Mobile application security: Role of perceived privacy as the predictor of security perceptions

Abstract Despite mobile applications being at the frontier of mobile computation technologies, security issues pose a threat to their adoption and diffusion. Recent studies suggest that security violations could be mitigated through improved security behaviors and attitudes, not just through better technologies. Existing literature on behavioral security suggests that one of the main predictors of users’ perceptions of security is their perceived privacy concerns. Using communication privacy management theory (CPM), this study examines the effects of privacy-related perceptions, such as privacy risk and the effectiveness of privacy policies, on the security perceptions of mobile app users. To empirically test the proposed theoretical model, two survey studies were conducted using mobile apps requesting less sensitive information (n = 487) and more sensitive information (n = 559). The findings show that the perceived privacy risk negatively influences the perceived security of the mobile apps; the perceived effectiveness of a privacy policy positively influences user perceptions of mobile app security; and perceived privacy awareness moderates the effect of perceived privacy risk on the perceived security of mobile apps. The results also suggest that users have different privacy-security perceptions based on the information sensitivity of the mobile apps. Theoretical and practical implications are discussed.

[1]  Edith G. Smit,et al.  The privacy trade-off for mobile app downloads: The roles of app value, intrusiveness, and privacy concerns , 2018, Decis. Support Syst..

[2]  Daniel R. Horne,et al.  The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors , 2007 .

[3]  S. Petronio Boundaries of Privacy: Dialectics of Disclosure , 2002 .

[4]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[5]  Peter Buxmann,et al.  Handle with care: How online social network providers' privacy policies impact users' information sharing behavior , 2015, J. Strateg. Inf. Syst..

[6]  H. Marsh,et al.  Structural Equation Models of Latent Interactions: Clarification of Orthogonalizing and Double-Mean-Centering Strategies , 2010 .

[7]  Paul Benjamin Lowry,et al.  Limited Information and Quick Decisions: Consumer Privacy Calculus for Mobile Applications , 2016, AIS Trans. Hum. Comput. Interact..

[8]  Pernille Wegener Jessen,et al.  Profiling the mobile customer - Privacy concerns when behavioural advertisers target mobile phones - Part I , 2010, Comput. Law Secur. Rev..

[9]  Rajiv Sabherwal,et al.  Usability of Apps and Websites: A Meta-Regression Study , 2017, AMCIS.

[10]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[11]  W. Dunlap,et al.  Testing Interaction Effects in LISREL: Examination and Illustration of Available Procedures , 2001 .

[12]  Vess Johnson,et al.  Limitations to the rapid adoption of M-payment services: Understanding the impact of privacy risk on M-Payment services , 2018, Comput. Hum. Behav..

[13]  Younghoon Chang,et al.  Determinants of continuance intention to use the smartphone banking services: An extension to the expectation-confirmation model , 2016, Ind. Manag. Data Syst..

[14]  Paul Benjamin Lowry,et al.  Information Disclosure on Mobile Devices: Re-Examining Privacy Calculus with Actual User Behavior , 2013, Int. J. Hum. Comput. Stud..

[15]  Katia Passerini,et al.  "Fool me once, shame on you... then, I learn." An examination of information disclosure in social networking sites , 2018, Comput. Hum. Behav..

[16]  Andrea Everard,et al.  Privacy Concerns Versus Desire for Interpersonal Awareness in Driving the Use of Self-Disclosure Technologies: The Case of Instant Messaging in Two Cultures , 2011, J. Manag. Inf. Syst..

[17]  Detmar W. Straub,et al.  Validation Guidelines for IS Positivist Research , 2004, Commun. Assoc. Inf. Syst..

[18]  C. Fornell,et al.  Evaluating Structural Equation Models with Unobservable Variables and Measurement Error , 1981 .

[19]  Garry Wei-Han Tan,et al.  Mobile technology acceptance model: An investigation using mobile users to explore smartphone credit card , 2016, Expert Syst. Appl..

[20]  Rajiv Sabherwal,et al.  How reliable are self-assessments using mobile technology in healthcare? The effects of technology identity and self-efficacy , 2019, Comput. Hum. Behav..

[21]  Christian Fernando Libaque Saenz,et al.  The role of privacy policy on consumers' perceived privacy , 2018, Gov. Inf. Q..

[22]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[23]  J. Hair Multivariate data analysis , 1972 .

[24]  Blaize Horner Reich,et al.  Using Mechanical Turk Data in IS Research: Risks, Rewards, and Recommendations , 2017, Commun. Assoc. Inf. Syst..

[25]  Tom L. Roberts,et al.  Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders , 2014, Inf. Manag..

[26]  Heng Xu,et al.  Information Privacy Research: An Interdisciplinary Review , 2011, MIS Q..

[27]  Rajiv Sabherwal,et al.  Mobile Applications Security: Role of Privacy , 2018, AMCIS.

[28]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[29]  Dan J. Kim,et al.  Self-Perception-Based Versus Transference-Based Trust Determinants in Computer-Mediated Transactions: A Cross-Cultural Comparison Study , 2008, J. Manag. Inf. Syst..

[30]  S EastinMatthew,et al.  Living in a big data world , 2016 .

[31]  Paul A. Pavlou,et al.  Understanding and Mitigating Uncertainty in Online Exchange Relationships: A Principal-Agent Perspective , 2007, MIS Q..

[32]  Heng Xu,et al.  Information privacy and correlates: an empirical attempt to bridge and distinguish privacy-related concepts , 2013, Eur. J. Inf. Syst..

[33]  Mayuram S. Krishnan,et al.  The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to be Profiled Online for Personalization , 2006, MIS Q..

[34]  Xin Luo,et al.  Examining multi-dimensional trust and multi-faceted risk in initial acceptance of emerging technologies: An empirical study of mobile banking services , 2010, Decis. Support Syst..

[35]  Varun Grover,et al.  Why Do Users Continue to Use Mobile Cloud Computing Applications? A Security-Privacy , 2018 .

[36]  France Bélanger,et al.  Determinants of early conformance with information security policies , 2017, Inf. Manag..

[37]  Garry L. White,et al.  Analysis of Protective Behavior and Security Incidents for Home Computers , 2017, J. Comput. Inf. Syst..

[38]  Fatemeh Zahedi,et al.  Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China , 2016, MIS Q..

[39]  H. Marsh,et al.  Structural equation models of latent interactions: evaluation of alternative estimation strategies and indicator construction. , 2004, Psychological methods.

[40]  Ronald E. Rice,et al.  Mediated disclosure on Twitter: The roles of gender and identity in boundary impermeability, valence, disclosure, and stage , 2013, Comput. Hum. Behav..

[41]  Juan José García,et al.  The importance of perceived trust, security and privacy in online trading systems , 2009, Inf. Manag. Comput. Secur..

[42]  WashingtonRonald,et al.  Limitations to the rapid adoption of M-payment services , 2018 .

[43]  Gaurav Bansal,et al.  Distinguishing between Privacy and Security Concerns: An Empirical Examination and Scale Validation , 2017, J. Comput. Inf. Syst..

[44]  P. Bentler,et al.  Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternatives , 1999 .

[45]  Tom L. Roberts,et al.  Proposing the online community self-disclosure model: the case of working professionals in France and the U.K. who use online communities , 2010, Eur. J. Inf. Syst..

[46]  Ritu Agarwal,et al.  The Digitization of Healthcare: Boundary Risks, Emotion, and Consumer Willingness to Disclose Personal Health Information , 2011, Inf. Syst. Res..

[47]  David Gefen,et al.  The role of privacy assurance mechanisms in building trust and the moderating role of privacy concern , 2015, Eur. J. Inf. Syst..

[48]  Rajiv Sabherwal,et al.  Mobile technology identity and self-efficacy: Implications for the adoption of clinically supported mobile health apps , 2019, Int. J. Inf. Manag..

[49]  Hock-Hai Teo,et al.  The Role of Push-Pull Technology in Privacy Calculus: The Case of Location-Based Services , 2009, J. Manag. Inf. Syst..

[50]  Rajiv Sabherwal,et al.  Mobile Cloud-Computing Applications: A Privacy Cost-Benefit Model , 2017, AMCIS.

[51]  Zilong Liu,et al.  How to regulate individuals' privacy boundaries on social network sites: A cross-cultural comparison , 2018, Inf. Manag..

[52]  David C. Yen,et al.  The effect of online privacy policy on consumer privacy concern and trust , 2012, Comput. Hum. Behav..

[53]  Tamara Dinev,et al.  An Extended Privacy Calculus Model for E-Commerce Transactions , 2006, Inf. Syst. Res..

[54]  Tom L. Roberts,et al.  Insiders' Protection of Organizational Information Assets: Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors , 2013, MIS Q..

[55]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[56]  Vincenzo Russo,et al.  Privacy calculus model in e-commerce – a study of Italy and the United States , 2006, Eur. J. Inf. Syst..

[57]  Heng Xu,et al.  Information Privacy Concerns: Linking Individual Perceptions with Institutional Privacy Assurances , 2011, J. Assoc. Inf. Syst..

[58]  Njål Foldnes,et al.  The choice of product indicators in latent variable interaction models: post hoc analyses. , 2014, Psychological methods.

[59]  Wanda J. Orlikowski,et al.  Studying Information Technology in Organizations: Research Approaches and Assumptions , 1991, Inf. Syst. Res..

[60]  Paul Benjamin Lowry,et al.  The role of mobile‐computing self‐efficacy in consumer information disclosure , 2015, Inf. Syst. J..

[61]  Matthew S. Eastin,et al.  Living in a big data world: Predicting mobile commerce activity through privacy concerns , 2016, Comput. Hum. Behav..

[62]  Rajiv Sabherwal,et al.  A Privacy-Security Model of Mobile Cloud Computing Applications , 2017, ICIS.

[63]  Fatemeh Zahedi,et al.  Trust-Discount Tradeoff in Three Contexts: Frugality Moderating Privacy and Security Concerns , 2014, J. Comput. Inf. Syst..

[64]  James Y. L. Thong,et al.  Internet Privacy Concerns: An Integrated Conceptualization and Four Empirical Studies , 2013, MIS Q..

[65]  Lesley Pek Wee Land,et al.  The effects of general privacy concerns and transactional privacy concerns on Facebook apps usage , 2016, Inf. Manag..

[66]  OoiKeng-Boon,et al.  Mobile technology acceptance model , 2016 .

[67]  M. A. Harris,et al.  Identifying factors influencing consumers' intent to install mobile applications , 2016, Int. J. Inf. Manag..

[68]  Hairong Li,et al.  Consumer Privacy Concerns and Preference for Degree of Regulatory Control , 2009 .

[69]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[70]  Enrique Bonsón,et al.  Influence of trust and perceived value on the intention to purchase travel online: Integrating the effects of assurance on trust antecedents , 2015 .

[71]  Georgios Kambourakis,et al.  Mobile Application Security , 2014, Computer.

[72]  Rathindra Sarathy,et al.  The role of affect and cognition on online consumers' decision to disclose personal information to unfamiliar online vendors , 2011, Decis. Support Syst..

[73]  Norman Shaw,et al.  The non-monetary benefits of mobile commerce: Extending UTAUT2 with perceived value , 2019, Int. J. Inf. Manag..

[74]  Naresh K. Malhotra,et al.  Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model , 2004, Inf. Syst. Res..

[75]  Sandra Petronio,et al.  Communication Privacy Management , 2016 .

[76]  Dong-Hee Shin,et al.  The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption , 2010, Interact. Comput..

[77]  Dan Jong Kim,et al.  Revisiting the role of web assurance seals in business-to-consumer electronic commerce , 2008, Decis. Support Syst..

[78]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[79]  Hamid Reza Peikari,et al.  The determinants of individuals' perceived e-security: Evidence from Malaysia , 2014, Int. J. Inf. Manag..