MORI: An Innovative Mobile Applications Data Risk Assessment Model

The daily activities of mobile device users range from making calls and texting to accessing mobile applications, such as mobile banking and online social networks. Mobile phones are able to create, store, and process different types of data, and these data, whether personal, business, or governmental, are related to the owner of the mobile device. More specifically, user activities, such as posting on Facebook, is sensitive and confidential processes with varying degrees of social risk. The current point-of-entry authentication mechanisms, however, consider all applications on the mobile device as if they had the same level of importance; thus maintaining a single level of security for all applications, without any further access control rules. In this research, we argue that on a single mobile application there are different processes operating on the same data, with different social risks based on the user’s actions. More specifically, the unauthorised disclosure or modification of mobile applications data has the potential to lead to a number of undesirable consequences for the user, which in turn means that the risk is changing within the application. Thus, there is no single risk for using a single application. Accordingly, there is a severe lack of protection for user data stored in mobile phones due to the lack of further authentication or differentiated protection beyond the point-of-entry. To remedy that failing, this paper has introduced a new risk assessment model for mobile applications data, called MORI (Mobile Risk) that determines the risk level for each process on a single application. The findings demonstrate that this model has introduced a risk matrix which helps to move the access control system from the application level to the intra- process application level, based on the risk for the user action being performed on these processes

Conceivable security risks and authentication techniques for smart devices

With the rapidly escalating use of smart devices and fraudulent transaction of users’ data from their devices, efficient and reliable techniques for authentication of the smart devices have become an obligatory issue. This paper reviews the security risks for mobile devices and studies several authentication techniques available for smart devices. The results from field studies enable a comparative evaluation of user-preferred authentication mechanisms and their opinions about reliability, biometric authentication and visual authentication techniques

Reengineering the user: Privacy concerns about personal data on smartphones.

Purpose: This paper aims to discuss the privacy and security concerns that have risen from the permissions model in the Android operating system, along with two shortcomings that have not been adequately addressed. Design/methodology/approach: The impact of the applications’ evolutionary increment of permission requests from both the user’s and the developer’s point of view is studied, and finally, a series of remedies against the erosion of users’ privacy is proposed. Findings: The results of this work indicate that, even though providing access to personal data of smartphone users is by definition neither problematic nor unlawful, today’s smartphone operating systems do not provide an adequate level of protection for the user’s personal data. However, there are several ideas that can significantly improve the situation and mitigate privacy concerns of users of smart devices. Research limitations/implications: The proposed approach was evaluated through an examination of the Android’s permission model, although issues arise in other operating systems. The authors’ future intention is to conduct a user study to measure the user’s awareness and concepts surrounding privacy concerns to empirically investigate the above-mentioned suggestions. Practical implications: The proposed suggestions in this paper, if adopted in practice, could significantly improve the situation and mitigate privacy concerns of users of smart devices. Social implications: The recommendations proposed in this paper would strongly enhance the control of users over their personal data and improve their ability to distinguish legitimate apps from malware or grayware. Originality/value: This paper emphasises two shortcomings of the permissions models of mobile operating systems which, in authors’ view, have not been adequately addressed to date and propose an inherent way for apps and other entities of the mobile computing ecosystem to commit to responsible and transparent practices on mobile users’ privacy

Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities

Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.Ope

Designing and Evaluating the Use of Smartphones to Facilitate Online Testing in Second-Language Teacher Education (SLTE): An Auto-Ethnographic Study

Abstract—This paper reports on an auto-ethnographic study of the use of smartphones to facilitate online testing in the context of second-language teacher education (SLTE). A total of 54 pre-service teachers participated in the study. Preliminary data were collected through observation and written reflection, and additional data were gathered from interviews and students’ web activity logs to enable triangulation. Thematic analysis was carried out on the qualitative data. The findings show that smartphones are a viable electronic tool to facilitate online testing in an SLTE context. More importantly, using Moodle as an online test platform meets both teachers’ and students’ needs with respect to aspects such as design, test structure and online testing activity. The study also highlights some benefits and challenges of employing sequential and multiple- attempt test modes and providing delayed feedback on online tests. The implications of these findings are discussed, with suggestions for further research in the field

Data protection in a smart city bike system: the example of Turku

This study aims at analysing the data protection measures necessary in the city of Turku’s bike system. The city of Turku, Finland, has launched a city bike service, handled by the public transportation service ‘Föli’ and providing 300 bikes for rental all over the city. This new city feature makes Turku attractive, easily discoverable, eco-friendly and smart. For the purpose of this thesis, Turku is even considered as a smart city, as together with other smart services the city bikes allow for smart transportation and enhances urban life. Yet, as smart as the city can be, data protection should not be despised. The new General Data Protection Regulation 2016/679 (GDPR), enforceable on May 25th 2018, changes the rules for processing personal data and organisations are required to get compliant with it. Compliance with the GDPR encompasses several aspects, both from a technical and a legal point of view. This thesis analyses Turku’s city bike system and particularly all the steps requiring processing of personal data. This paper examines the possible technical risks, the actors involved and their liability under the GDPR, the applicable data protection requirements as well as the possible solutions for a smooth processing of personal data. The research has been made in concertation with Turku’s city bike system team with the aim of identifying the legal steps necessary to this system for a lawful processing of personal data

The design and evaluation of a user-centric information security risk assessment and response framework

Abstract: The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioral-related factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks

Accessibility of mobile applications for tourism - is equal access a reality?

With the increasing use of smartphones in people’s daily lives, mobile accessibility has become a key factor for them. Tourism is one of the sectors that has benefited the most from this growth but has not yet reached its full potential as accessibility has not yet been fully exploited. The main goal of this study is to assess accessibility in mobile applications for the tourism sector. Thus, 14 mobile applications were analyzed, using a manual and automatic methodology through the proposal of an evaluation model divided by quantitative and qualitative requirements, as well as the use of features such as VoiceOver and TalkBack. The results show a high overall number of errors in most quantitative requirements as well as non-compliance with most qualitative requirements. On iPhone 4, “Viseu – Guia da Cidade” was the application with the highest rating, while on Wiko GOA, it was the “JiTT.Travel Funchal” application. In turn, on iPhone 6 Plus, iPhone XR, Nokia 5.1 and OnePlus 6 devices, the best results were achieved by the “Viseu – Guia da Cidade,” “JiTT.Travel Funchal” and “TUR4all” applications. Regarding the accessibility of mobile applications on different versions of the same mobile operating system, it was concluded that there are no differences in their accessibility on both operating systems (iOS and Android). Finally, regarding the accessibility of applications on smartphones with different screen sizes, there are also no differences in their accessibility.This work is financed by the ERDF—European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation—COMPETE 2020 Programme, and by National Funds through the Portuguese funding agency, FCT-Fundação para a Ciência e a Tecnologia within project POCI-01-0145-FEDER-031309 entitled “PromoTourVR-Promoting Tourism Destinations with Multisensory Immersive Media.”info:eu-repo/semantics/publishedVersio

Exploring the adoption of physical security controls in smartphones

The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user’s data from unauthorized physical access. We conducted a survey to measure their adoption and the rea-sons behind users’ selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access