This study identifies significant cognitive biases among digital natives regarding privacy risks associated with location data sharing: over half (54%) underestimate the number of apps they have authorized to access location data, and a majority (57%) express surprise upon learning that sensitive inferences—such as frequently visited locations—can be derived from their trajectories. To bridge this comprehension gap, the paper introduces a novel mixed-method approach integrating pre- and post-intervention cognitive experiments with an explainable location inference demonstrator—capable of detecting停留 points and inferring venue categories—complemented by surveys, interviews, and real-world trajectory analysis. Empirical results demonstrate that visualized risk communication substantially enhances privacy awareness: 47% of participants pledged to reduce location permissions, and 51% indicated willingness to adopt recommended privacy-preserving behaviors. This work establishes an evidence-based foundation and a new user-cognition-centered paradigm for designing privacy-enhancing technologies.

Although mobile devices benefit users in their daily lives in numerous ways, they also raise several privacy concerns. For instance, they can reveal sensitive information that can be inferred from location data. This location data is shared through service providers as well as mobile applications. Understanding how and with whom users share their location data -- as well as users' perception of the underlying privacy risks --, are important notions to grasp in order to design usable privacy-enhancing technologies. In this work, we perform a quantitative and qualitative analysis of smartphone users' awareness, perception and self-reported behavior towards location data-sharing through a survey of n=99 young adult participants (i.e., digital natives). We compare stated practices with actual behaviors to better understand their mental models, and survey participants' understanding of privacy risks before and after the inspection of location traces and the information that can be inferred therefrom. Our empirical results show that participants have risky privacy practices: about 54% of participants underestimate the number of mobile applications to which they have granted access to their data, and 33% forget or do not think of revoking access to their data. Also, by using a demonstrator to perform inferences from location data, we observe that slightly more than half of participants (57%) are surprised by the extent of potentially inferred information, and that 47% intend to reduce access to their data via permissions as a result of using the demonstrator. Last, a majority of participants have little knowledge of the tools to better protect themselves, but are nonetheless willing to follow suggestions to improve privacy (51%). Educating people, including digital natives, about privacy risks through transparency tools seems a promising approach.