For Mobile Users, Positive Safety Messages More Effective Than Security Warnings

Ratings of the security risks associated with smartphone apps affect users' decisions whether to install those apps, but information about the safety of an app is more effective than information about its risks, according to researchers from Purdue University.

The report, "Effective Risk Communication for Android Apps," was published in the May-June issue of IEEE Transactions on Dependable and Secure Computing. The researchers examined the effects of including information about app permissions on users' decisions to install apps. They tested the effectiveness of including summary risk information and tested various methods of conveying that information to determine which approach was most effective.

Although most mobile systems have strong security measures in place, they often rely on users to make decisions that affect the security of the device, according to the authors. When users install apps, they may unwittingly give permission for malicious or intrusive apps to track their location and monitor their phone calls and text messages, including authentication messages used by secure sites. According to the researchers, users install these malicious apps without realizing the risks because they don't understand the permissions the app is requesting.

The researchers focused on the Android operating system, which includes more than 200 app permissions, many of which "do not make sense to the average user or at best require time and considerable mental effort to comprehend," according to information on the National Science Foundation site, which funded the project. While users pay some attention to permissions, they also consider average ratings, number of downloads and user comments. Higher quality apps tend to get higher ratings, and users tend to submit comments about the security and privacy of an app.

Current app permissions are designed for the app developers, rather than the users, Ninghui Li, one of the researchers told NSF. Based on the results of their experiments, the researchers believe it would be more effective to display a risk score for each app because it would make the risk more obvious to users and provide an incentive for developers to reduce their use of personal information when developing apps. They also believe the inclusion of risk scores could increase user curiosity about security information and cause them to pay more attention to the warnings.

However, the researchers also found that people tend to pay more attention to safety information than risk information. The reason may be that users tend to base their decision to install an app on other positive information about it, such as the user ratings, number of downloads and user comments, so it follows that a positive safety rating is more compatible with the decision-making process than a negative risk rating.

The full report, "Effective Risk Communication for Android Apps," can be found in the May-June issue of IEEE Transactions on Dependable and Secure Computing.

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at [email protected].

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • abstract image of fragmented, floating geometric shapes with holographic lock icons and encrypted code, set against a dark, glitchy background with intersecting circuits and swirling light trails

    Education Sector a Top Target for Mobile Malware Attacks

    Mobile and IoT/OT cyber threats continue to grow in number and complexity, becoming more targeted and sophisticated, according to a new report from Zscaler.

  • An abstract depiction of a virtual reality science class featuring two silhouetted figures wearing VR headsets

    University of Nevada Las Vegas to Build VR Learning Hub for STEM Courses

    A new immersive learning center at the University of Nevada, Las Vegas is tapping into the power of virtual reality to support STEM engagement and student success. The institution has partnered with Dreamscape Learn on the initiative, which will incorporate the company's interactive VR platform into introductory STEM courses.

  • Campus Technology Product Award

    Call for Entries: 2024 Campus Technology Product Awards

    The entry period for the 2024 Campus Technology Product Awards is now open.