Use of Ratings from Personalized Communities for Trustworthy Application Installation

The problem of identifying inappropriate software is a daunting one for ordinary users. The two currently prevalent methods are intrinsically centralized: certification of "good" software by platform vendors and flagging of "bad" software by antivirus vendors or other global entities. However, because appropriateness has cultural and social dimensions, centralized means of signaling appropriateness is ineffective and can lead to habituation (user clicking-through warnings) or disputes (users discovering that certified software is inappropriate). In this work, we look at the possibility of relying on inputs from personalized communities (consisting of friends and experts whom individual users trust) to avoid installing inappropriate software. Drawing from theories, we developed a set of design guidelines for a trustworthy application installation process. We had an initial validation of the guidelines through an online survey; we verified the high relevance of information from a personalized community and found strong user motivation to protect friends and family members when know of digital risks. We designed and implemented a prototype system on the Nokia N810 tablet. In addition to showing risk signals from personalized community prominently, our prototype installer deters unsafe actions by slowing the user down with habituation-breaking mechanisms. We conducted also a hands-on evaluation and verified the strength of opinion communicated through friends over opinion by online community members.

[1]  D. Kahneman Maps of Bounded Rationality , 2002 .

[2]  C. Heath Symbian OS Platform Security , 2006 .

[3]  Valtteri Niemi,et al.  Trust Indication's Influence on Mobile Application Usage - Comparison of Results Achieved in Finland and China , 2009 .

[4]  Deirdre K. Mulligan,et al.  Noticing notice: a large-scale experiment on the timing of software license agreements , 2007, CHI.

[5]  S. Frederick Heuristics and Biases: Automated Choice Heuristics , 2002 .

[6]  Laurent Itti,et al.  Beyond bottom-up: Incorporating task-dependent influences into a computational model of spatial attention , 2007, 2007 IEEE Conference on Computer Vision and Pattern Recognition.

[7]  Andreas P. Heiner,et al.  Secure software installation in a mobile environment , 2007, SOUPS '07.

[8]  D. Kahneman Maps of Bounded Rationality: Psychology for Behavioral Economics , 2003 .

[9]  P. Lazarsfeld,et al.  The people's choice. , 1945 .

[10]  E. Rogers,et al.  Diffusion of Innovations, 5th Edition , 2003 .

[11]  Ka-Ping Yee,et al.  Aligning Security and Usability , 2004, IEEE Secur. Priv..

[12]  L. Jean Camp,et al.  Reliable Usable Signals to Prevent Masquerade Attacks , 2006, WEIS.

[13]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[14]  H. Aarts,et al.  Habits as knowledge structures: Automaticity in goal-directed behavior , 2000 .

[15]  Walter Schneider,et al.  Controlled & automatic processing: behavior, theory, and biological mechanisms , 2003, Cogn. Sci..

[16]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[17]  José Carlos Brustoloni,et al.  Improving security decisions with polymorphic and audited dialogs , 2007, SOUPS '07.

[18]  David E. Meyer,et al.  Executive control of cognitive processes in task switching. , 2001 .

[19]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[20]  Bruce Schneier Census of cyberspace censoring , 2008, Nature.

[21]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[22]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[23]  R. Burt The Social Capital of Opinion Leaders , 1999 .

[24]  L. Jean Camp Reliable Usable Signals to Prevent Masquerade Attacks , 2006 .

[25]  David T. Neal,et al.  Habits—A Repeat Performance , 2006 .

[26]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[27]  Thomas W. Calvert,et al.  Moving Icons: Detection and Distraction , 2001, INTERACT.

[28]  J. Lupiáñez,et al.  A review of attentional capture: On its automaticity and sensitivity to endogenous control. , 2002 .

[29]  Tyler Moore,et al.  Evaluating the Wisdom of Crowds in Assessing Phishing Websites , 2008, Financial Cryptography.