Jason Hong (CHIMPS Lab)
Feb. 2019 - Jul. 2019 (5 months)
Figma / InVision
Ally Liu / Qian Wang / Rudy Iyer / Won-Woo Chung
UX Designer, User Researcher
UI/interaction design, information architecture, product logic, and usability testing.
How might we help people manage their mobile data access in a more knowledgeable way?
Currently, mobile OSs allow users to configure data access to an App. However, this is not enough. Apps may request users' data for unexpected purposes or leak to a third party. This can damage users' property, or even put lives in danger for certain occupations (e.g., military). So how can we let users know how their data will be used, and have control over it?
A privacy-enhanced Android system that helps you control and understand your privacy settings.
To give users finer control and more information about their data accesses, we designed an App called "Privacy Manager" and modified 4 parts of Android OS. Our system consists of 4 types of settings to satisfy user needs under different circumstances.
Privacy Manager
Click to Fold
Click to Unfold

Privacy Manager is an App similar to system preferences nowadays. It's where users can manage their privacy settings.


In the "privacy overview" section of the homepage, users can review how their data is accessed. They can also quickly improve their settings by adopting recommendations, which are based on other people's settings and their previous behavior. (See demo video)

From the homepage, they can also access global settings to configure for all Apps, app settings to configure for individual App, or privacy modes to adopt a set of pre-defined configurations.

Global Setting
"Global Setting" means configuring for all Apps. Based on user research, we decided on a "what-why-where" information hierarchy: "what data is accessed," "why it is accessed," and "where is it used." We also used a progressive disclosure fashion to avoid overwhelming users.
Privacy Mode

We designed privacy mode mainly to help organizations prevent data leakage from its employees or visitors. Employees can easily switch to different mode under different circumstances, and apply the set of configurations. For instance, DARPA’s military people may need to hide their location from all apps when they are out on a mission.

Modification 1 - Quick Setting
Click to Fold
Click to Unfold
Quick Setting

We designed more privacy-related options in the quick setting view, which can help those in sensitive situations temporarily protect specific data from all Apps. But it's still under control of the privacy mode, as shown in the demo here.

Modification 2 - App Installation
Click to Fold
Click to Unfold
App Settings

Right after users installed an app, the App Settings page will show up. The default settings are based on your previous behavior or the majority of our users. We especially designed an "uncommon requests" section to make the configuration process more manageable.

Modification 3 - App Running
Click to Fold
Click to Unfold
Run-time Message

If permission is set to “Ask,” a pop-up will appear when users are using the App. We showed the purpose, the requester, and a detailed explanation from the App to help users make decisions more knowledgeably.

Modification 4 - Notification Center
Click to Fold
Click to Unfold
Notification Center

4 levels of settings make the system complicated. It can be hard to identify why certain request is blocked. We used the notification center to explain why the request is blocked, and provide quick actions to modify the setting.

Success Metrics
We set 3 main goals for our design, and validated through thorough user testing. We explored 5 ~ 15 iterations for each design decision, and tested them with multiple users. On average, we conducted at least 3 user testings per week. See below the 3 goals:
Easy to Use
Multiple touchpoints and setting types made system complicated. We need to minimize the number of steps for each workflow, and meanwhile support needs of different types of users.
Easy to Understand
We need to effectively communicate the status of the system, the right amount of information needed to make a decision, as well as system recommendations.
Align with Material Design
Considering both user habit and development requirements, we need to follow Material Design, and know when to innovate for a better user experience.
Research Methods

Since the project already started when I joined. We did a little generative research, then mainly focused on evaluative research.

Card Sorting
Decide the information hierarchy: "what-why-where"

We used card sorting to figure out the right information hierarchy. We printed out permission cards with "what data this is for", "why it was requested", and "who'll be using it" on each one. Then we asked users to organize them. The result shows 80% of users sorted them in a “what-why-where” sequence.

card sorting
Modeling Control Logic
Simplify the control logic of the complex system.

I worked together with the developer to simplify the control logic of our complicated system. We considered as many edge cases as possible to make the decision. I also transformed our decision into the flow model to help development.

flow model of control logic
flow model of control logic
A/B Testing + Think-Alouds
Keep refining the design until it's easy to use for different people.

Designing for such a complicated system and various user types means testing again and again. The most often used method is the simplest A/B testing combined with think-alouds. For each design decision, we usually develop multiple designs to test. Asking users to perform a task and thinking aloud helped us better understand the mindset of users, thus informed us how to proceed.

an example of a/b testing
Dev Check / Developer Walkthrough
Data-driven design: results in a progressive disclosure fashion.

Figuring out exactly what and how much data will be shown on each page helped us refine the design. For instance, we applied a progressive disclosure fashion for global setting. This is because after checking the log data, we realized that there could too long a list. We also walked through the design with developers to make sure all our designs are feasible under the current Android framework.

Android's developer documentation about permissions
Designer Walkthrough / Heuristic Evaluation
The design should be consistent, align with Material Design, and covers edge cases.

Besides user testing, we also conduct designer walkthroughs once in a while to make sure: 1. our design is consistent. 2. it aligns with Material Design. 3. it covered as much edge cases as possible. These are all key metrics for the success of this project.

designer walkthrough
Privacy Manager
We designed 2 new parts on the homepage, and refined the global setting section. See below our process.
Key Iterations
Global Setting
We refined the design of the data type page, and added two other levels of setting. See below the changes:
Before vs. After and Key Iterations
Privacy Mode
We designed privacy mode to satisfy organizational need. See below the UI when there is at least one mode, and the UI when there's no mode.
Design Spec
How to add a new mode?
We specifically made it long to make sure users understand the consequence.
Key Decisions
Quick Setting
We designed 2 new parts on the homepage, and refined the global setting section. See below our process.
Before vs. After
Key Design Iterations
App Setting
See below the configuration page for an App. This page will immediately show up after the user installed an app.
Before vs. After and Key Iterations
Runtime Popup
Before vs. After and Key Explorations
Users sometimes need to change the access as an exception to use certain function. Currently, we need to dig through the configuration list and change it, and change it back afterwards. We provide a convenient entry point in the notification center to cope with these kind of situation.
Key Iterations
View Final Design ↑
Things we did correctly 😉
  • The key to designing a complex system is to simplify it through understanding the data and logic. We spent weeks discussing the control logic, conducting user research to understand users’ mental models before settling down on a design.
  • We had a good balance between following a design guideline (Material Design) and innovating based on the need.
Things we can improve 🤔
  • We couldn't test the privacy profile with organizational users due to lack of access. If possible, I hope to do more testing with them.
  • If given more time, I hope to further explore how we can recommend configurations, thus making it even easier to maintain a good setting.