Mobile Dark Patterns

Sure, users can also enter a location manually, but there’s no provision for the automatic use of coarse location, so the result is that the app or site is still getting fine location information.

What does an app or site do with this location information? Well, once it has it, anything it wants. Again, most apps and sites hide how they’ll use location information and simply say they need the information. But AccuWeather admits that only one use is for content—which we presume would be weather reports—but also use it for advertising and other vague terms of use, as Figure 2 shows.

Many mobile apps and sites imply that they need location information to work better, but then use it too precisely and apply it too broadly.

When designing for mobile, ask for location information only if you must have it. Then use it only for what customers might expect, instead of tricking them into sharing their personal data with every advertiser.

Notification Fatigue

For some thirty years, we have been lamenting the misuse and overuse of pop-up dialog boxes. Somehow, mobile designers have taken the wrong lesson from this and now happily design a notification layer at the top of a page, an upsell at the bottom, and a dialog box on top of everything.

On an app’s installation or a user’s first visit to a Web site or first use of an app, many insist on telling users way too much about themselves. Permissions, app tours, upsells, and in-app purchases—and, far too often, trickery. That AccuWeather dialog box in Figure 2 might seem like they are being open and honest, but all apps ask for permissions, so I bet no one reads this, and users aren’t aware that they’ve just explicitly given permission for location-based advertising.

The Pinterest app, which is shown in Figure 3, provides an even better example. It has a drawer, in which the user must confirm her email address, on top of the second of two banners informing users about privacy-policy changes, and all of this after several other permissions pop-up dialog boxes and onboarding steps.

Look closely at that drawer. You’ll see a checkbox—and it’s preselected, of course.

Users’ natural inclination has always been to get rid of every dialog box as quickly as possible and get back to the actual app or Web site so they can get to what they want to do. In this case, we can expect that most people would just tap Save without reading to get on with using the app.

This dark pattern takes advantage of that typical behavior in the hope that users won’t think too hard about granting permissions, sharing all their contact info, or agreeing to receive promotional email messages all the time.

Limiting Mobile Functionality

I never thought we’d be having this discussion in 2019, but many organizations still think of the mobile experience is an offshoot, so make some functions or information available only on the desktop Web site.

As the fitness-tracking service Strava famously revealed in 2018, they had let private data leak out, allowing things such secret military bases to be found. This occurred because they allowed the sharing of too much data by default, then hid the settings on mobile, displaying them only on the desktop Web site. The vast majority of their users spent all of their time in the mobile app, so didn’t know this was happening. They couldn’t have known this even if they had gone to the app settings to check settings for locational privacy and sharing.

Strava have since added most settings to the mobile app and no longer shares location information by default. Most—but their Training Log sharing settings, for one, do not appear in the mobile app.

Strava is a tool with independent sharing functions, but they are not visible on mobile. While the app now defaults to private location information, the popups that appear on the Web site were designed with the best dark patterns in mind—a big Accept button and a tiny Dismiss button—so it’s all too easy to accidentally share that information. A user could visit the Web site once and accidentally share location information, then use only the mobile app going forward and never again have a way of seeing that there is a data leak.

Do-or-Die Permissions

Many apps start out by presenting some permissions, then if the user rejects them, close. While some of these permissions are marginally understandable—for example, accepting Terms and Conditions—many seem unnecessary and, by closing the app, causing errors, or loading the permissions over and over, these apps push users into accepting permissions they neither need nor want.

Users can get into the AccuWeather app after rejecting permissions, but if they actually try to do anything, they’ll run into roadblocks. Trying to load the menu to see what the app can do displays the message “A location is required to use this application,” as shown in Figure 4.

But this is not actually true. Other weather apps allow manual location entry. If you look at this message closely, there’s a way to provide location information manually as well. It’s small and grayed out, but it actually works. Once the user does that, the app generally works.

But the app doesn’t want the user to enter this information manually, so it doesn’t try to be helpful. Instead, it tries to trick the user into providing fine location data—elsewhere, it refers to using GPS for location—that is not necessary, implying the app won’t even run without it.

On the menu in Zillow, there’s a convenient-looking Nearby Open Houses item. This might be a useful feature for those spending time driving around to look at houses on a Sunday. But if the user clicks it and hasn’t previously agreed to share location information, a permission dialog box appears, as shown in Figure 5.

Denying permission simply closes the dialog box, leaving the user still staring at the menu. No fallback is provided. Plus, we know location information isn’t necessary. Their Web site also has an open-house search tool that doesn’t ask for location at all. The user can just type or scroll to an area and see open houses. So the mobile app is going out of its way to trick users into sharing precise location information.

Remember, not only might people want their own locational privacy, they could be trying to help someone remotely or be seeking information on someplace they’ll be in the future. So not only is requiring location information unhelpful, it overlaps with the overuse of sensor data.

Such attempts to get users to reveal private data are not just tricky, they fail to meet the needs of every user. Whoever rejects sharing information or giving permissions should be allowed to do so. Then, whatever services you can provide with less data or with manually entered information should work as well as possible.

Unclear or Impossible Touch Interactions

From dark patterns on the Web, we’re all familiar with popups or ads with a close X that is so small it’s hard to click, and the user misses so gets a full-screen signup form or a loud video ad.

Just as with notifications, mobile makes this dark pattern worse. Mouse users can slow down to achieve greater accuracy, so have started to learn how bad the tricky ads are. But touch has accuracy limits so mobile users are left out of this. For example, Figure 6 shows an all too typical advertising banner at the bottom of a news article.

While it does provide a close icon, the touch area of the close icon is approximately 30 times too small. Adding to the darkness of this pattern, the button is on top of the banner, so some 80% of misses would cause the banner’s link destination to load. This is precisely what the user does not want, but this dark pattern drives clicks and, therefore, revenue to the Web site.

Many Web sites try to tell users to download their app instead. I’ve been in meetings where people have proposed this solution, with all good intent on the part of most of them. While users would have a better experience using the app, it’s hard to justify suggesting that people aren’t aware these apps exist. Implementing a banner such as the one Medium uses becomes a fully dark pattern, as shown in Figure 7.

Despite the banner’s having a prominent Open in App button and formatting like that for a notification—tricking users into automatic acceptance by dismissing the banner—the button is actually meaningless. Clicking anywhere on the banner opens the app store, enabling the user to download the app and, eventually, perhaps read the article there.

At the far left of the banner is a close icon that is far too small for the user to easily click it, so most clicks would open the banner-link’s destination rather than dismissing the banner. Not recognizing that this dark pattern is at play, those looking at analytics would celebrate the huge number of users clicking to get the app, believing they are doing a good thing.

The Waze App Tour is typical of these sorts of tour interstitials. It tries to force the user down the continue path to see all features, then often to agree to things they don’t want to do. The close icon shown in Figure 8 is bigger than usual—although still too small and unlabeled—but its placement is very odd.

Close and cancel functions should either be in the corner or presented as the opposite of a positive action. In this case, the close button is not near anything in particular, plus it is practically completely grayed out, while the GO button has a button shape, making it more prominent. 

Suddenly Not Mobile

As I’ve said many times before, we need to create mobile experiences that are mobile specific. For example, they should use contact intents instead of Web forms. But a lot of mobile apps still fall apart around the edges, linking to other channels very badly.

In many apps, navigating to read legal or customer-care information takes the user to an organization’s Web site. Sometimes it just opens a browser and shows a desktop view, but some apps—such as Flipboard, which is shown in Figure 9—embed the page in a WebView.

Although it’s a perfectly good tactic to include WebViews in apps, many app developers do this poorly. In this case, the app-development team forgot to tell the Web-development team they were doing this, so the whole Web site appears, with a second masthead and title. Plus, if the user opens the menu, the app indicates that the user is not logged in.

In relation to personal privacy settings, this approach could cause a disconnect that risks the user making uninformed choices. Even simply not considering the type and format of content means it’s nearly impossible for users to read the content and find the information they need to be informed users.

But the content could be even more poorly formatted. Consider the Web-site checkout process of Fastenal, an industrial supplier, shown in part in Figure 10.

The entire Web site is a poor attempt at responsive design, with many parts that do not fit on a page, wrap oddly, or disappear, making their content unreadable. In this case, what are apparently important disclaimers are not readable. But since the reader cannot read the content, how does he know what he is missing, accidentally agreeing to, or signing up for?

Ethical and Legal Design

You might argue that the last example is not really a dark pattern because it happens by accident, more or less. But think about the whole structure, which allows these sorts of things to exist. Often, there’s no deliberate attempt to make an app, site, or function hard to use; it just transpires that way because teams are not paying attention to broader issues.

I have worked on many projects whose goal was to increase sales, because analytics showed lower-than-expected close rates. But does anyone think about revisiting a page design because people inadvertently sign up for email blasts or accept sharing their contacts more than expected? On the page shown in Figure 10, a preselected checkbox for signing up for package insurance might be invisible, so they are effectively tricking people into spending money on something they didn’t truly agree to purchase. This is not ethical design

I’ve, by no means, provided a comprehensive list of mobile dark patterns—just a few wide-ranging examples to help make sure you’re keeping your ethical obligations in mind. UX design takes its name from our intent to keep the user in mind. Even when it’s not obvious how a design solution might be misused, misunderstood, or abused, as in some of these examples, your intent should be to do the right thing for users.

Remember, this isn’t some niche design-only discussion. Many people are noticing these ethical violations, including regulators, lawmakers, and courts. The move to prevent dark patterns has already started, with laws around accessibility covering some cases and other laws being proposed specifically to prohibit dark patterns. If technology companies don’t regulate themselves, governments will do it for them. 

Resources

Mathur, Arunesh, Gunes Acar, Michael Friedman, Elena Lucherini, Jonathan Mayer, Marshini Chetty, and Arvind Narayanan. “Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites.” Proceedings of the ACM Conference on Human-Computer Interaction (CHI 2019). Glasgow, Scotland: Association for Computing Machinery, 2019. Retrieved October 20, 2019.

Luguri, Jamie, and Lior Strahilevitz. “Shining a Light on Dark Patterns.” University of Chicago Coase-Sandor Institute for Law & Economics Research Paper No. 879. Chicago, Illinois: University of Chicago, August 1, 2019. Retrieved October 20, 2019.

Hsu, Jeremy. “The Strava Heat Map and the End of Secrets.” Wired, January 29, 2018. Retrieved October 20, 2019.

Hoober, Steven. “Understanding Location.” UXmatters, March 5, 2018. Retrieved October 20, 2019.

Ekblom, Jonas. “Internet Users Must Actively Consent to Use of Cookies, EU Court Rules.” Reuters, October 1, 2019. Retrieved October 20, 2019.