Expecting the Unexpected in Security Violations in Mobile Apps

personal data. This increased access and control may raise users’ perception of heightened privacy leakage and security issues. This is especially the case if users’ awareness and expectations of this external access and control is not accurately recognized through proper security declarations. This proposal thus attempts to put forth an investigation on the effect of mobile users’ privacy expectation disconfirmation on their continued usage intention of mobile apps sourced from app distribution stores. Drawing upon the APCO framework, security awareness literature and the expectation-disconfirmation perspective, two key types of security awareness information are identified; namely access annotation and modification annotation. It is noted that these types of information can be emphasized in app distribution stores to reduce subsequent privacy expectation disconfirmation. Hence, this study plans to examine the downstream effect of privacy expectation disconfirmation on users’ continued usage intention. To operationalize this research, a laboratory experiment will be conducted

Factors Affecting Users' Disclosure Decisions in Android Runtime Permissions Model

Today, Android users are faced with several permissions' screens asking to access their personal information when using Android apps. In fact, Android users have to balance several considerations when choosing to grant or deny these data collection activities. Hence, it is important to understand how users' decisions are made and what factors play a role in users' decisions. A number of studies on the permissions' screens of Android devices have reported users discomfort and misunderstanding of the permission system. However, most studies were carried out on the old permission system where all permissions are presented at installation time, and the user has to either accept all the permissions or stop the installation. With the new permission system started with Android version 6.0 and higher, permissions are presented differently at run time. In this work, we aim to study users' disclosure decisions with the new run time system on Android. We have modeled users' disclosure decisions from three perspectives: dangerous permission type, clarity of rationale, and clarity of context. The study has been conducted on Amazon Mechanical Turk. The results show that dangerous permission type as well as clarity of the context have a statistical significant effect on users' disclosure decisions. On the other hand, clarity of dangerous permission's rationale does not contribute significantly to users' decisions. These findings shed light upon important factors that users consider in making privacy decisions in the new Android run time model. Such factors should be taken into account by Android apps developers when requesting access to users' private information

Enhancing users\u27 experiences with mobile app stores: What do users see? What should they see?

Using mobile applications is one of the daily habits for most smartphone users. In order to select applications, individuals need to explore the apps stores. Apps’ exploration is disturbed by the way of illustrating the applications’ information. This dissertation consists of three studies that aimed to: 1) Investigate the users’ experience with the apps’ stores; 2) Collect the users’ needs and requirements in order to have a better experience with the interface of apps’ stores; 3) Propose and evaluate a new interface design for the apps’ stores. Different types of data collection methods were administered while proceeding with the phases of this dissertation. The first study was an exploratory study, which administered an online survey, where we had102 respondents. The second study, aimed to collect the design requirements, and we interviewed 16 individuals. The third study was the interface evaluation, where we also had 35 participants. Our results showed multiple factors that affect users’ experience while discovering applications on the apps’ store. Our findings suggested that the current interface design of apps’ stores needs revisions to help users to be aware of apps’ emerging features and issues. Moreover, we found that visual cues that illustrate apps’ information would be more effective to help users perceive specific information about apps. Furthermore, visual indicators would enhance users’ knowledge regarding some of the apps’ concerns. At the end of this research, we evaluated a proposed interface design that integrates the previous design recommendations. The evaluation results illustrated positive outputs in terms of users’ satisfaction and task-completion rate. The findings indicated that participants were delighted to experience the new way of interaction with the interface of apps’ store. We anticipate that users’ experience and their awareness towards the apps issue would be improved if apps’ stores considered adopting the proposed design concept

Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users

Over the years, the wide-spread usage of smartphones leads to large amounts of personal data being stored by them. These data, in turn, can be accessed by the apps installed on the smartphones, and potentially misused, jeopardizing the privacy of smartphone users. While the app stores provide indicators that allow an estimation of the privacy risks of individual apps, these indicators have repeatedly been shown as too confusing for the lay users without technical expertise. We have developed an information flyer with the goal of providing decision support for these users and enabling them make more informed decisions regarding their privacy upon choosing and installing smartphone apps. Our flyer is based on previous research in mental models of smartphone privacy and security and includes heuristics for choosing privacy-friendlier apps used by IT-Security experts. It also addresses common misconceptions of users regarding smartphones. The flyer was evaluated in a user study. The results of the study show, that the users who read the flyer tend to take privacy-relevant factors into account by relying on the heuristics in the flyer more often. Hence, the flyer succeeds in supporting users in making more informed privacy-related decisions

The Effects of Security Framing, Time Pressure, and Brand Familiarity on Risky Mobile Application Downloads

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect in both hypothetical choices in lab settings as well as with consumer purchases, and brand familiarity has been shown to affect consumers’ purchase behaviors. Neither factor has been studied in the context of risk communication for mobile app. The current study addressed this gap in the literature and examined the effects of time pressure and brand familiarity on the effectiveness of risk displays (framed as safety or risks) for mobile apps. Specifically, users’ choices were recorded as a measure of effective risk displays. The findings from this study indicated that users rely heavily on brand familiarity when downloading apps. We also showed that security scores, especially when framed as safety, were effective at guiding choice, though this advantage of safety framing was not present when users made decisions under time pressure. The implications from the study indicate that people implicitly trust brands they recognize, safety framed security can be helpful, and decision-making processes change under time pressure