32 research outputs found
MORI: An Innovative Mobile Applications Data Risk Assessment Model
The daily activities of mobile device users range
from making calls and texting to accessing mobile
applications, such as mobile banking and online
social networks. Mobile phones are able to create,
store, and process different types of data, and these
data, whether personal, business, or governmental,
are related to the owner of the mobile device. More
specifically, user activities, such as posting on
Facebook, is sensitive and confidential processes
with varying degrees of social risk. The current
point-of-entry authentication mechanisms,
however, consider all applications on the mobile
device as if they had the same level of importance;
thus maintaining a single level of security for all
applications, without any further access control
rules. In this research, we argue that on a single
mobile application there are different processes
operating on the same data, with different social
risks based on the userâs actions. More specifically,
the unauthorised disclosure or modification of
mobile applications data has the potential to lead
to a number of undesirable consequences for the
user, which in turn means that the risk is changing
within the application. Thus, there is no single risk
for using a single application. Accordingly, there is
a severe lack of protection for user data stored in
mobile phones due to the lack of further
authentication or differentiated protection beyond
the point-of-entry. To remedy that failing, this
paper has introduced a new risk assessment model
for mobile applications data, called MORI (Mobile
Risk) that determines the risk level for each process
on a single application. The findings demonstrate
that this model has introduced a risk matrix which
helps to move the access control system from the
application level to the intra- process application
level, based on the risk for the user action being
performed on these processes
Conceivable security risks and authentication techniques for smart devices
With the rapidly escalating use of smart devices and fraudulent transaction of usersâ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques
Reengineering the user: Privacy concerns about personal data on smartphones.
Purpose: This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed.
Design/methodology/approach: The impact of the applicationsâ evolutionary increment of permission requests from both the userâs and the developerâs point of view is studied, and finally, a series of remedies against the erosion of usersâ privacy is proposed.
Findings: The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, todayâs smartphone operating systems do not provide an adequate level of protection for the userâs personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices.
Research limitations/implications: The proposed approach was evaluated through an examination of the Androidâs permission model, although issues arise in other operating systems. The authorsâ future intention is to conduct a user study to measure the userâs awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions.
Practical implications: The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices.
Social implications: The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware.
Originality/value: This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authorsâ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile usersâ privacy
Mapping Risk Assessment Strategy for COVID-19 Mobile Appsâ Vulnerabilities
Recent innovations in mobile technologies are playing an important
and vital role in combating the COVID-19 pandemic. While mobile appsâ
functionality plays a crucial role in tackling the COVID-19 spread, it is also
raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.Ope
Designing and Evaluating the Use of Smartphones to Facilitate Online Testing in Second-Language Teacher Education (SLTE): An Auto-Ethnographic Study
AbstractâThis paper reports on an auto-ethnographic study of the use of
smartphones to facilitate online testing in the context of second-language teacher
education (SLTE). A total of 54 pre-service teachers participated in the
study. Preliminary data were collected through observation and written reflection,
and additional data were gathered from interviews and studentsâ web activity
logs to enable triangulation. Thematic analysis was carried out on the
qualitative data. The findings show that smartphones are a viable electronic tool
to facilitate online testing in an SLTE context. More importantly, using Moodle
as an online test platform meets both teachersâ and studentsâ needs with respect
to aspects such as design, test structure and online testing activity. The study also
highlights some benefits and challenges of employing sequential and multiple-
attempt test modes and providing delayed feedback on online tests. The implications
of these findings are discussed, with suggestions for further research
in the field
Data protection in a smart city bike system: the example of Turku
This study aims at analysing the data protection measures necessary in the city of Turkuâs bike system. The city of Turku, Finland, has launched a city bike service, handled by the public transportation service âFöliâ and providing 300 bikes for rental all over the city. This new city feature makes Turku attractive, easily discoverable, eco-friendly and smart. For the purpose of this thesis, Turku is even considered as a smart city, as together with other smart services the city bikes allow for smart transportation and enhances urban life.
Yet, as smart as the city can be, data protection should not be despised. The new General Data Protection Regulation 2016/679 (GDPR), enforceable on May 25th 2018, changes the rules for processing personal data and organisations are required to get compliant with it. Compliance with the GDPR encompasses several aspects, both from a technical and a legal point of view.
This thesis analyses Turkuâs city bike system and particularly all the steps requiring processing of personal data. This paper examines the possible technical risks, the actors involved and their liability under the GDPR, the applicable data protection requirements as well as the possible solutions for a smooth processing of personal data. The research has been made in concertation with Turkuâs city bike system team with the aim of identifying the legal steps necessary to this system for a lawful processing of personal data
The design and evaluation of a user-centric information security risk assessment and response framework
Abstract: The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks
Accessibility of mobile applications for tourism - is equal access a reality?
With the increasing use of smartphones in peopleâs daily lives, mobile accessibility has become a key factor for them. Tourism
is one of the sectors that has benefited the most from this growth but has not yet reached its full potential as accessibility
has not yet been fully exploited. The main goal of this study is to assess accessibility in mobile applications for the tourism
sector. Thus, 14 mobile applications were analyzed, using a manual and automatic methodology through the proposal of an
evaluation model divided by quantitative and qualitative requirements, as well as the use of features such as VoiceOver and
TalkBack. The results show a high overall number of errors in most quantitative requirements as well as non-compliance
with most qualitative requirements. On iPhone 4, âViseu â Guia da Cidadeâ was the application with the highest rating, while
on Wiko GOA, it was the âJiTT.Travel Funchalâ application. In turn, on iPhone 6 Plus, iPhone XR, Nokia 5.1 and OnePlus
6 devices, the best results were achieved by the âViseu â Guia da Cidade,â âJiTT.Travel Funchalâ and âTUR4allâ applications.
Regarding the accessibility of mobile applications on different versions of the same mobile operating system, it was
concluded that there are no differences in their accessibility on both operating systems (iOS and Android). Finally, regarding
the accessibility of applications on smartphones with different screen sizes, there are also no differences in their accessibility.This work is financed by the ERDFâEuropean
Regional Development Fund through the Operational Programme
for Competitiveness and InternationalisationâCOMPETE 2020
Programme, and by National Funds through the Portuguese funding
agency, FCT-Fundação para a CiĂȘncia e a Tecnologia within project
POCI-01-0145-FEDER-031309 entitled âPromoTourVR-Promoting
Tourism Destinations with Multisensory Immersive Media.âinfo:eu-repo/semantics/publishedVersio
Exploring the adoption of physical security controls in smartphones
The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone userâs data from unauthorized physical access. We conducted a survey to measure their adoption and the rea-sons behind usersâ selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access