For Mobile Users, Positive Safety Messages More Effective Than Security Warnings

Ratings of the security risks associated with smartphone apps affect users' decisions whether to install those apps, but information about the safety of an app is more effective than information about its risks, according to researchers from Purdue University.

The report, "Effective Risk Communication for Android Apps," was published in the May-June issue of IEEE Transactions on Dependable and Secure Computing. The researchers examined the effects of including information about app permissions on users' decisions to install apps. They tested the effectiveness of including summary risk information and tested various methods of conveying that information to determine which approach was most effective.

Although most mobile systems have strong security measures in place, they often rely on users to make decisions that affect the security of the device, according to the authors. When users install apps, they may unwittingly give permission for malicious or intrusive apps to track their location and monitor their phone calls and text messages, including authentication messages used by secure sites. According to the researchers, users install these malicious apps without realizing the risks because they don't understand the permissions the app is requesting.

The researchers focused on the Android operating system, which includes more than 200 app permissions, many of which "do not make sense to the average user or at best require time and considerable mental effort to comprehend," according to information on the National Science Foundation site, which funded the project. While users pay some attention to permissions, they also consider average ratings, number of downloads and user comments. Higher quality apps tend to get higher ratings, and users tend to submit comments about the security and privacy of an app.

Current app permissions are designed for the app developers, rather than the users, Ninghui Li, one of the researchers told NSF. Based on the results of their experiments, the researchers believe it would be more effective to display a risk score for each app because it would make the risk more obvious to users and provide an incentive for developers to reduce their use of personal information when developing apps. They also believe the inclusion of risk scores could increase user curiosity about security information and cause them to pay more attention to the warnings.

However, the researchers also found that people tend to pay more attention to safety information than risk information. The reason may be that users tend to base their decision to install an app on other positive information about it, such as the user ratings, number of downloads and user comments, so it follows that a positive safety rating is more compatible with the decision-making process than a negative risk rating.

The full report, "Effective Risk Communication for Android Apps," can be found in the May-June issue of IEEE Transactions on Dependable and Secure Computing.

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at [email protected].

Featured

  • hand touching glowing connected dots

    Registration Now Open for Tech Tactics in Education: Thriving in the Age of AI

    Tech Tactics in Education has officially opened registration for its May 7 virtual conference on "Thriving in the Age of AI." The annual event, brought to you by the producers of Campus Technology and THE Journal, offers hands-on learning and interactive discussions on the most critical technology issues and practices across K–12 and higher education.

  • teenager interacts with a chatbot on a computer screen

    Character.AI Rolls Out New Parental Insights Feature Amid Safety Concerns

    Chatbot platform Character.AI has introduced a new Parental Insights feature aimed at giving parents a window into their children's activity on the platform. The feature allows users under 18 to share a weekly report of their chatbot interactions directly with a parent's e-mail address.

  • laptop screen displaying a typed essay, on a child

    McGraw Hill Acquires Essaypop Digital Learning Tool

    Education company McGraw Hill has announced the acquisition of Essaypop, a cloud-based writing tool that will enhance the former's portfolio of personalized learning capabilities.

  • a professional worker in business casual attire interacting with a large screen displaying a generative AI interface in a modern office

    Study Finds Generative AI Could Inhibit Critical Thinking

    A new study on how knowledge workers engage in critical thinking found that workers with higher confidence in generative AI technology tend to employ less critical thinking to AI-generated outputs than workers with higher confidence in personal skills.