This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Effective Risk Communication for Android Apps
PrePrint
ISSN: 1545-5971
Christopher S. Gates, Purdue University, West Lafayette
Jing Chen, Purdue University, West Lafayette
Ninghui Li, Purdue University, West Lafayette
Robert W. Proctor, Purdue University, West Lafayette
The popularity and advanced functionality of mobile devices has made them attractive targets for malicious and intrusive applications (apps). Although strong security measures are in place for most mobile systems, the area where these systems often fail is the reliance on the user to make decisions that impact the security of a device. As our prime example, Android relies on users to understand the permissions that an app is requesting and to base the installation decision on the list of permissions. Previous research has shown that this reliance on users is ineffective, as most users do not understand or consider the permission information. We propose a solution that leverages a method to assign a risk score to each app and display a summary of that information to users. Results from four experiments are reported in which we examine the effects of introducing summary risk information and how best to convey such information to a user. Our results show that the inclusion of risk-score information has significant positive effects in the selection process and can also lead to more curiosity about security-related information.
Index Terms:
User-centered design,Security and Privacy Protection,User/Machine Systems
Citation:
Christopher S. Gates, Jing Chen, Ninghui Li, Robert W. Proctor, "Effective Risk Communication for Android Apps," IEEE Transactions on Dependable and Secure Computing, 17 Dec. 2013. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2013.58>
Usage of this product signifies your acceptance of the Terms of Use.