Online Security Attack Experience and Worries of Young Adults in the Kingdom of Saudi Arabia

Online security attacks are a worldwide issue, and increasing rapidly in the Middle East. Much of the research on the human aspects of online security has been conducted in developing countries, and although there have been a number of studies in the Kingdom of Saudi Arabia (KSA), none of which compared experiences of users in different cultures. This study investigated the experiences and worries about online security attacks of 45 young adults in KSA and compared them with a previous study of young adults in the UK. Saudi young adults were most likely to have encountered phishing attacks and least likely to have encountered ransomware attacks. Their worries grouped into Theft Worries and Phishing Worries. These results were very similar to those found in the previous study in the UK, in spite of differences in the educational level, self-reported online security knowledge and ability to identify security attacks between the two samples. This suggests that online security attacks and the resulting worries are more international than might be predicted

Empirical Studies on Secure Development and Usage of Mobile Health Applications

Mobile technologies, comprising portable devices, context-sensitive software applications, and wireless networking protocols, are being increasingly adopted to exploit services offered for pervasive computing platforms. The utilisation of mobile health (mHealth) apps in the healthcare domain has become a promising tool to improve and support delivering health services in a pervasive manner. mHealth apps enable health professionals and providers to monitor their patients remotely (e.g., managing patients with chronic diseases). mHealth apps enable expanding healthcare coverage (e.g., reaching places where little or no healthcare is available). Furthermore, mHealth apps were used to reduce the spread of disease and infection (e.g., the Covid-19 tracking apps). The use of mHealth apps will enhance the quality of healthcare, reduce the cost, and more convenient for patients. The security of mHealth apps becomes a significant concern due to the privacy and integrity of health-critical data. The interest of attackers in healthcritical data (medical records, clinical reports, disease symptoms, etc.) has increased due to its value in the ‘black market’ as well as the social, legal, and financial consequences of compromised data. This thesis focuses on understanding the security of mHealth apps based on (a) developers' and (b) end-users perspectives by conducting a set of empirical studies. To empirically investigate the existing research, a systematic literature review (SLR) was conducted to gain a deeper understanding of the security challenges, which hinder the development of secure mHealth apps. Based on the findings of the SLR, first, we conducted a survey-based study - involving 97 mHealth apps developers from 25 countries and six continents to investigate the practitioners’ perspectives on security challenges, practices, and motivational factors that help developers to ensure the security of mHealth apps. Second, we conducted survey research - involving 101 endusers from two Saudi Arabian health providers to examine their security awareness about using clinical mHealth apps. We complement the end-users research by conducting an attack simulation study - involving 105 end-users from 14 countries and five continents to investigate their security behaviours when using mHealth apps. The empirical studies in this thesis contribute to (i) providing developers' perspectives on critical challenges, best practices, and motivating factors that support the engineering and development of emerging and next-generation secure mHealth apps; (ii) providing empirical evidence and a set of guidelines to facilitate researchers, practitioners, and stakeholders to develop and adopt secure mHealth apps for clinical practices and public health; (iii) providing empirical evidence using action-driven measurement on human security behaviour when using mHealth apps, and presented the potential mechanisms that lead end-users to make improper security decisions.Thesis (Ph.D.) -- University of Adelaide, School of Computer Science, 202