risk. Some participants received warnings that looked the same every time, while others received warnings that changed in appearance each time.

Users who received the same warnings each time adhered to the warnings 55 percent of the time at the end of the study, while those who received the shifting warnings adhered to them 76 percent of the time.

"Even using a few variations can have a substantial effect over time," said Anderson, chair of the BYU Department of information Systems, in a prepared statement. "The trick is to get the variations to the point where people pay attention without being annoyed."

The lab component of the study seems to back up those findings, as it showed reduced neural activity and eye movement with repeated static-appearance warnings and a significant increase in sustained attention for the polymorphic warnings.

"System designers need to understand this is how the brain works, and they need to be as judicious as possible with the number of warnings they present," Vance said. "Secondly, if they can add some visual novelty to the warning, that really helps the brain recapture attention."

The study, "Tuning out Security Warnings: A Longitudinal Examination of Habituation through fMRI, Eye Tracking and Field Experiments," is published in the June issue of MIS Quarterly.

About the Author

Joshua Bolkan is contributing editor for Campus Technology, THE Journal and STEAM Universe. He can be reached at [email protected].

Featured

  • an online form with checkboxes, a shield icon for security, and a lock symbol for privacy, set against a clean, monochromatic background

    Educause HECVAT Vendor Assessment Tool Gets an Upgrade

    Educause has announced HECVAT 4, the latest update to its Higher Education Community Vendor Assessment Toolkit.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.

  • DeepSeek on AWS

    AWS Offers DeepSeek-R1 as Fully Managed Serverless Model, Recommends Guardrails

    Amazon Web Services (AWS) has announced the availability of DeepSeek-R1 as a fully managed serverless AI model, enabling developers to build and deploy it without having to manage the underlying infrastructure.