ABSTRACT
In order to direct and build an effective, secure mobile ecosystem, we must first understand user attitudes toward security and privacy for smartphones and how they may differ from attitudes toward more traditional computing systems. What are users' comfort levels in performing different tasks? How do users select applications? What are their overall perceptions of the platform? This understanding will help inform the design of more secure smartphones that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms.
To gain insight into user perceptions of smartphone security and installation habits, we conduct a user study involving 60 smartphone users. First, we interview users about their willingness to perform certain tasks on their smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second, we analyze why and how they select applications, which provides information about how users decide to trust applications. Based on our findings, we present recommendations and opportunities for services that will help users safely and confidently use mobile applications and platforms.
- Apple's Mac App Store downloads top 100 million. http://www.apple.com/pr/library/2011/12/12Apples-Mac-App-Store-Downloads-Top-100-Million.html.Google Scholar
- Google announces Bouncer service. http://googlemobile.blogspot.com/2012/02/android-and-security.html.Google Scholar
- Mobile application stores state of play. http://www.distimo.com/blog/2010_02_ourpresentation-from-mobile-world-congres-2010-mobile-application-stores-state-ofplay/.Google Scholar
- Most smartphone users browse, shop online with their phones. http://www.marketstrategies.com/news/2068/1/Most-Smartphone-Users-Browse-Shop-Online-With-Their-Phones.aspx.Google Scholar
- Pew: Smartphones overtake feature phones among adults in the U. S. http://www.bgr.com/2012/03/02/pewsmartphones-overtake-feature-phonesamong-adults-in-the-u-s/.Google Scholar
- Privacy policy infographic. http://selectout.org/blog/privacy-policy-infographic/.Google Scholar
- Shopping behavior on phones. http://www.richrelevance.com/blog/2011/12/richrelevance-holiday-shopping-studymobile-matters/.Google Scholar
- Smartphone, tablet sales outpace PC growth. http://graphics.thomsonreuters.com/12/02/GLB_TECHMKTB0212_SC.html.Google Scholar
- Top-5 Antivirus for Android. http://www.techclap.com/9486/top-5-free-antivirus-android-phone/.Google Scholar
- Why Eric Schmidt's prediction about Android vs. iOS development is dead wrong. http://www.networkworld.com/community/blog/why-eric-schmidts-prediction-aboutandroid-vs-ios-development-dead-wrong.Google Scholar
- D. Anthony, D. Kotz, and T. Henderson. Privacy in location-aware computing environments. IEEE Pervasive Computing, 6(4):64--72, 2007. Google ScholarDigital Library
- P. Bao, J. Pierce, S. Whittaker, and S. Zhai. Smart phone use by non-mobile business users. In Proc. of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), 2011. Google ScholarDigital Library
- L. Barkhuus. Privacy in location-based services, concern vs. coolness. In Proc. of the Workshop on Location System Privacy and Control, 2004.Google Scholar
- L. Barkhuus and A. Dey. Location-based services for mobile telephony: a study of users' privacy concerns. In Proc. of INTERACT, 2003.Google Scholar
- N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, and S. Möller. On the need for different security methods on mobile phones. In Proc. of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), 2011. Google ScholarDigital Library
- R. Boehme and S. Kopsell. Trained to accept?: A field experiment on consent dialogs. In Proc. of ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2010. Google ScholarDigital Library
- C. Breen. Do you need antivirus software? http://www.macworld.com/article/137397/2008/12/doyouneedantivirus.html.Google Scholar
- S. Consolvo, I. E. Smith, T. Matthews, A. LaMarca, J. Tabert, and P. Powledge. Location disclosure to social relations: Why, when, & what people want to share. In Proc. of the ACM SIGCHI conference on Human Factors in Computing Systems (CHI), 2005. Google ScholarDigital Library
- D. Cvrcek, M. Kumpost, V. Matyas, and G. Danezis. A study on the value of location privacy. In Proc. of the 2006 Workshop on Privacy in an Electronic Society (WPES), 2006. Google ScholarDigital Library
- G. Danezis, S. Lewis, and R. Anderson. How much is location privacy worth? In Proceedings of the Workshop on the Economics of Information Security Series (WEIS), 2005.Google Scholar
- S. Egelman, J. Tsai, L. F. Cranor, and R. Acquisti. Timing is everything?: The effects of timing and placement of online privacy indicators. In Proc. of the 27th International Conference on Human Factors in Computing Systems (CHI), 2009. Google ScholarDigital Library
- H. Falaki, R. Mahajan, S. Kandula, D. Lymberopoulos, R. Govindan, and D. Estrin. Diversity in smartphone usage. In Proc. of the International Conference on Mobile Systems, Applications, and Services (MobiSys), 2010. Google ScholarDigital Library
- A. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proc. of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011. Google ScholarDigital Library
- J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proc. of the 2006 Symposium on Usable Privacy and Security, pages 133--144, July 2006. Google ScholarDigital Library
- N. Good, R. Dhamija, J. Grossklags, S. Aronovitz, D. Thaw, D. Mulligan, and J. Konstan. Stopping spyware at the gate: A user study of privacy, notice and spyware. In Proc. of the Symposium On Usable Privacy and Security (SOUPS), 2005. Google ScholarDigital Library
- G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. D. Abowd. Developing privacy guidelines for social location disclosure applications and services. In Proc. of the Symposium on Usable Privacy and Security (SOUPS), 2005. Google ScholarDigital Library
- K. Niinuma, U. Park, and A. Jain. Soft biometric traits for continuous user authentication. IEEE Transactions on Information Forensics and Security, 2010. Google ScholarDigital Library
- A. K. Karlson, B. R. Meyers, A. Jacobs, P. Johns, and S. K. Kane. Working overtime: Patterns of smartphone and pc usage in the day of an information worker. Pervasive Computing, 5538:398--405, 2009. Google ScholarDigital Library
- M. Kassner. Android security apps playing catch-up to malcode. http://www.techrepublic.com/blog/security/android-security-apps-playingcatch-up-to-malcode/6534.Google Scholar
- T. Matthews, J. Pierce, and J. Tang. No smart phone is an island: The impact of places, situations, and other devices on smart phone use. Research Report RJ10452 IBM, 2009.Google Scholar
- T. Mitchell. Machine Learning. McGraw-Hill.Google Scholar
- M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In Proc. of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009. Google ScholarDigital Library
- H. Pilz and S. Schindler. Are free Android virus scanners any good? http://www.avtest.org/fileadmin/pdf/avtest_2011-11_free_android_virus_scanner_english.pdf.Google Scholar
- S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In Proc. of the Symposium On Usable Privacy and Security (SOUPS), 2007. Google ScholarDigital Library
- N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao. Understanding and capturing people's privacy policies in a mobile social networking application. Personal and Ubiquitous Computing, 13(6):401--412, 2009. Google ScholarDigital Library
- E. Toch, J. Cranshaw, P. Hankes-Drielsma, J. Springfield, P. Kelley, L. Cranor, J. Hong, and N. Sadeh. Locaccino: A privacy-centric location sharing application. In Proc. of the 12th ACM International Conference Adjunct Papers on Ubiquitous Computing, 2010. Google ScholarDigital Library
- I. Traore and A. Ahmed. Continuous authentication using biometrics: Data, models, and metrics. http://my.safaribooksonline.com/book/-/9781613501290. Google ScholarDigital Library
- J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The effect of online privacy information on purchasing behavior: An experimental study. In Proc. of the Workshop on the Economics of Information Security, 2007.Google Scholar
- R. Wash. Folk models of home computer security. In Proc. of the Symposium on Usable Privacy and Security (SOUPS), 2010. Google ScholarDigital Library
- J. Wiese, P. G. Kelley, L. F. Cranor, L. Dabbish, J. I. Hong, and J. Zimmerman. Are you close with me? Are you nearby?: Investigating social groups, closeness, and willingness to share. In Proc. of the 13th International Conference on Ubiquitous Computing, 2011. Google ScholarDigital Library
- Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proc. of the 19th Annual Network and Distributed System Security Symposium (NDSS), 2012.Google Scholar
Index Terms
- Measuring user confidence in smartphone security and privacy
Recommendations
Replication: Measuring User Perceptions in Smartphone Security and Privacy in Germany
EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable SecurityIn 2021, smartphones are ubiquitous and offer numerous possibilities. Previous work found that the interaction of people with smartphones is influenced by the perception of the devices’ security and privacy. Therefore, it is important to learn about ...
Detecting repackaged smartphone applications in third-party android marketplaces
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and PrivacyRecent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized ...
A survey on smartphone user’s security choices, awareness and education
AbstractSmartphones contain a significant amount of personal data. Additionally, they are always in the user’s possession, which allows them to be abused for tracking (e.g., GPS, Bluetooth or WiFi tracking). In order to not reveal private ...
Comments