Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users’ security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users’ behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals’ awareness of the consequences of security threats. By comparing participants’ behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users’ security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones.

[1]  Elizabeth Stobert,et al.  The Password Life Cycle: User Behaviour in Managing Passwords , 2014, SOUPS.

[2]  Kim-Kwang Raymond Choo,et al.  Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users , 2014, Behav. Inf. Technol..

[3]  William Golden,et al.  Linking Threat Avoidance and Security Adoption: A Theoretical Model For SMEs , 2015, Bled eConference.

[4]  Tiwari Mohini,et al.  Review on Android and Smartphone Security , 2013 .

[5]  S. Briggs,et al.  Assessing the five-factor model of personality description. , 1992, Journal of personality.

[6]  Kim-Kwang Raymond Choo,et al.  Forensic taxonomy of android productivity apps , 2017, Multimedia Tools and Applications.

[7]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[8]  Kim-Kwang Raymond Choo,et al.  Android mobile VoIP apps: a survey and examination of their security and privacy , 2016, Electron. Commer. Res..

[9]  Kim-Kwang Raymond Choo,et al.  A Study of Ten Popular Android Mobile VoIP Applications: Are the Communications Encrypted? , 2014, 2014 47th Hawaii International Conference on System Sciences.

[10]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[11]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[12]  Ingo Bente Towards a Network-based Approach for Smartphone Security , 2013 .

[13]  Jay Chen,et al.  Exploring Internet Security Perceptions and Practices in Urban Ghana , 2014, SOUPS.

[14]  Kim-Kwang Raymond Choo,et al.  Privacy Risks in Mobile Dating Apps , 2015, AMCIS.

[15]  Ali Dehghantanha,et al.  Cloud storage forensics: MEGA as a case study , 2017 .

[16]  Dimitris Gritzalis,et al.  Delegate the smartphone user? Security awareness in smartphone platforms , 2013, Comput. Secur..

[17]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[18]  Lorrie Faith Cranor,et al.  The Privacy and Security Behaviors of Smartphone App Developers , 2014 .

[19]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[20]  Rick Wash,et al.  Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users , 2015, SOUPS.

[21]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[22]  Mansour Alsaleh,et al.  A model for evaluating the security and usability of e-banking platforms , 2017, Computing.

[23]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[24]  Kim-Kwang Raymond Choo,et al.  Forensic analysis and security assessment of Android m-banking apps , 2018 .

[25]  Lin Liu,et al.  DIGITAL & MULTIMEDIA SCIENCES , 2016 .

[26]  Ali Dehghantanha,et al.  Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices , 2016 .

[27]  Qing Hu,et al.  User behavior toward preventive technologies - cultural differences between the United States and South Korea , 2006, ECIS.

[28]  Blase Ur,et al.  Biometric authentication on iPhone and Android: Usability, perceptions, and influences on adoption , 2015 .

[29]  Teodor Sommestad,et al.  A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour , 2015, Int. J. Inf. Secur. Priv..

[30]  Norman M. Sadeh,et al.  Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing , 2012, UbiComp.

[31]  Lynne Baillie,et al.  Why aren't Users Using Protection? Investigating the Usability of Smartphone Locking , 2015, MobileHCI.

[32]  Robert LaRose,et al.  Understanding online safety behaviors: A protection motivation theory perspective , 2016, Comput. Secur..

[33]  David A. Wagner,et al.  Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[34]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[35]  Sebastian Möller,et al.  On the need for different security methods on mobile phones , 2011, Mobile HCI.

[36]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[37]  Qing Hu,et al.  The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies , 2007, J. Assoc. Inf. Syst..

[38]  Linda Little,et al.  Unpacking Security Policy Compliance: The Motivators and Barriers of Employees' Security Behaviors , 2015, SOUPS.

[39]  Mansour Alsaleh,et al.  Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic Review , 2017, IEEE Communications Surveys & Tutorials.

[40]  Christian Matt,et al.  Sweet Idleness, but Why? How Cognitive Factors and Personality Traits Affect Privacy-Protective Behavior , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[41]  Laura A. Dabbish,et al.  The Effect of Social Influence on Security Sensitivity , 2014, SOUPS.

[42]  Kim-Kwang Raymond Choo,et al.  Can Android VoIP voice conversations be decoded? I can eavesdrop on your Android VoIP communication , 2017, Concurr. Comput. Pract. Exp..

[43]  Li-Chiou Chen,et al.  A security risk perception model for the adoption of mobile devices in the healthcare industry , 2019, Security Journal.

[44]  Neal Leavitt,et al.  Mobile Security: Finally a Serious Problem? , 2011, Computer.

[45]  Yu Andy Wu,et al.  Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective , 2016, Inf. Syst. Manag..

[46]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[47]  Florence Mwagwabi,et al.  A protection motivation theory approach to improving compliance with password guidelines , 2015 .

[48]  Daniel Vogel,et al.  Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying , 2015, SOUPS.

[49]  Charlie Miller,et al.  Mobile Attacks and Defense , 2011, IEEE Security & Privacy.

[50]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[51]  Alex Pentland,et al.  Social Information Leakage: Effects of Awareness and Peer Pressure on User Behavior , 2014, HCI.

[52]  I. Ajzen Attitudes, Personality and Behavior , 1988 .

[53]  Konstantin Beznosov,et al.  Understanding Users' Requirements for Data Protection in Smartphones , 2012, 2012 IEEE 28th International Conference on Data Engineering Workshops.

[54]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[55]  Kim-Kwang Raymond Choo,et al.  Enhancing User Privacy on Android Mobile Devices via Permissions Removal , 2014, 2014 47th Hawaii International Conference on System Sciences.

[56]  Kregg Aytes,et al.  A Research Model for Investigating Human Behavior Related to Computer Security , 2003, AMCIS.

[57]  Yajiong Xue,et al.  Avoidance of Information Technology Threats: A Theoretical Perspective , 2009, MIS Q..

[58]  Robert LaRose,et al.  Keeping our network safe: a model of online protection behaviour , 2008, Behav. Inf. Technol..

[59]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[60]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[61]  Daniele Sgandurra,et al.  A Survey on Security for Mobile Devices , 2013, IEEE Communications Surveys & Tutorials.

[62]  Yufei Yuan,et al.  Understanding User's Behaviors in Coping with Security Threat of Mobile Devices Loss and Theft , 2012, 2012 45th Hawaii International Conference on System Sciences.

[63]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[64]  Pau-Chen Cheng,et al.  Perceived Security Risks in Mobile Interaction , 2013 .

[65]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..