research-article

Measuring user confidence in smartphone security and privacy

Authors:

Adrienne Porter Felt,

David WagnerAuthors Info & Claims

SOUPS '12: Proceedings of the Eighth Symposium on Usable Privacy and Security

Article No.: 1, Pages 1 - 16

https://doi.org/10.1145/2335356.2335358

Published: 11 July 2012 Publication History

Abstract

In order to direct and build an effective, secure mobile ecosystem, we must first understand user attitudes toward security and privacy for smartphones and how they may differ from attitudes toward more traditional computing systems. What are users' comfort levels in performing different tasks? How do users select applications? What are their overall perceptions of the platform? This understanding will help inform the design of more secure smartphones that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms.

To gain insight into user perceptions of smartphone security and installation habits, we conduct a user study involving 60 smartphone users. First, we interview users about their willingness to perform certain tasks on their smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second, we analyze why and how they select applications, which provides information about how users decide to trust applications. Based on our findings, we present recommendations and opportunities for services that will help users safely and confidently use mobile applications and platforms.

References

[1]

Apple's Mac App Store downloads top 100 million. http://www.apple.com/pr/library/2011/12/12Apples-Mac-App-Store-Downloads-Top-100-Million.html.

[2]

Google announces Bouncer service. http://googlemobile.blogspot.com/2012/02/android-and-security.html.

[3]

Mobile application stores state of play. http://www.distimo.com/blog/2010_02_ourpresentation-from-mobile-world-congres-2010-mobile-application-stores-state-ofplay/.

[4]

Most smartphone users browse, shop online with their phones. http://www.marketstrategies.com/news/2068/1/Most-Smartphone-Users-Browse-Shop-Online-With-Their-Phones.aspx.

[5]

Pew: Smartphones overtake feature phones among adults in the U. S. http://www.bgr.com/2012/03/02/pewsmartphones-overtake-feature-phonesamong-adults-in-the-u-s/.

[6]

Privacy policy infographic. http://selectout.org/blog/privacy-policy-infographic/.

[7]

Shopping behavior on phones. http://www.richrelevance.com/blog/2011/12/richrelevance-holiday-shopping-studymobile-matters/.

[8]

Smartphone, tablet sales outpace PC growth. http://graphics.thomsonreuters.com/12/02/GLB_TECHMKTB0212_SC.html.

[9]

Top-5 Antivirus for Android. http://www.techclap.com/9486/top-5-free-antivirus-android-phone/.

[10]

Why Eric Schmidt's prediction about Android vs. iOS development is dead wrong. http://www.networkworld.com/community/blog/why-eric-schmidts-prediction-aboutandroid-vs-ios-development-dead-wrong.

[11]

D. Anthony, D. Kotz, and T. Henderson. Privacy in location-aware computing environments. IEEE Pervasive Computing, 6(4):64--72, 2007.

Digital Library

[12]

P. Bao, J. Pierce, S. Whittaker, and S. Zhai. Smart phone use by non-mobile business users. In Proc. of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), 2011.

Digital Library

[13]

L. Barkhuus. Privacy in location-based services, concern vs. coolness. In Proc. of the Workshop on Location System Privacy and Control, 2004.

[14]

L. Barkhuus and A. Dey. Location-based services for mobile telephony: a study of users' privacy concerns. In Proc. of INTERACT, 2003.

[15]

N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, and S. Möller. On the need for different security methods on mobile phones. In Proc. of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), 2011.

Digital Library

[16]

R. Boehme and S. Kopsell. Trained to accept?: A field experiment on consent dialogs. In Proc. of ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), 2010.

Digital Library

[17]

C. Breen. Do you need antivirus software? http://www.macworld.com/article/137397/2008/12/doyouneedantivirus.html.

[18]

S. Consolvo, I. E. Smith, T. Matthews, A. LaMarca, J. Tabert, and P. Powledge. Location disclosure to social relations: Why, when, & what people want to share. In Proc. of the ACM SIGCHI conference on Human Factors in Computing Systems (CHI), 2005.

Digital Library

[19]

D. Cvrcek, M. Kumpost, V. Matyas, and G. Danezis. A study on the value of location privacy. In Proc. of the 2006 Workshop on Privacy in an Electronic Society (WPES), 2006.

Digital Library

[20]

G. Danezis, S. Lewis, and R. Anderson. How much is location privacy worth? In Proceedings of the Workshop on the Economics of Information Security Series (WEIS), 2005.

[21]

S. Egelman, J. Tsai, L. F. Cranor, and R. Acquisti. Timing is everything?: The effects of timing and placement of online privacy indicators. In Proc. of the 27th International Conference on Human Factors in Computing Systems (CHI), 2009.

Digital Library

[22]

H. Falaki, R. Mahajan, S. Kandula, D. Lymberopoulos, R. Govindan, and D. Estrin. Diversity in smartphone usage. In Proc. of the International Conference on Mobile Systems, Applications, and Services (MobiSys), 2010.

Digital Library

[23]

A. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner. A survey of mobile malware in the wild. In Proc. of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2011.

Digital Library

[24]

J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proc. of the 2006 Symposium on Usable Privacy and Security, pages 133--144, July 2006.

Digital Library

[25]

N. Good, R. Dhamija, J. Grossklags, S. Aronovitz, D. Thaw, D. Mulligan, and J. Konstan. Stopping spyware at the gate: A user study of privacy, notice and spyware. In Proc. of the Symposium On Usable Privacy and Security (SOUPS), 2005.

Digital Library

[26]

G. Iachello, I. Smith, S. Consolvo, M. Chen, and G. D. Abowd. Developing privacy guidelines for social location disclosure applications and services. In Proc. of the Symposium on Usable Privacy and Security (SOUPS), 2005.

Digital Library

[27]

K. Niinuma, U. Park, and A. Jain. Soft biometric traits for continuous user authentication. IEEE Transactions on Information Forensics and Security, 2010.

Digital Library

[28]

A. K. Karlson, B. R. Meyers, A. Jacobs, P. Johns, and S. K. Kane. Working overtime: Patterns of smartphone and pc usage in the day of an information worker. Pervasive Computing, 5538:398--405, 2009.

Digital Library

[29]

M. Kassner. Android security apps playing catch-up to malcode. http://www.techrepublic.com/blog/security/android-security-apps-playingcatch-up-to-malcode/6534.

[30]

T. Matthews, J. Pierce, and J. Tang. No smart phone is an island: The impact of places, situations, and other devices on smart phone use. Research Report RJ10452 IBM, 2009.

[31]

T. Mitchell. Machine Learning. McGraw-Hill.

[32]

M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel. Semantically rich application-centric security in Android. In Proc. of the 25th Annual Computer Security Applications Conference (ACSAC), December 2009.

Digital Library

[33]

H. Pilz and S. Schindler. Are free Android virus scanners any good? http://www.avtest.org/fileadmin/pdf/avtest_2011-11_free_android_virus_scanner_english.pdf.

[34]

S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. Cranor, J. Hong, and E. Nunge. Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In Proc. of the Symposium On Usable Privacy and Security (SOUPS), 2007.

Digital Library

[35]

N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao. Understanding and capturing people's privacy policies in a mobile social networking application. Personal and Ubiquitous Computing, 13(6):401--412, 2009.

Digital Library

[36]

E. Toch, J. Cranshaw, P. Hankes-Drielsma, J. Springfield, P. Kelley, L. Cranor, J. Hong, and N. Sadeh. Locaccino: A privacy-centric location sharing application. In Proc. of the 12th ACM International Conference Adjunct Papers on Ubiquitous Computing, 2010.

Digital Library

[37]

I. Traore and A. Ahmed. Continuous authentication using biometrics: Data, models, and metrics. http://my.safaribooksonline.com/book/-/9781613501290.

Digital Library

[38]

J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The effect of online privacy information on purchasing behavior: An experimental study. In Proc. of the Workshop on the Economics of Information Security, 2007.

[39]

R. Wash. Folk models of home computer security. In Proc. of the Symposium on Usable Privacy and Security (SOUPS), 2010.

Digital Library

[40]

J. Wiese, P. G. Kelley, L. F. Cranor, L. Dabbish, J. I. Hong, and J. Zimmerman. Are you close with me? Are you nearby?: Investigating social groups, closeness, and willingness to share. In Proc. of the 13th International Conference on Ubiquitous Computing, 2011.

Digital Library

[41]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off of my market: Detecting malicious apps in official and alternative Android markets. In Proc. of the 19th Annual Network and Distributed System Security Symposium (NDSS), 2012.

Cited By

Shiau WLiu CCheng XYu W(2024)Employees' Behavioral Intention to Adopt Facial Recognition Payment to Service CustomersJournal of Organizational and End User Computing10.4018/JOEUC.35989436:1(1-32)Online publication date: 31-Oct-2024
https://doi.org/10.4018/JOEUC.359894
Yıldırım MDemirer V(2024)A Scale Development and Application Study on Smartphone Security AwarenessGazi University Journal of Science10.35378/gujs.1427984Online publication date: 15-Jun-2024
https://doi.org/10.35378/gujs.1427984
Saeed S(2024)Usable Privacy and Security in Mobile Applications: Perception of Mobile End Users in Saudi ArabiaBig Data and Cognitive Computing10.3390/bdcc81101628:11(162)Online publication date: 18-Nov-2024
https://doi.org/10.3390/bdcc8110162
Show More Cited By

Index Terms

Measuring user confidence in smartphone security and privacy

Recommendations

Replication: Measuring User Perceptions in Smartphone Security and Privacy in Germany
EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

In 2021, smartphones are ubiquitous and offer numerous possibilities. Previous work found that the interaction of people with smartphones is influenced by the perception of the devices’ security and privacy. Therefore, it is important to learn about ...
Detecting repackaged smartphone applications in third-party android marketplaces
CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy

Recent years have witnessed incredible popularity and adoption of smartphones and mobile devices, which is accompanied by large amount and wide variety of feature-rich smartphone applications. These smartphone applications (or apps), typically organized ...
A survey on smartphone user’s security choices, awareness and education
Abstract
Smartphones contain a significant amount of personal data. Additionally, they are always in the user’s possession, which allows them to be abused for tracking (e.g., GPS, Bluetooth or WiFi tracking). In order to not reveal private ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '12: Proceedings of the Eighth Symposium on Usable Privacy and Security

July 2012

216 pages

ISBN:9781450315326

DOI:10.1145/2335356

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2012 Authors.

Sponsors

Carnegie Mellon University: Carnegie Mellon University

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 July 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOUPS '12

Sponsor:

Carnegie Mellon University

SOUPS '12: Symposium On Usable Privacy and Security

July 11 - 13, 2012

Washington, D.C.

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

231
Total Citations
View Citations
5,282
Total Downloads

Downloads (Last 12 months)205
Downloads (Last 6 weeks)19

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shiau WLiu CCheng XYu W(2024)Employees' Behavioral Intention to Adopt Facial Recognition Payment to Service CustomersJournal of Organizational and End User Computing10.4018/JOEUC.35989436:1(1-32)Online publication date: 31-Oct-2024
https://doi.org/10.4018/JOEUC.359894
Yıldırım MDemirer V(2024)A Scale Development and Application Study on Smartphone Security AwarenessGazi University Journal of Science10.35378/gujs.1427984Online publication date: 15-Jun-2024
https://doi.org/10.35378/gujs.1427984
Saeed S(2024)Usable Privacy and Security in Mobile Applications: Perception of Mobile End Users in Saudi ArabiaBig Data and Cognitive Computing10.3390/bdcc81101628:11(162)Online publication date: 18-Nov-2024
https://doi.org/10.3390/bdcc8110162
Muhammad ILiman MAbah JMoses TAgushaka J(2024)BANKS SHORT MESSAGE SERVICE THREATS NOTIFICATION SYSTEM ON ANDROID BASED PHONEFUDMA JOURNAL OF SCIENCES10.33003/fjs-2024-0802-23398:2(46-58)Online publication date: 30-Apr-2024
https://doi.org/10.33003/fjs-2024-0802-2339
Windl MSchlegel MMayer S(2024)Exploring Users' Mental Models and Privacy Concerns During Interconnected InteractionsProceedings of the ACM on Human-Computer Interaction10.1145/36765048:MHCI(1-23)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1145/3676504
Shah RCemiloglu DYucel CAli RKatos V(2024)Is cyber hygiene a remedy to IPTV infringement? A study of online streaming behaviours and cyber security practicesInternational Journal of Information Security10.1007/s10207-024-00824-023:3(1913-1926)Online publication date: 6-Mar-2024
https://doi.org/10.1007/s10207-024-00824-0
Teodorescu C(2024)An Analysis About Smartphone Usage and Security in Europe: Trends and InsightsProceedings of 22nd International Conference on Informatics in Economy (IE 2023)10.1007/978-981-99-6529-8_20(231-247)Online publication date: 3-Feb-2024
https://doi.org/10.1007/978-981-99-6529-8_20
Akter MTabassum MMiazi NAlghamdi LKropczynski JWisniewski PLipford HKelley PKapadia A(2023)Evaluating the impact of community oversight for managing mobile privacy and securityProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632210(437-456)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632210
Pincho PMessias IAlturas B(2023)User Perceptions About Online Personal Data TransmissibilityConfronting Security and Privacy Challenges in Digital Marketing10.4018/978-1-6684-8958-1.ch007(140-158)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-8958-1.ch007
Chen JParker C(2023)Framing Security Under Time Pressure: Brand Familiarity Matters for Mobile Application ChoicesJournal of Cognitive Engineering and Decision Making10.1177/1555343423120011917:4(383-404)Online publication date: 22-Sep-2023
https://doi.org/10.1177/15553434231200119
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents