EFFECTIVE RISK COMMUNICATION FOR ANDROID APPS
Abstract
The popularity and advanced functionality of mobile devices has made them
attractive targets for malicious and intrusive applications (apps). Although
strong security measures are in place for most mobile systems, the area where
these systems often fail is the reliance on the user to make decisions that
impact the security of a device. As our prime example, Android relies on users
to understand the permissions that an app is requesting and to base the
installation decision on the list of permissions. Previous research has shown
that this reliance on users is ineffective, as most users do not understand or
consider the permission information. We propose a solution that leverages a
method to assign a risk score to each app and display a summary of that
information to users. Results from four experiments are reported in which we
examine the effects of introducing summary risk information and how best to
convey such information to a user. Our results show that the inclusion of
risk-score information has significant positive effects in the selection
process and can also lead to more curiosity about security-related information.
No comments:
Post a Comment