Designing Reflective Thinking-Based Contextual Privacy Policy for Mobile Applications
Authors: Shuning Zhang (Tsinghua University), Sixing Tao (University of Washington), Eve He (University of Wisconsin-Madison), Yuting Yang (University of Michigan), Ying Ma (The University of Melbourne), Ailei Wang (Tsinghua University), Xin Yi (Tsinghua University and Beijing Academy of Artificial Intelligence), Hewu Li (Tsinghua University)
Volume: 2026
Issue: 4
Pages: 814–836
DOI: https://doi.org/10.56553/popets-2026-0146
Abstract: Traditional mobile privacy policies are often ignored due to their excessive length and legalistic complexity. While Contextual Privacy Policies (CPPs) present information at the point of risk, they often act as static displays that fail to engage users or prompt active decision making. To address these limitations, we construct a design space for reflective CPPs based on the Reflective Thinking Framework. Through three expert workshops, we mapped the hypothetical user interaction around CPPs to three stages of reflection: Experience (triggering surprise via contextual cues), Reflection (supporting inquiry through risk scenarios), and Action (empowering users with granular controls). We instantiated this design space with Conflect, a high-fidelity mobile prototype featuring non-intrusive sidebar alerts and dynamically synthesized risk explanations. A user study (N=48) comparing Conflect against state-of-the-art CPP designs shows that our reflective approach effectively reduces users' perceived habitual action and improves privacy comprehension. Notably, Conflect facilitates these gains without increasing cognitive load or compromising usability compared to CPPs.
Keywords: Privacy policy, Contextual privacy policy, Interaction design, Design space, Reflective thinking
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.