The Effects of Security Framing, Time Pressure, and Brand Familiarity on Risky Mobile Application Downloads

The current study examined the effects of security system framing, time pressure, and brand familiarity on mobile application download behaviors, with an emphasis on risk taking. According to the Prospect Theory, people tend to engage in irrational decision making, and make qualitatively different decisions when information is framed in terms of gains and losses (i.e., the framing effect). Past research has used this framing effect to guide the design of a risk display for mobile applications (apps), with the purpose of communicating the potential risks and minimizing insecure app selections. Time pressure has been shown to influence the framing effect in both hypothetical choices in lab settings as well as with consumer purchases, and brand familiarity has been shown to affect consumers’ purchase behaviors. Neither factor has been studied in the context of risk communication for mobile app. The current study addressed this gap in the literature and examined the effects of time pressure and brand familiarity on the effectiveness of risk displays (framed as safety or risks) for mobile apps. Specifically, users’ choices were recorded as a measure of effective risk displays. The findings from this study indicated that users rely heavily on brand familiarity when downloading apps. We also showed that security scores, especially when framed as safety, were effective at guiding choice, though this advantage of safety framing was not present when users made decisions under time pressure. The implications from the study indicate that people implicitly trust brands they recognize, safety framed security can be helpful, and decision-making processes change under time pressure

Reducing risk to security and privacy in the selection of trigger-action rules: Implicit vs. explicit priming for domestic smart devices

Smart home device usage is increasing, as is the diversity of users and range of devices. Additionally, it is becoming increasingly common to interconnect devices (e.g., via trigger-action rules) which, while bringing benefits, can bring unforeseen security and privacy risks. Developing strategies to protect users as well as understanding what biographical or attitudinal characteristics contribute to these risks is a critical step for ensuring empowered, but safe, interconnected smart device usage. Using narrative descriptions of domestic smart devices, two experiments explored how the prevailing security/privacy contexts—priming conditions—in which 20 trigger-action rules (developed via a Delphi Study) were presented influenced the adoption of rules favoring either security or privacy. Both experiments contrasted three priming conditions: no prime, security prime, privacy prime. Experiment 1 (n = 254) used explicit priming, giving direct instruction to maximize a security or privacy outcome while Experiment 2 (n = 325) used implicit priming, with an apparently unrelated security or privacy problem-solving puzzle. Across both experiments, priming promoted safer rule adoption, markedly so when explicit. Explicit priming produced an asymmetry however: privacy priming improved privacy scores with security scores unchanged and security primes improved security scores while worsening privacy scores. Across experiments, two dimensions of user attitudes shaped riskier rule choice: perceived benefits of technology and pre-existing trusting beliefs in online companies. Our novel findings reveal that implicit and explicit priming shape safe use of trigger-action rules in domestic settings and that age, perceived trust and perceived benefits should be considered when designing safety messaging