Measuring User Confidence in Smartphone Security and Privacy

Measuring User Confidence In Smartphone Security And Privacy-PDF Download

  • Date:25 May 2020
  • Views:27
  • Downloads:0
  • Pages:29
  • Size:1.31 MB

Share Pdf : Measuring User Confidence In Smartphone Security And Privacy

Download and Preview : Measuring User Confidence In Smartphone Security And Privacy


Report CopyRight/DMCA Form For : Measuring User Confidence In Smartphone Security And Privacy


Transcription:

Copyright 2012 by the author s,All rights reserved. Permission to make digital or hard copies of all or part of this work for. personal or classroom use is granted without fee provided that copies are. not made or distributed for profit or commercial advantage and that copies. bear this notice and the full citation on the first page To copy otherwise to. republish to post on servers or to redistribute to lists requires prior specific. permission, Measuring User Confidence in Smartphone Security and Privacy. by Erika Chin,Research Project, Submitted to the Department of Electrical Engineering and Computer Sciences University of Cal. ifornia at Berkeley in partial satisfaction of the requirements for the degree of Master of Science. Approval for the Report and Comprehensive Examination. Professor David Wagner,Research Advisor,Professor Dawn Song. Second Reader, Measuring User Confidence in Smartphone Security and Privacy.
Erika Chin,University of California Berkeley,emc cs berkeley edu. In order to direct and build an effective secure mobile ecosystem we must first understand user attitudes toward. security and privacy for smartphones and how they may differ from attitudes toward more traditional computing. systems What are users comfort levels in performing different tasks How do users select applications What are. their overall perceptions of the platform This understanding will help inform the design of more secure smartphones. that will enable users to safely and confidently benefit from the potential and convenience offered by mobile platforms. To gain insight into user perceptions of smartphone security and installation habits we conduct a user study. involving 60 smartphone users First we interview users about their willingness to perform certain tasks on their. smartphones to test the hypothesis that people currently avoid using their phones due to privacy and security concerns. Second we analyze why and how they select applications which provides information about how users decide to trust. applications Based on our findings we present recommendations and opportunities for services that will help users. safely and confidently use mobile applications and platforms. 1 Introduction, Smartphones have dramatically changed the computing landscape They complement and in some cases supplant. traditional computing devices such as laptops and desktops 8 We have seen a tremendous growth in the number. and diversity of smartphone applications in marketplaces such as the Apple App Store Android Market and Amazon. Despite the popularity of smartphones there are reasons to believe that privacy and security concerns might be. inhibiting users from realizing the full potential of their mobile devices Although half of U S adults own smart. phones 5 mobile online shopping is only 3 of overall shopping revenues 7 suggesting that users are hesitant to. perform these tasks on their smartphones A recent commercial study also found that 60 of smartphone users are. concerned that using mobile payments could put their financial and personal security at risk 4. Our goal is to help smartphone users confidently and securely harness the power of mobile platforms In order to. improve the security of mobile systems we must understand the challenges and concerns that users currently have with. performing sensitive operations on their smartphones and identify opportunities to improve the security of the device. We interviewed 60 smartphone users about their willingness to perform certain actions on their phones We found that. participants are significantly less willing to make shopping purchases provide their Social Security numbers access. health data or check their bank accounts on their smartphones than on their laptops Our data also sheds some light. on why users might be more reluctant to perform these tasks on their phones see Section 4 We expect these results. may be helpful in identifying opportunities to improve the security of these devices. Applications play a critical role in users experiences with their smartphones To help protect users while se. lecting applications it is important to understand each step in the mobile application installation process how users. discover applications the factors they consider before installation e g price brand name and where they download. applications from We survey the 60 study participants about how and why they install mobile applications. This paper presents the results of structured interviews and surveys of 60 participants The participants span four. popular platforms Windows and Mac for laptops and Android and iPhone for smartphones We compare and contrast. laptop and smartphone behaviors and perceptions using laptops as a reference point for understanding smartphone. specific concerns The structured interviews were a tool to 1 test our hypothesis that people are less willing to perform. sensitive operations on their smartphones and 2 collect qualitative data about users mobile security concerns We. also survey participants about the applications that they installed on their smartphones to guide the design of new. security indicators, Contributions This paper makes the following contributions. We find that users are 1 more concerned about privacy on their smartphones than their laptops and 2 more. apprehensive about performing privacy sensitive and financial tasks on their smartphones than their laptops. We report the threats that participants worry about on their smartphones physical theft and data loss malicious. applications and wireless network attackers We also find that participants fears of wireless network attackers. stem from misconceptions about how wireless network communication works. We make several recommendations that could increase security and or user confidence in their smartphones 1. improved data backup lock and remote wipe services 2 new security indicators in smartphone application. markets to increase user trust in their selection of applications and 3 user education and improved user interfaces. to address common misconceptions about wireless network communication. 2 Background and Related Work,2 1 Application and Security Models. Windows The Windows platform has encouraged a relatively ad hoc application ecosystem with third party applica. tion software being commonly acquired from diverse sources e g online physical retailers without any centralized. application market place Given this decentralized nature there is little by way of curation of the applications and. users have to install anti virus software again from third party sources to protect themselves against malware which. is a well documented problem for Windows, Mac In contrast the Mac platform is generally perceived to be more immune to malware as there have been relatively.
fewer documented cases of malware attacks Macs also have anti virus options but they are less widely adopted 17. Similar to Windows the traditional application ecosystem has also been largely decentralized Motivated by the. success of the mobile App Store Apple launched the Mac App Store as a centralized market for desktop applications. It appears to be reasonably successful 1, Android There are several marketplaces for Android users to download applications with the Android Market. being the most popular The Android Market is not curated although recent reports suggest that it is scanned for. malware by Google 2 Google also removes software that is found to violate their TOS There are several demon. strated malware attacks on the Android platform Anti virus applications are available for Android although their. effectiveness has been publicly questioned 33 29, iOS The App Store is a centralized curated marketplace for downloading iPhone applications While the exact details. of the curation process is unknown 1 there is evidence to suggest that Apple does check for security violations Al. though there have been few samples of iPhone malware there is plenty of grayware and jailbreaking applications 23. Users are prompted when applications want to access location or other information via pop up notifications. 2 2 Related Work, Application Selection Past research suggests that privacy and security play roles in users installation decisions. Wash interviewed people about computer security threats and several interviewees indicated that they were cautious. when installing new software because of malware concerns 39 In an experiment performed by Good et al people. preferred applications with better privacy policies unless the privacy came at the cost of application functionality 25. We further explore users concerns about application trustworthiness and how they prioritize those concerns by. asking people to recall the factors that led them to install applications We also ask people about how they discover. 1 Most visible media reports of applications being denied have to do with the content served rather than specific security reasons. applications which may provide insight into how trust in software is established Matthews et al found that word of. mouth and browsing the App Store are important discovery methods for iOS applications 30 we further expand the. scope of this study to Android as well, Researchers have investigated whether placing privacy indicators in search results influences users online shop. ping decisions They found that privacy indicators can cause users to pay a premium to purchase items from online. vendors with better privacy scores 24 38 However the timing and placement of the indicators affects whether users. heed them 21 We hypothesize that privacy and security indicators could play a similar role in application selection. so we investigate users installation workflows to identify potential places for security and privacy indicators. Smartphones vs Computers We explore whether users have different security and privacy concerns for their. smartphones and computers Past studies have found that people often begin tasks on smartphones but complete them. on computers 12 28 30 Many platform switches can be attributed to screen size network performance or typing. difficulties However we suspect that privacy and security concerns may also play a role Matthews et al observed that. some users shop for items on their phones but defer payment until they are at a computer 30 We investigate whether. security concerns about smartphones may be responsible for users preferences for computers in certain situations. Smartphone Privacy and Security Smartphones are ideally suited for location aware services Consequently prior. research has focused on users attitudes towards location privacy A large body of work addresses how users share. location information with social contacts 14 26 18 11 40 13 and companies 20 19 However smartphones can. also be used to handle other types of confidential data and there are threats beyond social contacts and advertising. companies e g muggers and man in the middle network attackers Ben Asher et al surveyed smartphone users and. found that people consider other information on their phones sensitive e g photos and contacts and worry about. physical attacks on their phones 15 As such the scope of our inquiry goes beyond location and social contacts. We ask people about their willingness to access several types of information on their phones and our survey design. allowed study participants to describe their own threats. Smartphone Application Usage Prior work has studied how smartphones are used Falaki et al examined Android. and Windows Phone application usage from the perspective of reducing energy consumption 22 They found that. smartphone users primarily spend their time interacting with a small subset of their installed applications relative. application popularity can be modeled as an exponential distribution Others have similarly studied the time that. people spend using certain applications 28 30 Our inquiry focuses on application discovery and installation rather. than usage as our end goal is to help users avoid installing malicious or otherwise undesirable applications. 3 Methodology, We performed structured interviews and surveys of 60 users to obtain both a quantitative and qualitative understand.
ing of how people use their smartphones As a point of comparison we also asked them about similar behaviors on. their laptops Our questions focused on application discovery application selection and users willingness to perform. different application activities on each platform Each participant owned a laptop Windows or Mac and a smart. phone Android or iPhone Our choice of platforms was motivated by their dominant market share in the respective. categories, Prior to beginning the study we obtained IRB approval as an exempt protocol We coded all personally identifiable. information so that only the lead researcher could connect data to participants and deleted audio recordings following. the transcription process,3 1 Recruitment, We recruited participants in December 2011 and January 2012 We placed an advertisement in the Et cetera jobs. section of the San Francisco Bay Area Craigslist and offered 60 for participation in our study The advertisement. stated that the study was about smartphones but did not mention privacy or security To be eligible users had to be age. 18 or older own a personal smartphone own a personal laptop and be willing to bring both devices to the interview. Respondents were asked to specify their age operating system of their laptop the operating syste. stem from misconceptions about how wireless network communication works We make several recommendations that could increase security and or user con dence in their smartphones 1 improved data backup lock and remote wipe services 2 new security indicators in smartphone application

Related Books