Cybersecurity for Android Applications

Author

Scott R. Moore

Entry type

mastersthesis

Abstract

This research contributes to effective risk communication for mobile devices. Mobile devices are becoming near-universal in presence, and the use of these devices comes with some risk. However, the average user does not understand these risks. Users who do not comprehend these dangers have a greater likelihood of suffering negative consequences than those who do understand the dangers. A means of alerting users to possible risks associated with an app is the permissions screen displayed with an app. In this study, I examined how this risk information is presented, and I compared two methods of Android interfaces. A survey was conducted with 756 participants recruited through Amazon Mechanical Turk. Each survey contained a simulation of the Google Play Store and instructed participants to role-play the task of downloading an app. Afterwards, each participant was questioned about which permissions were seen and what the function of each of those permissions are. The survey compared performance of users with the interfaces of Android 5.0 and Android 6.0 and found that, while each version has its own strengths, neither version was superior to the other across all domains. Android 5.0 showed better performance with informing users which permissions access their device, whereas Android 6.0 did better with presenting the functions of the permissions. The specific permissions associated with an app were a significant factor in determining whether a user could recall the permission name or definition, as some permissions are understood more easily recalled than others. In addition, Android 6.0 is shown to be more intuitive to use than Android 5.0. Although a pilot study showed users favored Android 6 over Android 5, the present study shows no clear evidence that Android 6 has a more effective permissions interface than Android 5.

Publication Date

2017-08-30

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.


Coming Up!

Our annual security symposium will take place on April 9th and 10th, 2019.
Purdue University, West Lafayette, IN

More Information