Effective Risk Communication for Android Apps
Project Members
Christopher Gates, Jing Chen, Ninghui Li, Robert W. Proctor
Christopher Gates, Jing Chen, Ninghui Li, Robert W. Proctor
Abstract
Due to the popularity and openness of Android plat form, it has been an attractive target for malicious and intrusive apps. Android relies on users to understand the permissions that an app is requesting and to base the installation decision off of the list of permissions. This reliance on users has been shown to be ineffective as most users do not understand or consider the permission information.
We propose a solution to assign a summary risk score to each app, and then investigate the impact of presenting risk information as well as the most effective way in which to present this information. We conduct three studies to evaluate our approach:
(1) an online study which presents the risk of an app in a simulated app selection scenario, and tracks participant behavior and selection under these different scenarios;
(2) an in-person lab study to evaluate the effects of framing the score with positive (safety) or negative (risk) information;
(3) a final online study to evaluate the framing in simulated app selection setting.
Our results show that the introduction of risk score information has significant positive effects in the selection process and can also lead to more curiosity about security related information.