Robocalling: STIRRED AND SHAKEN! - An Investigation of Calling Displays on Trust and Answer Rates

Billions of robocalls annually have undermined the public's trust in the entire phone system. New functionality, called STIR/SHAKEN (S/S), hopes to help fix this issue by detecting whether a call is coming from the number it says it is. However, due to the nature of the system, at first only a portion of calls would go through the S/S system. This led us to question whether presenting this information would confuse users more than help. In this paper, we detail the results of online surveys, in-person interviews, and a lab-based simulation. The research recommends "Valid Number" for the label on the display and found that even with only 30% of calls being validated, S/S increased trust, answer frequency and consumer satisfaction. Based on these results, the launch of S/S could positively affect the current phone system and re-establish consumer trust.

[1]  Prasant Mohapatra,et al.  Early Detection of Spam Mobile Apps , 2015, WWW.

[2]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[3]  Sarah Jane Delany,et al.  SMS spam filtering: Methods and data , 2012, Expert Syst. Appl..

[4]  Jason Flinn,et al.  Virtualized in-cloud security services for mobile devices , 2008, MobiVirt '08.

[5]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[6]  Aurélien Francillon,et al.  Using chatbots against voice spam: Analyzing Lenny's effectiveness , 2017, SOUPS.

[7]  Russell V. Lenth,et al.  Java Applets for Power and Sample Size , 2015 .

[8]  Yang Wang,et al.  Nudges for Privacy and Security , 2017, ACM Comput. Surv..

[9]  Suguru Yamaguchi,et al.  Trust-based VoIP Spam Detection based on Calling Behaviors and Human Relationships , 2013, J. Inf. Process..

[10]  Lorrie Faith Cranor,et al.  Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging , 2015, CHI.

[11]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[12]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[13]  Sunny Consolvo,et al.  Rethinking Connection Security Indicators , 2016, SOUPS.

[14]  Angelo Sifaleras,et al.  Convergence of Internet of things and mobile cloud computing , 2014 .

[15]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[16]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[17]  Haojin Zhu,et al.  All your location are belong to us: breaking mobile social networks for automated user location tracking , 2013, MobiHoc '14.

[18]  Sunny Consolvo,et al.  An Experience Sampling Study of User Reactions to Browser Warnings in the Field , 2018, CHI.

[19]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Martin Shelton,et al.  The Web's Identity Crisis: Understanding the Effectiveness of Website Identity Indicators , 2019, USENIX Security Symposium.

[21]  Gordon V. Cormack,et al.  Feature engineering for mobile (SMS) spam filtering , 2007, SIGIR.

[22]  Gaetan Hurel,et al.  Outsourcing Mobile Security in the Cloud , 2014, AIMS.

[23]  Sunny Consolvo,et al.  Improving SSL Warnings: Comprehension and Adherence , 2015, CHI.

[24]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[25]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[26]  Patrick Traynor,et al.  AuthentiCall: Efficient Identity and Content Authentication for Phone Calls , 2017, USENIX Security Symposium.

[27]  Adam Doupé,et al.  Toward authenticated caller ID transmission: The need for a standardized authentication scheme in Q.731.3 calling line identification presentation , 2016, 2016 ITU Kaleidoscope: ICTs for a Sustainable World (ITU WT).

[28]  Lorrie Faith Cranor,et al.  A Design Space for Effective Privacy Notices , 2015, SOUPS.

[29]  Vinayak S. Naik,et al.  SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering , 2011, HotMobile '11.

[30]  Calton Pu,et al.  A study on evolution of email spam over fifteen years , 2013, CollaborateCom 2013.

[31]  L. Cranor,et al.  Nudges for Privacy and Security , 2017, ACM Comput. Surv..