To address insufficient individual capability and regulatory gaps in mobile privacy and security governance, this study proposes and empirically validates a novel “community-based collaborative oversight” paradigm. We designed and deployed the CO-oPS mobile application to enable trusted social peers (e.g., family members, colleagues) to jointly audit installed apps and permission grants, fostering collective privacy stewardship. A four-cycle field experiment involving 22 communities and 101 participants, complemented by mixed-method evaluation (quantitative metrics + in-depth interviews), provides the first empirical evidence of its real-world feasibility. Key findings indicate significant improvements in transparency, perceived trust, privacy behavior awareness, and collaborative engagement; critically, digital literacy disparities emerged as a key moderating factor influencing participation in collective oversight. This work advances privacy governance theory and practice by shifting emphasis from individual accountability toward socially embedded, cooperative models.

Mobile privacy and security can be a collaborative process where individuals seek advice and help from their trusted communities. To support such collective privacy and security management, we developed a mobile app for Community Oversight of Privacy and Security ("CO-oPS") that allows community members to review one another's apps installed and permissions granted to provide feedback. We conducted a four-week-long field study with 22 communities (101 participants) of friends, families, or co-workers who installed the CO-oPS app on their phones. Measures of transparency, trust, and awareness of one another's mobile privacy and security behaviors, along with individual and community participation in mobile privacy and security co-management, increased from pre- to post-study. Interview findings confirmed that the app features supported collective considerations of apps and permissions. However, participants expressed a range of concerns regarding having community members with different levels of technical expertise and knowledge regarding mobile privacy and security that can impact motivation to participate and perform oversight. Our study demonstrates the potential and challenges of community oversight mechanisms to support communities to co-manage mobile privacy and security.