Effects of the Design of Mobile Security Notifications and Mobile App Usability on Users’ Security Perceptions and Continued-Use Intention

Abstract The explosive global adoption of mobile applications (i.e., apps) has been fraught with security and privacy issues. App users typically have a poor understanding of information security; worse, they routinely ignore security notifications designed to increase security on apps. By considering both mobile app interface usability and mobile security notification (MSN) design, we investigate how security perceptions of apps are formed and how these perceptions influence users’ intentions to continue using apps. Accordingly, we designed and conducted a set of controlled survey experiments with 317 participants in different MSN interface scenarios by manipulating the types of MSN interfaces (i.e., high vs. low disruption), the context (hedonic vs. utilitarian scenarios), and the degree of MSN intrusiveness (high vs. low intrusiveness). We found that both app interface usability and the design of MSNs significantly impacted users’ perceived security, which, in turn, has a positive influence on users’ intention to continue using the app. In addition, we identified an important conundrum: disruptive MSNs—a common approach to delivering MSNs—irritate users and negatively influence their perceptions of app security. Thus, our results directly challenge current practice. If these results hold, current practice should shift away from MSNs that interrupt task performance.

[1]  Bonnie Brinton Anderson,et al.  More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable , 2016, Inf. Syst. Res..

[2]  Ritu Agarwal,et al.  Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion , 2009, MIS Q..

[3]  H. Marsh,et al.  Application of confirmatory factor analysis to the study of self-concept: First- and higher order factor models and their invariance across groups. , 1985 .

[4]  Hairong Li,et al.  Forced Exposure and Psychological Reactance: Antecedents and Consequences of the Perceived Intrusiveness of Pop-Up Ads , 2002 .

[5]  Mikael Wiberg,et al.  Managing availability: Supporting lightweight negotiations to handle interruptions , 2005, TCHI.

[6]  Steve Benford,et al.  Effects of content and time of delivery on receptivity to mobile interruptions , 2010, Mobile HCI.

[7]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[8]  Ibrahim Arpaci,et al.  Understanding and predicting students' intention to use mobile cloud storage services , 2016, Comput. Hum. Behav..

[9]  Detmar W. Straub,et al.  Examining Trust in Information Technology Artifacts: The Effects of System Quality and Culture , 2008, J. Manag. Inf. Syst..

[10]  Stephen Flowerday,et al.  Smartphone information security awareness: A victim of operational pressures , 2014, Comput. Secur..

[11]  M. Zanna,et al.  The conflicted individual: personality-based and domain-specific antecedents of ambivalent social attitudes. , 1995, Journal of personality.

[12]  Kjell Grønhaug,et al.  The effect of ad value, ad placement and ad execution on the perceived intrusiveness of web advertisements , 2009 .

[13]  Alan Goode,et al.  Managing mobile security: How are we doing? , 2010, Netw. Secur..

[14]  Jakob E. Bardram,et al.  Dedicated workspaces: Faster resumption times and reduced cognitive load in sequential multitasking , 2016, Comput. Hum. Behav..

[15]  John C. Tang,et al.  Investigating Mobile Users' Ringer Mode Usage and Attentiveness and Responsiveness to Communication , 2015, MobileHCI.

[16]  Christopher D Wickens,et al.  Processing Resources in Attention, Dual Task Performance, and Workload Assessment. , 1981 .

[17]  Fahim Kawsar,et al.  The myth of subtle notifications , 2014, UbiComp Adjunct.

[18]  J. W. Hutchinson,et al.  Dimensions of Consumer Expertise , 1987 .

[19]  Mary Czerwinski,et al.  A diary study of task switching and interruptions , 2004, CHI.

[20]  Pin Luarn,et al.  Predicting consumer intention to use mobile service , 2006, Inf. Syst. J..

[21]  Mary Czerwinski,et al.  Notification, Disruption, and Memory: Effects of Messaging Interruptions on Memory and Performance , 2001, INTERACT.

[22]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[23]  Marc Hassenzahl,et al.  The Effect of Perceived Hedonic Quality on Product Appealingness , 2001, Int. J. Hum. Comput. Interact..

[24]  Dennis F. Galletta,et al.  What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors , 2015, MIS Q..

[25]  Brian P. Bailey,et al.  Oasis: A framework for linking notification delivery to the perceptual structure of goal-directed tasks , 2010, TCHI.

[26]  Eva Hudlicka,et al.  To feel or not to feel: The role of affect in human-computer interaction , 2003, Int. J. Hum. Comput. Stud..

[27]  Robert E. Kraut,et al.  Controlling interruptions: awareness displays and social motivation for coordination , 2004, CSCW.

[28]  Steven Bellman,et al.  Productive play time: the effect of practice on consumer demand for hedonic experiences , 2010 .

[29]  Antonio Krüger,et al.  Back to the app: the costs of mobile application interruptions , 2012, Mobile HCI.

[30]  Farnam Jahanian,et al.  When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments , 2010, HotMobile '10.

[31]  Viswanath Venkatesh,et al.  Mobile Application Usability: Conceptualization and Instrument Development , 2015, MIS Q..

[32]  Samuel D. Bond,et al.  Keep Your Cool or Let it Out: Nonlinear Effects of Expressed Arousal on Perceptions of Consumer Reviews , 2017 .

[33]  Patrick D. McDaniel,et al.  Not So Great Expectations: Why Application Markets Haven't Failed Security , 2010, IEEE Security & Privacy.

[34]  Glenn B. Voss,et al.  The Influence of Multiple Store Environment Cues on Perceived Merchandise Value and Patronage Intentions , 2002 .

[35]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[36]  Ravi Kuber,et al.  Towards identifying distinguishable tactons for use with mobile devices , 2009, Assets '09.

[37]  Ashwani Monga,et al.  When Intertemporal Rewards Are Hedonic, Larger Units of Wait Time Boost Patience , 2018 .

[38]  Steven Furnell,et al.  From desktop to mobile: Examining the security experience , 2009, Comput. Secur..

[39]  Martin Pielot,et al.  An in-situ study of mobile phone notifications , 2014, MobileHCI '14.

[40]  Tiago Oliveira,et al.  Deciding between information security and usability: Developing value based objectives , 2016, Comput. Hum. Behav..

[41]  Pattie Maes,et al.  Agents that reduce work and information overload , 1994, CACM.

[42]  Dimitris Gritzalis,et al.  Delegate the smartphone user? Security awareness in smartphone platforms , 2013, Comput. Secur..

[43]  Dong-Hee Shin,et al.  The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption , 2010, Interact. Comput..

[44]  Brian P. Bailey,et al.  Effects of intelligent notification management on users and their tasks , 2008, CHI.

[45]  Hsin-Yun Yao,et al.  Perceived Vibration Strength in Mobile Devices: The Effect of Weight and Frequency , 2010, IEEE Transactions on Haptics.

[46]  Matthew L. Jensen,et al.  Using an elaboration likelihood approach to better understand the persuasiveness of website privacy assurance cues for online consumers , 2012, J. Assoc. Inf. Sci. Technol..

[47]  Paul Benjamin Lowry,et al.  Cognitive‐affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study , 2019, Inf. Syst. J..

[48]  Ian Warren,et al.  Push Notification Mechanisms for Pervasive Smartphone Applications , 2014, IEEE Pervasive Computing.

[49]  Brian P. Bailey,et al.  Understanding changes in mental workload during execution of goal-directed tasks and its application for interruption management , 2008, TCHI.

[50]  Lorrie Faith Cranor,et al.  A Conundrum of Permissions: Installing Applications on an Android Smartphone , 2012, Financial Cryptography Workshops.

[51]  Ruth Rettie,et al.  An exploration of flow during Internet use , 2001, Internet Res..

[52]  Hsin Hsin Chang,et al.  Consumer perception of interface quality, security, and loyalty in electronic commerce , 2009, Inf. Manag..

[53]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[54]  Tom L. Roberts,et al.  The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets , 2015, J. Manag. Inf. Syst..

[55]  Duane T. Wegener,et al.  Attitude change: Multiple roles for persuasion variables. , 1998 .

[56]  Paul Benjamin Lowry,et al.  Information Disclosure on Mobile Devices: Re-Examining Privacy Calculus with Actual User Behavior , 2013, Int. J. Hum. Comput. Stud..

[57]  Scott B. MacKenzie,et al.  Working memory: theories, models, and controversies. , 2012, Annual review of psychology.

[58]  Jon Friedman,et al.  Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses , 2008, Inf. Knowl. Syst. Manag..

[59]  Audun Jøsang,et al.  Security in Mobile Communications: Challenges and Opportunities , 2003, ACSW.

[60]  David Fonseca,et al.  Relationship between student profile, tool use, participation, and academic performance with the use of Augmented Reality technology for visualized architecture models , 2014, Comput. Hum. Behav..

[61]  Daniel Gopher,et al.  On the Economy of the Human Processing System: A Model of Multiple Capacity. , 1977 .

[62]  Suzanne Altobello Nasco,et al.  The CAT model: Extensions and moderators of dominance in technology acceptance , 2008 .

[63]  Joseph S. Valacich,et al.  The online consumer's hierarchy of needs , 2007, CACM.

[64]  F. Martínez-López,et al.  Online Advertising Intrusiveness and Consumers’ Avoidance Behaviors , 2014 .

[65]  Milad Dehghani,et al.  Evaluating the influence of YouTube advertising for attraction of young customers , 2016, Comput. Hum. Behav..

[66]  Yajin Zhou,et al.  Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets , 2012, NDSS.

[67]  Alireza Sahami Shirazi,et al.  Large-scale assessment of mobile notifications , 2014, CHI.

[68]  Jaehoon Jung,et al.  Perceived Magnitudes of Vibrations Transmitted Through Mobile Device , 2008, 2008 Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems.

[69]  Detmar W. Straub,et al.  Inexperience and experience with online stores: the importance of TAM and trust , 2003, IEEE Trans. Engineering Management.

[70]  Koen L. Vincken,et al.  Medical students' cognitive load in volumetric image interpretation: Insights from human-computer interaction and eye movements , 2016, Comput. Hum. Behav..

[71]  Venkataraman Ramesh,et al.  Web and Wireless Site Usability: Understanding Differences and Modeling Use , 2006, MIS Q..

[72]  Paul Benjamin Lowry,et al.  security and privacy research lies , 2017 .

[73]  Eric Horvitz,et al.  Notifications and awareness: a field study of alert usage and preferences , 2010, CSCW '10.

[74]  France Bélanger,et al.  Trustworthiness in electronic commerce: the role of privacy, security, and site attributes , 2002, J. Strateg. Inf. Syst..

[75]  C. Fritz,et al.  Don't Interrupt Me! An Examination of the Relationship Between Intrusions at Work and Employee Strain , 2013 .

[76]  T. C. Edwin Cheng,et al.  Adoption of internet banking: An empirical study in Hong Kong , 2006, Decis. Support Syst..

[77]  Jason Rouse Mobile devices - the most hostile environment for security? , 2012, Netw. Secur..

[78]  Homer R. Warner,et al.  Clinical event management using push technology-implementation and evaluation at two health care centers , 1998, AMIA.

[79]  Ming-Hui Huang,et al.  Designing website attributes to induce experiential encounters , 2003, Comput. Hum. Behav..

[80]  Wonil Hwang,et al.  Vibration perception and excitatory direction for haptic devices , 2011, J. Intell. Manuf..

[81]  Patricia G. Devine,et al.  Attitude importance and resistance to persuasion : It's not just the thought that counts , 1996 .

[82]  Tom L. Roberts,et al.  Examining the Relationship of Organizational Insiders' Psychological Capital with Information Security Threat and Coping Appraisals , 2017, Comput. Hum. Behav..

[83]  Anup K. Ghosh,et al.  Software security and privacy risks in mobile e-commerce , 2001, CACM.

[84]  Nathan W. Twyman,et al.  Taking "Fun and Games" Seriously: Proposing the Hedonic-Motivation System Adoption Model (HMSAM) , 2012, J. Assoc. Inf. Syst..

[85]  Detmar W. Straub,et al.  Reconceptualizing System Usage: An Approach and Empirical Test , 2006, Inf. Syst. Res..

[86]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[87]  Detmar W. Straub,et al.  Trust and TAM in Online Shopping: An Integrated Model , 2003, MIS Q..

[88]  Ross Anderson,et al.  Reading this May Harm Your Computer: The Psychology of Malware Warnings , 2014 .

[89]  Abigail Sellen,et al.  Security and Trust in Mobile Interactions: A Study of Users' Perceptions and Reasoning , 2004, UbiComp.

[90]  Andrea Everard,et al.  An Experimental Study of Antecedents and Consequences of Online Ad Intrusiveness , 2008, Int. J. Hum. Comput. Interact..

[91]  Nikolaos Korfiatis,et al.  Trying Before Buying: The Moderating Role of Online Reviews in Trial Attitude Formation Toward Mobile Applications , 2015, Int. J. Electron. Commer..

[92]  Vanessa Evers,et al.  Combining social strategies and workload: a new design to reduce the negative effects of task interruptions , 2013, CHI Extended Abstracts.

[93]  J. C. Johnston,et al.  Locus of the single-channel bottleneck in dual-task interference , 1992 .

[94]  Mark A. Neerincx,et al.  Field evaluation of a mobile location-based notification system for police officers , 2008, Mobile HCI.

[95]  Ingoo Han,et al.  The Impact of Customer Trust and Perception of Security Control on the Acceptance of Electronic Commerce , 2003, Int. J. Electron. Commer..

[96]  Tommi Laukkanen,et al.  Internet vs mobile banking: comparing customer value perceptions , 2007, Bus. Process. Manag. J..

[97]  Hairong Li,et al.  Measuring the Intrusiveness of Advertisements: Scale Development and Validation , 2002 .

[98]  William David Salisbury,et al.  Perceived security and World Wide Web purchase intention , 2001, Ind. Manag. Data Syst..

[99]  Jatin Srivastava,et al.  Media multitasking performance: Role of message relevance and formatting cues in online environments , 2013, Comput. Hum. Behav..

[100]  Pin Luarn,et al.  AIS Electronic Library (AISeL) , 2017 .

[101]  Doohwang Lee,et al.  Text me when it becomes dangerous: Exploring the determinants of college students' adoption of mobile-based text alerts short message service , 2013, Comput. Hum. Behav..

[102]  F. Zijlstra,et al.  Temporal factors in mental work: Effects of interrupted activities , 1999 .

[103]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[104]  Alireza Sahami Shirazi,et al.  Towards Smart Notifications using Research in the Large , 2015, MobileHCI Adjunct.

[105]  Radhika Santhanam,et al.  Digital Games and Beyond: What Happens When Players Compete , 2013, MIS Q..

[106]  Paul Benjamin Lowry,et al.  Proposing the Multimotive Information Systems Continuance Model (MISC) to Better Explain End-User System Evaluations and Continuance Intentions , 2015, J. Assoc. Inf. Syst..

[107]  Dianne Cyr,et al.  Design aesthetics leading to m-loyalty in mobile commerce , 2006, Inf. Manag..

[108]  Adriane B. Randolph,et al.  Using NeuroIS to Better Understand Activities Performed on Mobile Devices , 2015 .

[109]  David W. Wilson,et al.  A Picture is Worth a Thousand Words: Source Credibility Theory Applied to Logo and Website Design for Heightened Credibility and Consumer Trust , 2014, Int. J. Hum. Comput. Interact..

[110]  David Garlan,et al.  Project Aura: Toward Distraction-Free Pervasive Computing , 2002, IEEE Pervasive Comput..

[111]  Yongfeng Huang,et al.  Designing an effective vibration-based notification interface for mobile phones , 2013, CSCW.

[112]  S. Shyam Sundar,et al.  Does Screen Size Matter for Smartphones? Utilitarian and Hedonic Effects of Screen Size on Smartphone Adoption , 2014, Cyberpsychology Behav. Soc. Netw..

[113]  Paul Benjamin Lowry,et al.  The Impact of Collectivism and Psychological Ownership on Protection Motivation: A Cross-Cultural Examination , 2018, Comput. Secur..

[114]  Paul Benjamin Lowry,et al.  Explaining and Predicting the Impact of Branding Alliances and Web Site Quality on Initial Consumer Trust of E-Commerce Web Sites , 2007, J. Manag. Inf. Syst..

[115]  H. Pashler Dissociations and dependencies between speed and accuracy: Evidence for a two-component theory of divided attention in simple tasks , 1989, Cognitive Psychology.

[116]  Chang Liu,et al.  Determinants of accepting wireless mobile data services in China , 2008, Inf. Manag..

[117]  Mary Czerwinski,et al.  An Investigation of Memory for Daily Computing Events , 2002 .

[118]  Kai Rannenberg,et al.  A Two-Pillar Approach to Analyze the Privacy Policies and Resource Access Behaviors of Mobile Augmented Reality Applications , 2019, HICSS.