The Contribution of Contextualized Security in Mobile Security Applications


Research Paper (undergraduate), 2019

181 Pages


Free online reading

Table of Contents

Abstract

1 Introduction
1.1 Application Introduction
1.2 Application description

2 Background
2.1 Nutrition labels
2.2 Usability
2.3 Contextual data

3 Research Model
3.1 Research hypothesis
3.2 Security and Privacy Invasion Levels: Computing and Visualizing
3.3 Security Score Computation
3.4 Privacy Invasion Score calculation
3.5 Visualizing Security Levels and Privacy Invasion Levels
3.6 Method 1: App ranking prior to the 2018 change
3.6.1 Methodology of privacy and security attributes invasion levels

4 Methodology
4.1 Method 2: App ranking after 2018 change
4.1.1 App permissions on Android 7 & 8
4.1.2 Viewing all the permissions in a mobile app
4.1.3 App permissions list
4.1.4 App security score calculation and privacy score calculation and graph of distribution android 2018
4.1.5 App security score calculation and privacy score calculation and graph of distribution Android 2018:
4.1.6 Visualization
4.1.7 Color visualization psychological effects on the human behavior
4.1.8 Method 2 applications
4.2 Experiment Design
4.2.1 Pilot experiment Design
4.2.2 Final Experimental Design
4.2.3 Results

5 Discussion and Conclusions

6 References

7 Appendices
7.1 Method 2 applications
7.2 Method 2 App permissions privacy aspect
7.3 Final experiment results
7.3.1 Part 1 Results average
7.3.2 CLM Results
7.3.3 Summary
7.3.4 Part 1 Results CLM & GLMM & T tests
7.3.5 Part 2 results graphs
7.4 The ethical participation documents
7.5 The purpose of the research and the rationale
7.6 Experiment setup
7.7 Population
7.8 Tools
7.9 The course of the study
7.10 Analysis of the data
7.11 Expected outcomes and importance of research
7.12 Importance of research
7.13 Consent form
7.14 Final Experiment Questionnaire
7.14.1 Part 2 Questionnaire
7.15 MRG effitas tests:
7.16 Mobile security applications
7.16.1 A
7.16.2 B
7.16.3 C
7.16.4 D
7.16.5 E
7.16.6 F
7.16.7 G
7.16.8 H
7.16.9 I
7.16.10 J
7.16.11 K
7.16.12 L

Abstract

This study's aim is to check the effects of security features displays and privacy in mobile security antivirus applications and the willingness to install these applications based on the innovative contextualized approach that we are going to introduce. Twenty-four participants viewed privacy and security information for various antivirus applications which were visualized using a food labelling system that was adapted specifically for the use of privacy invasion and mobile security. Applications were displayed either contextually, where the display was split into separate screens for each security feature and applicable privacy factors for each specific component, or all together in an accumulated display. Using this innovation contextualized approach, we found users had a much better understanding of the type of access each feature of an application was requesting permission from, and helped users gain confidence in installing antivirus applications with higher security levels. Privacy invasion reduced users’ willingness to install an application, however we also found users to trade some of their privacy for antivirus applications with higher levels of security.

Keywords: Smart Devices, Mobile Applications, Privacy, Mobile Security, Privacy Invasion, Food Label System

List of Figures

Figure 1: Application D (D General)

Figure 2: Application D (Router)

Figure 3: Application D (vpn)

Figure 4: Settings, Personal Privacy, App Locking and App Locking Setup (D application).

Figure 5: Anti-Theft Set Up (D Application)

Figure 6: Anti-Theft Features (D Application)

Figure 7: Sample Nutrition Labels

Figure 8: Example of Nutrition Facts Using Food Labeling Technique

Figure 9: Example of Privacy and Security Labels Using Food Labeling Technique

Figure 10: List of Different Permissions Assigned to Different Application

Figure 12: How to Check List of All Permission for Android Application

Figure 13: Security Category and Security Software Score Results of Different Applications

Figure 14: Privacy Score Results for Different Application

Figure 15: Privacy Inversion Set of Different Applications

Figure 16: Application privacy level bar

Figure 17: Application security level bar

Figure 18: Red-Triangle

Figure 19: ClearX

Figure 20: Red-Green

Figure 21: RedX

Figure 22: Experiment scenario description by experiment manager, participant and system

Figure 23: Estimated Marginal Means of Question 1: Perceived Security

Figure 24: Estimated Marginal Means of Question 2: Willingness to Install

Figure 25: Part 2 four categories comparison chart

Figure 26: A+K Antivirus applications

Figure 27: J+L Antivirus applications

Figure 28:B+D Antivirus applications

Figure 29: C+I Antivirus applications

Figure 30:: Best results for the application defends me from viruses AVG

Figure 31: The application defends me from viruses – perceived security

Figure 32:Best results for I will consider installing this application AVG

Figure 33: I will consider installing this app

Figure 34:Best results for the application collect too much personal information about me AVG

Figure 35: The application collects too much personal information about me - Perceived Privacy

Figure 36: Boxplot of intention to install a security application by display type

Figure 37: Boxplot of perceived privacy invasion for high and low security scores

Figure 38: Boxplot of perceived privacy invasion for display type

Figure 39: Boxplot of perceived security for low and high security levels

Figure 40: Boxplot of perceived security for contextual and accumulated displays

Figure 41: Predicted by Observed Values of Intention to Install

Figure 42: Intention to install a security application for low and high privacy levels

Figure 43: Intention to install a security application for low and high security levels

Figure 44: The predicted and observed values of perceived privacy invasion

Figure 45: Perceived privacy invasion for low and high security levels

Figure 46: Perceived privacy invasion for contextual and accumulated application displays

Figure 47: Predicted by Observed Values of Perceived Security

Figure 48: Perceived security for contextually and accumulated application displays

Figure 49: : Right Experimental scenario description by experiment manager, left side Experiment move (participant)

Figure 50: A antivirus application

Figure 51: B antivirus application

Figure 52: C antivirus application

Figure 53: C application permissions

Figure 54: C Antivirus functions

Figure 55: D antivirus application

Figure 56: D Antivirus analysis

Figure 57: E antivirus permissions

Figure 58: E antivirus permissions

Figure 59: E antivirus permissions

Figure 60: F antivirus

Figure 61: F antivirus functions

Figure 62: F antivirus permissions

Figure 63: G antivirus permissions and usage

Figure 64: G antivirus usage functions

Figure 65: H antivirus permissions

Figure 66: H antivirus permissions and usage

Figure 67: H antivirus login screen

Figure 68: I antivirus permissions

Figure 69: I antivirus permissions and usage

Figure 70: J antivirus permissions

Figure 71: J antivirus permissions

Figure 72: K antivirus application

Figure 73: K antivirus permissions

Figure 74: L antivirus usage and permissions

List of Tables

Table 1: Categorization of Different Applications Based on Privacy Level for App Ranking Before 2018

Table 2: Application couples’ categories

Table 3: Comparative and MRG Effitas Score Calculation

Table 4: App Ranking

Table 5: Categorization of Different Applications Based on Privacy Level for App Ranking After 2018

Table 6: General questions summary table

Table 7: Analysis of average values of each application version for question 1 and 2

Table 8: Mean scores for Willingness to Install and Perceived Security by Application and design versions

Table 9: Perceived Security and Willingness to Install by Designs

Table 10: Perceived Security and Willingness to Install by Applications

Table 11: Post Hoc Comparisons for Perceived Security by Application Type

Table 12: Post Hoc Comparisons for Willingness to Install by Applications

Table 13: Part 1 analysis average summary table

Table 14: Shapiro-Wilk’s Tests of Normality for Metric Variables

Table 15: Table includes best results for each of the results for the three questions and difference

Table 16: Summarized results normalized values for part 2 questions

Table 17: Categorization of Different Applications Based on Privacy Level for App Ranking After 2018

Table 18: Privacy facts list

Table 19: Anti-Malware Security Feature of Different Application

Table 20: Anti-Spam Security Feature of Different Application

Table 21: Anti-theft Security Feature of Different Application

Table 22: Authentication Security Feature of Different Application

Table 23: Parental Control Security Feature of Different Application

Table 24: Backup/Monitoring Security Feature of Different Application

Table 25: Intention to Install Fixed Effects Model

Table 26: Fixed Coefficients of Intent to Install Model

Table 27: Fixed Effects of the Perceived Privacy Violation Model

Table 28: Fixed Coefficients of the Perceived Privacy Model

Table 29: Fixed Effects of the Perceived Security Model

Table 30: Fixed Effects for the updated Perceived Security Model

Table 31: Fixed Coefficients of the superior Perceived Security Model

Table 32: Group statistics

Table 33: Independent Samples Test

Table 34: Group Statistics

Table 35: Independent Samples Test

Table 36: Group Statistics

Table 37: Independent sample test

List of Equations

Equation 1: Importance per category

Equation 2: Security category score

Equation 3: Security scores

Equation 4: Privacy invasion scores

Equation 5: Feature presents or not

Equation 6: Intention to install clm

Equation 7: Intention to install calculation

Equation 8: Perceived privacy violation

Equation 9: Perceived privacy violation calculation

Equation 10: Perceived Security

Equation 11: Intention to install

Equation 12: Perceived privacy violation

Equation 13: Perceived security

1 Introduction

Since the emergence of smartphones (early 2000s), the popularity of the small computer handheld devices has gained immense popularity and contribute to 52.2% of all internet activity (Statistica, 2018). We rely heavily on our smartphones in day to day life, and use them for a wide range of functions, including banking, storing personal files and pictures, to even storing our passwords (Jain & Balgopal, 2016). As a result, the emergence of smartphone devices has created a need for new security methods to protect users and their personal information against malware attacks, identity theft, cyber-attacks, Trojans, worms and key loggers (Ahvanooey, Qianmu, Rabbani & Rajput, 2017). Public WiFi spots also threaten smartphone device users, as attackers may try to intercept important data or infect the device with malicious files (Ahvanooey et al., 2017). Furthermore, smartphone devices are terminals which are highly susceptible to different kinds of malicious malware programs which can be downloaded onto the devices and transmitted using WiFi, SMS, MMS, a web browser, or Google Play store, and infect the device (Jain & Balgopal, 2016).

Long-term smartphone mobile applications often give little to no regard to personal information, security, and privacy considerations (Thuraisingham, 2015). For example, Google Maps is able to track the GPS location of every user, and even sends the user a monthly email to demonstrate where they have been and travelled during the month. Malicious programs can also be inserted into so called innocent programs, for example, key loggers or other tools to steal personal information (Daojing, Chan & Guizani, 2015).

The ability of smartphone users to defend themselves against malicious programs is questionable. Granting applications, the permission which they often require to activate a particular feature of the app increases the user’s vulnerability of a potential security breach (Ahvanooey et al., 2017). However, a simple way to protect smartphone devices is via the use of a mobile security app which requires the user’s consent for all future app installations and approval for access to important smartphone data and information stored on the device (Thuraisingham, 2015). Specifically, cyber security apps trace the identity of users on the device, as well as any unwarranted access to personal files which may be in breach of privacy (Ahvanooey et al., 2017).

Smartphone security application’s anti-theft features often require permissions for the following: (1) location; (2) device administrator; (3) microphone; (4) camera; and (5) SMS messages, to send commands for remote wipe. Additionally, antivirus scanners may also require access to device files, photographs and media files (Timur, Brannon, Lasker, & Miller, 2014). All these risk factors pose a big problem when designing and developing apps, as developers are required to find a harmonious balance between the privacy and security aspects of the app, as to meet the privacy and security needs of users, whilst enticing new users. (Timur et al., 2014).

When installing apps on mobile devices, and activating specific features of them, users are often required to provide their consent after reading the terms and conditions or user agreements. Furthermore, when activating certain features, apps typically request access to different resources (e.g. camera, location etc.) of the smartphone (Timur et al., 2014). Accordingly, users often have little to no understanding of the risks affiliated with such security vulnerabilities. Furthermore, there appears to be a lack of awareness regarding the potential dangers of installing an app on a smart device (Lin, 2013). In turn, users have very little interest installing security apps.

According to research conducted by Homeland Security (USA), smartphone users appeared confident in their knowledge and skills regarding the security and privacy aspects of their smartphones. However, published reports suggest that these mechanisms are rarely implemented in most carrier networks. Specifically, 35% of mobile network operators surveyed reported that they did not know if they had experienced a security incident on the packet core that resulted in a customer-visible outage (Griffin, 2017).

Skycure’s quarter one 2016 Mobile Threat Intelligence Report found 30% percent of smartphone users to not have a password to unlock the devices screen, which is often recognized as the first line of defense against physical attacks. Similarly, 122 NowSecure (2016) found 43% of mobile users to not use passcodes, Personal Identification Numbers (PIN), or pattern locks on their devices.

Smartphone user’s ability to react to information presented in a complex fashion is generally thought to impede installation of a security app. However, a food labelling system presented by Kelley et al. (2013) demonstrated a novel approach for permissions and privacy security displays, which makes it easier for users to understand. Therefore, this simplification allows users to make informed decisions due to simplified instructions and requirements (Kelly et al., 2013). Whilst these changes simplify the process, many users still exhibit deficits in understanding the potential harm caused by installing apps on their smartphones and continue to allow applications to access their private information (Nowsecure, 2016).

Smartphone users are generally unaware of the security and privacy aspects of device usage. Therefore, it is imperative to understand and identify the potential factors that may influence user’s security awareness and prevent the invasion of privacy. Identifying these factors will enable security companies and researchers to develop solutions that increases security awareness and prevents invasion of privacy for smartphone users (Nowsecure, 2016).

This research will endeavor to identify the factors involved in motivating users of smartphones to install security apps, and identify factors surrounding security and privacy invasion. Specifically, the study will endeavor to demonstrate how user’s willingness to install mobile security applications on their smartphones is affected by privacy and security concerns. The study will also address how previous security breaches and invasive data sharing impacts users’ overall views of mobile security applications. We propose users to make decisions regarding the installation of a security application on their device to be heavily influenced by actual security and privacy levels of the applications, and the type of information requested from the users. We expect applications with more secure features with low levels of privacy invasion to result in a good trade off.

1.1 Application Introduction

D Antivirus is an anti-malware scanning tool that has a large reputation on the Google Play store due to its superior features. The app functions by scanning the status of smartphone devices and recommends if any improvements are required. Additionally, D Antivirus checks user’s registered Wi-Fi networks to ensure it is secure. Additionally, the application allows app locking, photo vault features, call blocking tools, and performs routine security checks on all incoming data. The app can also check the status of your lost device via setting the status of your device to lost. Furthermore, the firewall and app permission features of D Antivirus make it an attractive product for device users (Gomes et al., 2009). D Antivirus is continuing to make improvements to the app to fully encapsulate user’s security needs.

1.2 Application description

D Antivirus (referred to as ‘D’), a subsidiary of Avast Software, is a free antivirus package that has attracted a lot of attention in the security market. D is compatible with Windows, macOS and Android operating systems. The installation process of D is relatively simple. Prior to using the app, users are required to read and accept the license agreement, privacy policy and VPN police. After accepting the terms, the user is asked to select to use the app with ads for free, or to upgrade without ads. After pressing continue on the app, users are presented with the main menu, as shown in Figure 1. The main menu includes a scan button, which directs users to the scan menu. Initially, the app requests access to the user’s photos, media and files so that the app can scan them for viruses and/or malware. Any detected problems are flagged in red, along with advice suggesting how to resolve the issue, including disable functions (Becher et al., 2011).

Abbildung in dieser Leseprobe nicht enthalten

Figure 1: Application D (D General).

The memory boost function allows the system to terminate any unused apps to create more ram on the device. After executing the memory boost function, the app displays the number of apps removed. It then displays ads, an upgrade page, an option to rate the app or any additional functions available. The app will only proceed to kill tasks running in the background if permission is granted by the user.

The clean junk feature shows the number of unused files on a user’s device. Users are presented with two options: (1) a basic safe clean function, which features ads; and (2) a deep clean function, which required the installation of D cleaner. Furthermore, the feature shows the amount of space that will be free by installing the additional app (Norouzi & Parsa, 2014).

The scan Wi-Fi function scans basic Wi-Fi usage and determines if the network currently in use is safe on the basis of encryption of the data, whether it is a public or private Wi-Fi network, and exposure to danger. As shown in Figure 2, the app will suggest connecting to a VPN network for extra protection. However, the VPN is only available to users who purchase the premium package. Connecting to the VPN provides extra protection to users by encrypting their data and providing them with a false public IP to protect them from malicious apps.

Abbildung in dieser Leseprobe nicht enthalten

Figure 2: Application D (Router)

Abbildung in dieser Leseprobe nicht enthalten

Figure 3: Application D (vpn)

The check speed function measures user’s current internet speed and determines assesses connectivity issues. After running the function, users are provided with stats of their current connection, along with an ad tailored to the user. The VPN Protection function is only available to users who purchase a premium upgrade. The VPN allows users to mask the country of their IP, receive fast internet speeds, and binge watch paid streaming services.

The left-hand side main menu contains many functions and features, including: (1) remove ads (requires upgrading to pro premium; (2) app locking (requires upgrading to pro premium, however is available on a 14-day free trial); (3) anti-theft; (4) VPN protection; (5) photo vault; (6) Wi-Fi security and speed. It also contains additional apps by D such as clearer, secure VPN, alarm clock, gallery and power saver/data usage, call blocker, app permissions, firewall, and D account access to app from any computer. Users are also able to alter their settings, as shown in Figure 4, including notifications, protections, pin code updates, activity log and personal privacy. Personal privacy’s default setting upon installation is set to enabled, which means users data is shared with third parties (Micro, Trend 2013).

Abbildung in dieser Leseprobe nicht enthalten

Figure 4: Settings, Personal Privacy, App Locking and App Locking Setup (D application.).

The app locking feature, as shown in Figure 4, allows users to set up a pin code, security pattern and fingerprint scan. Once activated, users are able to select the apps they would like to add locking features to. As shown in Figure 5, the anti-theft feature requires first time users to set a basic pin code before connecting to the app via the website to control the app remotely. It will then request permissions (Friedewald & Pohoryles 2014). After administration rights and system modification settings have been granted, the app will proceed to the anti-theft page, as shown in Figure 6. This feature requires users to give up access to all resources in exchange for receiving all features listed below, allowing users to protect their data if the device is lost or stolen by: (1) locking their device remotely; (2) controlling their smartphone remotely via SMS control; (3) detecting the last known location of the device; (4) and wiping their device remotely.

The power saver function of the app allows users to modify their power saving settings and receive warnings when the device is losing charge due to brightness settings and other functions. This is a premium feature and has a number of ads. The data usage function allows users to limit the data used by any app installed on their smartphone and predetermine the amount of data they actually use in accordance with their mobile data package (Gomes et al., 2009).

Abbildung in dieser Leseprobe nicht enthalten

Figure 5: Anti-Theft Set Up (D Application)

Abbildung in dieser Leseprobe nicht enthalten

Figure 6: Anti-Theft Features (D Application)

The firewall feature requires a third-party app that roots the device to allow the antivirus app access to block or deny connectivity from apps that transfer inbound or outbound data. Therefore, it is not recommended to use this feature unless you are willing to expose and risk your device from potential hacking, as rooting provides potential hackers with access to the deepest areas of the Android operating system (Faruki, et al. 2013). The current study is going to employ a total of eight applications. These applications, along with their key references, are featured in Appendix 5.6.

1.3 Research hypothesis

The research framework of the current study intends to investigate the role of security and privacy on user’s perceptions and beliefs, and the security and privacy tradeoffs for smartphone antivirus applications. Specifically, we are interested in understanding user’s willingness to install an app based on the application’s security and privacy tradeoff and their understanding of it.

This research examines the effect of the visualization of contextualized display on user’s intention to install applications or use particular features in smartphone antivirus application and the trade-off between privacy which includes access to mobile device components such as microphone, or camera to use the antivirus features in order to gain higher security levels. Perentis et al. (2019).

The current study proposes three main research hypotheses regarding security, perceived privacy and privacy visualization and Security and privacy correlation.

Security and Privacy Perceptions:

1. How does perceived security for a specific security application effects user’s willingness to install the application ?

Hypothesis: Higher level of security will increase the willingness to install the security application.

2. How does perceived privacy invasion for a specific security application effects user’s willingness to install the application ?

Hypothesis: The higher the level of privacy invasion, the lower the user's willingness to install a security application.

Security and Privacy Visualization:

1. How does security and privacy visualization properties influence user’s willingness to install a security application?

Hypothesis: The display of security features in the contextualized method increases the user's willingness to install a security application

2. How does privacy visualization properties influence user’s willingness to install a security application?

Hypothesis:

A. The higher the level of privacy invasion the higher the Perceived privacy invasion
B. The higher the Perceived privacy invasion the less a security collects information from the smartphone device

Security and privacy correlation:

1. How does correlation between privacy level and dependent variable perception of privacy?

Hypothesis: Privacy invasion perception are positively correlated with the levels of privacy

2. How does correlation between security level and dependent variable perception of security?

Hypothesis: Security perception are positively correlated with the levels of security

Furthermore, it is hypothesized that security perceptions per application will be associated with the security category visualization. Additionally, it is expected that privacy invasion perceptions per application will be associated with the privacy category visualization.

2 Background

There is a paucity of research regarding the influence of perceived security and privacy on user’s decisions to install a security app. Previous research has explored how security and privacy apps are installed on smartphones, and how they request user’s permission, for devices using Android 6. However, very few studies have explored this for Android 8 devices. The Android 6 system required users to provide permission at the beginning of an app. Whereas, the Android 8 system requests user’s permission per feature (Android Security Yearly in Review, 2018). Thus, the current study endeavors to distinguish perceived security and privacy on user’s decisions to install a security application for Android 8 devices.

Previous research regarding perceived security and privacy concerns of app installation suggests there is no clear connection between the two. On the other hand, former studies proposed a shared mutual border, the nature of this border remains unclear. There are many techniques employed to assess the behavior of smartphone users in regard to security and privacy, including mathematical formulae and the exploration of related factors. However, very few studies that have applied these techniques to Android 8 smartphone users (Enck, Octeau, McDaniel Chaudhari, 2011; Arshad, Shah, Khan, Ahmed, 2016).

Arshad, Shah, Khan and Ahmed (2016) conducted research exploring the security aspects involved in protecting Android user information and privacy from attacks in relation to permission granting across different malware, behaviors, and techniques. Furthermore, their research provided a detailed review of different anti-malware techniques and described their advantages and limitations (Arshad et al., 2016). Specifically, anti-malware that employed a static approach was less efficient in detecting malicious contents that are dynamically loaded from remote servers. Whilst the dynamic approach is efficient in continuous application monitoring and able to detect malicious content at execution time, portions of unexecuted malicious code remain undetected. Additionally, it is believed that any single security solution in Android is unable to provide full protection against potential vulnerabilities and malware. Thus, it was advised to employ more than one solution simultaneously, or in other words, a hybrid of two approaches (i.e. static and dynamic).

According to Orjuela and Fife (2012) the tradeoff between security and privacy by calculus found the elderly to be more concerned with privacy and security, particularly regarding their medical data. Furthermore, they found users with fewer privacy and security concerns to have more confidence in using services at high risk of potential security and privacy breaches. They concluded that the privacy and security issues surrounding smartphone devices remains unseen by users and advised users to err on the side of caution when making decisions to install apps (Orjuels & Fife, 2012).

There is a large cost trade-off regarding the lack of knowledge concerning smartphone user’s security and privacy behaviors. Specifically, users appear to have limited knowledge regarding what they are doing when installing a security application. Furthermore, users appear to have little to no understanding of what the app requires regarding accessing information and data from the device and how this data may be stolen. Smartphone users also appear overconfident in their abilities in their control over smartphones and have no understanding of the privacy and security implications of these actions (Orjuela & Fife, 2012).

The current study endeavors to address this gap by investigating the privacy and security concerns of smartphone users using eight mobile security apps. Specifically, the current study will employ a novel visualization technique based on Kelley, Breese, Cranor and Reeder’s (2012) food labelling technique to investigate user’s willingness to install application based on their perceptions of security and privacy.

2.1 Nutrition labels

Kelley et al. (2012) developed a nutrition labelling technique which can be used to demonstrate the importance of information security. Specifically, this technique was developed in order to simplify information provided to consumers as much possible to assist in their decision-making processes. Furthermore, the visualization technique was designed to cater for low literacy rates and the needs of the elderly population in America. This technique included defining a zone of authority, providing quantitative information about nutrients, defining minimum font sizes, and standardizing labels across products by providing defined serving sizes based on percentages of suggested daily amounts. Kelley et al. (2012) conducted an online survey in 2007 with over 800 people, and found evidence suggesting that consumers usually lack understanding of the information presented in privacy policies and do not enjoy reading them.

Nutrition labels can assist users in understanding the security and privacy measures often associated with a product. Specifically, Kelly et al. (2018) found that consumers preferred nutrition labels that included more information. However, studies have shown that including more information is not always beneficial. Specifically, studies conducted to examine the impact of NLEA have found consumers who are educated and motivated to investigate nutritional information benefit the most from nutrition labels. Another study found nutrition information to have the greatest impact on decision making when there was a limited number of items from which to make a selection. These findings suggest that nutrition labels make it easier for consumers to compare between a small set of items, allowing consumers to benefit via informed decision making. Specifically, nutrition labels impact consumer decision making, with user-reported effect sizes increasing by up to 48% after the initiation of NLEA. However, for most studies, the effect of the nutrition labels is small. Furthermore, most research has focused on specific nutrients (e.g. fat intake) or specific products (e.g. salad dressings). Currently, there appears to be no controlled studies that measure the impact on nutrition labels on consumer behaviors over an extended period of time.

In the current study, nutrition labels will be used to enable consumers who are currently employing privacy measures in a smartphone application to understand how information collected from their device will be used in the simplest way possible. As data collection from users is a complex process, we will use nutrition labels to assist in understanding the process. As shown in Figure below, nutrition labels include an ingredient list and allergen statement, which are typically ignored by consumers. Nutrition labels enable consumers to determine the legitimacy of the product and allows consumers to understand what the product offers when consumed. If mobile security apps display information similarly to an allergen statement, users will be able to determine what personal data is required upon installation.

Abbildung in dieser Leseprobe nicht enthalten

Figure 7: Sample Nutrition Labels

2.2 Usability

Many smartphone users use security mobile applications. By using such applications, users allow the application to access their data, posing the question can a user allow their data to be accessed in exchange for the service of an application?

Several studies have explored users’ comfort whilst using mobile applications. Findings suggest that users are not always comfortable with their data being transmitted to third parties. Vitopika et al. (2018) found “measuring the effect of the app, whether the app is on screen and the resource on whether users grant or deny resource access”. Wijesekera et al. (2012) found users were more likely to grant access to personal information when the request occurred when using the app. Furthermore, Vitopika et al. (2018) studies the resources users expect apps to access as they interact with the app (i.e. on startup, after a button is clicked, when no interaction is shown). Users were found to expect resources directly after a related interaction (i.e. camera is accessed after pressing a button labelled “take a picture”) but did not always expect access to features not tied to an interaction (Vitopika et al., 2018).

Many smartphone users are uncomfortable with mobile applications accessing and using their data. However, users appear comfortable when they know where the data is being collected from and where it will be stored. Specifically, what part of their personal information will be shared and with whom it will be shared. User’s comfort can be enhanced by stating which parts of their data will require access before installing any mobile application. Through using nutrition labels, customers will be able to make better information opinions before installing mobile applications.

2.3 Contextual data

Research conducted by Fotolia (2019) suggested that smartphone applications typically rely on contextual data. For example, they may require the geographical location of the user, which will then be transmitted to the cloud for analysis. This is a concern, as smartphone applications typically request users to grant access to their data, without them being fully aware of what data they are accessing, and what they are doing with it.

Mobile applications can always identify the precise location of an individual and the conditions which are currently being experienced in the given area. Fotolia (2019) suggested that many mobile applications collecting such data rarely have use of the data and are just analysis the data for their own good. Specifically, Fotolia (2019) suggested that if an organization does not do anything with the contextual data collected, that data is essentially useless. The current state of mobile security is concerning and there appear to be several components that require addressing in order to make online data secure. Application development should always consider the confidentiality, availability and integrity of data. However, some companies overlook these key components when rushing to release the application.

These findings suggest that companies are able to access and use contextual data to improve their services. For example, they can use user data to identify how their sales occur. Whilst this data is important to companies and may inform their marketing strategies to increase sales, it is equally important that the data is collected and stored in a secure place. It is imperative that data is stored securely so that subscribes cannot in any way be harmed via this data collection process.

Some smartphone applications collect data from individuals and use that data to entice mobile application users to download mobile security software for the particular device. For example, an individual with a popular device model may receive ads targeting that particular product (e.g. “You are using an X phone. This mobile application suits you and will make your data safe”). Such tailored advertisements make customers vulnerable to sharing their private data by installing such applications.

3 Research Model

3.1 Security and Privacy Invasion Levels: Computing and Visualizing

Contextualized approach shows each application feature separately and includes the specific privacy facts they grant access to on their mobile device (for example camera or microphone). Contextualized approach is designed to help users understand the trade-off between the security feature they will be able to use and what type of access they will grant to their mobile by using that specific feature.

We will explain how we have calculated the levels of security and privacy invasion of security apps and describe the visualization of these aspects and how contextualized approach has helped us to improve the overall results.

3.2 Security Score Computation

Security score was calculated using data obtained from AV-COMPERATIVE’s 2018 reports which was taken from the previous essay done by Chassidim.et al (2018). Firstly, we calculated the importance feature by counting the number of times the feature was present in the security application:

Equation 1: Importance per category

Abbildung in dieser Leseprobe nicht enthalten

For each feature, security category for each security application was counted as either present (1) or absent (0). The count was then normalized by dividing by the total number of features present in each security category (e.g. anti-theft, anti-spam).

Equation 2: Security category score

Abbildung in dieser Leseprobe nicht enthalten

After calculating a score for each security category, we calculated the overall security score by averaging the scores by the number of security categories:

Equation 3: Security scores

Abbildung in dieser Leseprobe nicht enthalten

As a result, we obtained an overall security score for each mobile security app. Each application contained six categories, with the popularity of the considered features within each category being among the eight evaluated apps found in the av-comparatives.org report.

3.3 Privacy Invasion Score calculation

In order to develop a privacy invasion score, we quantified the amount of data collected (e.g. collected everything, not collect) and the type of access (e.g. view, edit) requested, of the eight security applications. Often, security applications may request access to sensitive or personal information (e.g. high-granularity, location data, contact list) to access a particular feature of a mobile application or for advertising purposes. To model the actual settings of the mobile security applications’ data permissions, we employed real data from Google Play. We measured the requested permissions for each of the following data categories: (1) In-app Purchases; (2) Device & App History; (3) Network Settings; (4) Identity; (5) Contacts, (6) Location; (7) SMS; (8) Calendar; (9) Phone ID; (10) Photos/Media/Files; (11) Storage; (12) Camera; (13) Microphone; (14) Wi-Fi connection info; and (15) Device ID & Call info. It is important to note that for most data types, more than one permission exists. Moreover, some permissions can only be viewed (e.g. location) while others can only be edited (e.g. photos/media/files). We assigned each permission one of the following weights depending on its privacy invasion level: 0 - when the permission is not collected; 1 - when the permission is collected and is readable; and 2 - when the permission is collected and is editable.

Next, in order to simplify the presented information, we assigned each permission category a final privacy intrusiveness value based on the maximum value observed in the relevant category. If at least one permission out of the whole category (e.g. contacts) was editable, then the whole group (i.e. contacts) was characterized as editable.

Subsequently, we computed the privacy invasion scores whilst considering the number of edits, views and ‘not collecting permission’ types. Please note that out of the 15 categories, 3 were the same for all the apps (i.e. Storage, Wi-Fi and Device ID), therefore they were excluded from the computation. Moreover, 7 categories were able to take the value of edit, while the maximum invasion for 5 categories were either viewable or did not collect any data.

The final privacy invasion score per application was calculated with the following formula:

Equation 4: Privacy invasion scores

Privacy Invasion Score = w1 × Edits + w2 × Views

Equation 5: Feature presents or not

where Feature Presence={1,When present 0,When non-present

3.4 Visualizing Security Levels and Privacy Invasion Levels

In order to quantify the role of security and privacy features on users’ intentions to install smartphone security apps, we simplified how we displayed this information. Specifically, we presented each application to the users in a way that clearly described the level of security and of privacy intrusiveness. For example, we displayed how many permissions, and what permissions, the security application required to access (i.e. collect, read, edit).

Our design is inspired by the work of Kelley et al. (2012), who tested different ways of presenting the privacy intrusiveness information of several applications in Google Play. They found the “privacy facts” display for requested data permission assisted users towards more privacy-aware decisions when installing mobile applications. Therefore, we are employing the same technique by including three icons, including: (1) not collecting; (2) can view; and (3) can edit. Icons will be allocated to categories based on computed privacy scores. We will also extent the concept of “privacy facts” to the security domain and will introduce the “privacy facts and security features” mock-up which will present intuitive information regarding the level of privacy intrusiveness and the security scores of several mobile applications. Security will use two modalities: (i) shape; and (ii) color, to express the notion of (i) non-existence 8 of a feature; (ii) basic; (iii) advanced; and (iv) high. Each category will be mapped using the quantile range of security score.

The design of the security labels is based on the data visualization theory that shows encodings with icon shapes to be more effective at communicating risk and may even improve users understanding of risk involved with installing the application (Kelly et al., 2013). The color-in-context theory, which exploits the strong link between color and psychological reasoning, was also employed to enhance our communication with users. For example, the default meaning of red signals danger and issues warning message requesting user’s attention, whereas green represents safety. The levels of security employed in the current study represent real application level distribution (e.g. there are no apps offering high security and low privacy invasion) and included two pairs for each category: (1) low; (2) medium; and (3) high. For privacy we have two pairs for the low category, three pairs for the medium category, and one pair for the high category. For security we have two pairs for low, medium and high categories. Whilst for privacy we have two categories for low category, three for medium and one for high.

3.5 Method 1: App ranking prior to the 2018 change

The method used for the current study was based on Perentis et al. (2018) research. Details of the methodology can be found in Perentis et al's (2018) paper.

3.5.1 Methodology of privacy and security attributes invasion levels

The current study tailored Kelley et al’s (2012) food labelling technique to allow participants to view applications with basic and high levels of privacy invasion. If a certain application required users’ permission resulting in basic privacy invasion, the application was considered generally secure to use. However, if the application required users’ permission that made the device vulnerable, and had a high risk of privacy invasion, then the application was considered to be a security risk.

The food labeling technique (Kelley et al., 2012), as shown in Figure 8, was used as an indicator of privacy invasion for particular applications. We adapted this technique and used symbols to indicate if application features were secure and if there was any risk of privacy invasion (Mercer, et al., 2013).

Abbildung in dieser Leseprobe nicht enthalten

Figure 8: Example of Nutrition Facts Using Food Labeling Technique

Nutrition labels are one way of showing data visually. In the current study, it enabled us to visually display privacy invasion and security safety features for antivirus applications, as shown in Figure 9. Furthermore, it allowed us to display antivirus applications on smartphones with relative descriptions regarding their security level and privacy invasion level and indicate what access each feature requires.

Abbildung in dieser Leseprobe nicht enthalten

Figure 9: Example of Privacy and Security Labels Using Food Labeling Technique

Table 1: Categorization of Different Applications Based on Privacy Level for App Ranking Before 2018

Abbildung in dieser Leseprobe nicht enthalten

4 Methodology

The current study incorporated eight antivirus applications which were split into four distinct categories, as shown in Table 1. These categories include: (1) low security and low privacy invasion; (2) low security and high privacy invasion; (3) high security and low privacy invasion; and (4) high security and high privacy invasion. Each condition contains a pair of antivirus applications. Low security and privacy invasion scores included antivirus applications with results below 0.75, and high security and privacy invasion scores included antivirus applications with results above 0.75.

Criteria for Privacy Invasion for Low-High Security Scores

Table 2: Application couples’ categories

Abbildung in dieser Leseprobe nicht enthalten

4.1 Method 2: App ranking after 2018 change

4.1.1 App permissions on Android 7 & 8

Android smartphone users can navigate to application permissions via settings, as shown in Figure 10. Users can allow or deny access for certain applications within app permissions for specific features. Users are often faced with the choice of providing an application access to specific features (e.g. GPS location, camera) upon installation. However, users may deny these requests. Some applications cannot run without access to these features. For example, antivirus applications require internet access in order to access the devices folders and files, nd to update the application (Kammer, 2009).

Abbildung in dieser Leseprobe nicht enthalten

Figure 10: List of Different Permissions Assigned to Different Application

Understanding how and when to request a user’s permission to access device features is critical to building better apps. If applications ask for unnecessary permissions, there’s a clear chance the user will deny the request. Similarly, if you ask for permissions upon installation, users may get annoyed and select the ‘don’t ask again’ box. Therefore, the timing of asking user permissions, and providing the right information in relation to the permission, is imperative. Applications should only request permission when they require it, and should explain why the application requires the data, to encourage user permission. Likewise, it is always better to provide the user with information regarding permission and the given scenario as to why the permission is mandatory for both the user as well as the developer. When looking at application installations after the 2018 update (Android 8 and above), the changes are on a need to know basis. This means the app will only ask for permission for the specific resource on the device it requires. Contrary, Android 7 would request user permissions when installing the app (Kammer 2009).

If a user with an Android 8 smartphone agrees to the Privacy Policy whilst setting up the device, the user will skip the entire process of having to provide access for each resource and does not display the permissions granted in order to access the application. However, if you would still like to view permissions, you are required search for the application in the Google Play Store (Shabtai, et al., 2010).

4.1.2 Viewing all the permissions in a mobile app

To access a smartphones app permission list, users need to scroll down to the bottom of the application explanation. They may then access the app permission list by selecting see more under app permissions at the bottom of the page.

Abbildung in dieser Leseprobe nicht enthalten

Figure 12: How to Check List of All Permission for Android Application

4.1.3 App permissions list

The permissions required by applications are often buried deep within one’s smartphone and does not always allow user to change default or previously set permissions. By default, Google Play manages all installations, often leaving users usable to revert an application to previous format where they may have had the ability to manually choose what permissions they agree to upon installation (Shabtai, et al., 2010). This has both positive and negative effects for users. Specifically, installing an application onto a smartphone without the ability to control what access and permissions users are providing may comprise the security of a device, and as a consequence may result in negative consequences such as identify and credit card theft, password theft via keyloggers, and allowing companies to locate you via GPS. Furthermore, these negative aspects compromise users’ rights to privacy (Kammer, 2009). So, should you give up your privacy and security for comfort? Whilst this is a heavily debated question, many prefer a mixture of both; having easy access to an installation menu that clearly explains the features of your device requiring access upon installation.

The following ranking of the app is based on features and optimal performance of the application. The data mentioned in the above chart is also useful in this regard. The rankings of the protective apps presented on the Google Play store (Faruki, et al. 2013) are shown in Table 3. The results are based on an experiment ran on 60000 Android smartphones testing antivirus applications.

4.1.4 App security score calculation and privacy score calculation and graph of distribution android 2018

Table 3: Comparative and MRG Effitas Score Calculation

Abbildung in dieser Leseprobe nicht enthalten

Scales Used for Table: Average test scores ranging from 0 (non-existent) to 6 (the best), features: 1 existent 0 nonexistent.

Comparative report: Scale refers to virus detection conducted in real time protection, conducted by the average comparative reports team.

Table 4: App Ranking

Abbildung in dieser Leseprobe nicht enthalten

4.1.5 App security score calculation and privacy score calculation and graph of distribution Android 2018

Figure below shows the security software calculations based on the equation 5.

Abbildung in dieser Leseprobe nicht enthalten

Figure 13: Security Category and Security Software Score Results of Different Applications

As shown in above Figure, we will be assigning a score of 1 if a feature is present, and a score of 0 if it is not present. We will then divide this score by the total number of features in a category. After calculating the importance, we calculated the security score.

After the security category has been calculated, we take the total security category and divide it by the number of security categories which exist as per the article after we have removed all the elements, we are left with 7 elements hence why the formula is divided by this number to get the security software score. Privacy score calculation was calculated using the equation 4 formula.

Figure 13 below contains a detailed list of all requirements for the privacy score calculation.

The most important thing to note is that we depend on w1 and w2, we are required to identify the total number of edits/ views and provide a score of, they receive 1 if they have edit/view, and 0 if none.

In a separate column, we took the total count of each value, then multiplied the total column where we have edit as it says by the formula explanation, we write 2 for when the permission is requested & is edit type and 1 when the permission is read only type and 0 when permission is not requested.

After this we divide the view types by 5 as it says maximum number of invasion for 5 categories can be view or not collecting, and we divide edit by 14 as explained by the formulas we have a 14 total for edits categories we then do a sum of both numbers we got after dividing has been done, to get total number and divide that number by 2 to get the privacy score for the application calculation.

Abbildung in dieser Leseprobe nicht enthalten

Figure 14: Privacy Score Results for Different Application

Figure below contains the companies in which we have calculated privacy invasion and security scores. Please note, C & I received the same values, hence why it appears to be missing. Companies received scores above 0.75 represent high privacy and security, and levels below 0.75 represent low privacy and security.

Abbildung in dieser Leseprobe nicht enthalten

Figure 15: Privacy Inversion Set of Different Applications

4.1.6 Visualization

In order to demonstrate the role of security and privacy on user’s willingness to install antivirus applications, we presented each application in a way which illustrated the app’s levels of security and privacy invasion. Specifically, symbols were adapted from Kelley et al’s (2013) research, and illustrated whether the application had view, edit or no permissions:

Abbildung in dieser Leseprobe nicht enthalten

Figure 16: Application privacy level bar

In an image which we will show later, privacy facts which represent the device’s different components which we grant access to such as: Camera, Microphone etc.

The privacy facts will be used for security levels area and to introduce security features and privacy facts where we introduce new information of level of privacy invasion and security of mobile security applications. We will use shapes and colors to express different security levels and use the following images as the basis:

Abbildung in dieser Leseprobe nicht enthalten

Figure 17: Application security level bar

The aforementioned categories were mapped using quantitate ranges of security score. The design is based on the pilot study which asked eight participants to select icon shapes and colors to improve our understanding of risks involved, and color in context theory; to show the link between color and psychological effects to communicate the information to the participants. For example, a red triangle means danger and/or warning, whilst the green circle with a tick indicates a safe environment.

4.1.7 Color visualization psychological effects on the human behavior

Warning messages are a way of communicating risks to users or consumers. For instance, tobacco companies inform users about the health risks affiliated with smoking via warning labels provided on cigarette packets. These warnings are often ignored; it could be due to design issues like inappropriate colors and font, or it could be due to lack of technical skills, general knowledge about the meaning of terms or symbols.

Users often decide to use a certain program based on several factors. Research shows successful communication regarding risks will greatly benefit users. If things like design, beliefs and message content are considered, communication can be influenced, and frequency of actions will decrease if sanctions are used. User’s attention can be grasped through simple visual displays (e.g. font size, color and graphics). Whether a user will ignore a warning message also depends on factors such as duration of warning messages and user’s ability to understand the risk.

Capturing user's attention and conveying possible risks in an efficient way should increase compliance and enhance decision making. Trust is another factor associated with warnings. Specifically, if users trust a website, they are more likely to ignore warning messages. Duration of use also impacts the user's responses to warnings. For example, if a user repeatedly uses the same software, they're more likely to pay attention to different aspects of that software and if they continuously notice risks, they might abandon the software. A Kaplan Meir survival curve, which is a popular method for analyzing the probability of survival at certain points of time, was used to estimate survival of lifetime data. Each participant was characterized by duration, status and warning type at the end of the event. Among 1,250 events, 64% of users decided to continue using the software and only a few stopped using app for the first time. Around 90% of participants continued the study at the second follow-up. The rate of users significantly decreased by almost 3 times, suggesting that the more often a message appears, the less likely users are to miss the warning messages and ignore it (Silic, Silic & Oblakovic, 2016).

Research shows different colors can influence affect consumer’s decisions. Selection of colors highly depend on a user’s culture and environment. For instance, in the US, red is more effective compared to yellow, whereas in Indian culture, yellow is more effective than yellow. This is why red is used in the US and yellow is used in India for warning signs. Grey and blue are found more appealing in e-commerce, and warning message designers should be mindful to apply appropriate colors that best communicate messages to end users. Color appeal is a significant predictor of perceived risk and behavioral intention to comply with a warning message, there it is important in anticipating a user's behavioral intention. Color is also an important design element that strongly impact user’s actions and behaviors. Users typically pay more attention to a warning sign if they find it well designed and easily informs them about potential hazards. Warnings are also useful in organizational contexts as they allow employees to stay informed and of risks (Silic, Back, Cyr & Holzer, 2017). Colors have fascinated scholars for years as 1,810 colors are attached to warmth and excitement (i.e. red to warmth and yellow to excitement). Colors are also attached to many psychological functions. In order to understand how colors, affect people, Eliot proposed a context theory drawing on social learning and biology. Colors have different meanings, for example red may be linked to romance or danger, but it is also extreme. For example, red signifies dominance, advantages in sports or love. An image of a lady drawing her lipstick in red will attract much more attention from men. It’s impossible to know what precise combinations of color are required to have strong effects, but it has been shown red influences both behavior and perception. Other colors have different effects. For instance, blue store logos increase quality and alertness, and activity during attention-based tasks (Elliot, 2015). Additional research suggests that color affects our cognitive skills. For example, stopping at red light affects our cognitive system and perception, as well as psychological values. Many studies have focused on the impact of different colors in website designs and warning messages on computers to prevent users from hurting themselves.

Warnings are necessary to deliver information about hazards and reduce negative outcomes. Research shows users who often ignore warnings are less likely to ignore a red colored warning, due to the effectiveness of red. There are few studies in which researchers tried to understand if red is really the most efficient for computer warnings.

Three factors affect communication processes: (1) input for communication process values and norms with emphasis on cultural communication; (2) cognitive affective process of communication; and (3) communication impact on action and relationship. Form of message and communication medium also shape the outcome from corresponding color of application. Different colors will have different influences on user behaviors. For example, white is linked to behavioral intention in online shopping, red is associated with danger and hazards, and may trigger avoidance to risk adverse behavior. Red is most efficient in delivering messages and informing individuals about risks and information, and end users are more likely to pay more attention to it.

Previous research removed the color from cigarette packets and displayed health warnings on white packets. Results found people were more likely to recall specific warnings and pay attention to it. Different color applications during first exposure will have higher or lower impact. Red is the most effective for deterring users on first appearance of warning messages, whist blue doesn’t evoke such a positive effect on first appearance it is good in the long run or on the fifth or sixth occurrence (Mario Silic, Dario Silic, Oblakovic, 2016).

Different experiments have been conducted to explore the effectiveness of color and found white and yellow to be linked with sincerity, red to be linked with excitement, and blue to be predictor of competence. We argue that theories of text and graphic comprehension and theories of multimedia. Learning must acknowledge the influences that color has on human affect and motivation (Jacobson, 2016).

In conclusion, delivering messages via the use of colors can have different psychological effects. White color is the most natural and easiest to work with as it is easy to build over it and has a positive effect on creativity, red is good for first appearance and has the informative deliverance of information, and green represents safety, comfort and security.

4.1.8 Method 2 applications

Table 5: Categorization of Different Applications Based on Privacy Level for App Ranking After 2018

Abbildung in dieser Leseprobe nicht enthalten

4.2 Experiment Design

4.2.1 Pilot experiment Design

We ran a pilot study across four versions of antivirus applications. As shown below, each display included a low and a high version for two questions: (1) the application defends me from viruses; and (2) I will consider installing this application.

Abbildung in dieser Leseprobe nicht enthalten

4.2.1.1 Pilot Analysis

The pilot which we’ve conducted has been ran across 4 versions of designs of security score for each display which included a low and a high version for 2 questions:

Question 1: The application defends me from viruses – Perceived security.

Question 2: I Will consider installing this application – willingness to install.

The Survey has been conducted on the website: http://survey.idus.co.il/

There have been 6 participants where each participant which have been divided into 2 groups of 3 people each. group 1: has seen 8 total screens which included: 2 apps one of low app one of high category and 4 versions of each app 2 different apps have been shown to Group 2 which as well using same principle to test which version is best understood.

The cellular phone has become popular in recent years and is used daily for most of the day for various actions, while monitoring location, activities, and user behavior. As a result, many questions arise about privacy, data security and user’s willingness to install applications with different levels of permissions for personal information (e.g. location, camera, microphone, personal files). This study is a follow-up study on the factors affecting the willingness to use security applications. The present study examines the impact of contextual presentation of security-privacy. Specifically, what information is collected for specific security rather than a general summary as in the previous study.

4.2.1.2 The purpose of the research and the rationale

The purpose of the current study is to examine the user's perceptions and behavior when installing security applications based on how the data is presented. The balance between benefit and cost includes several aspects:

- Security of the wireless device and the information in it - the security subject while being aware of the security level and types of security services offered by the application.
- User privacy - expressed in the authorization of personal information on the cellular device (cost). Collecting personal information (such as location, and access to the camera) for the provision of security services.
- How data is displayed about the information collected (privacy features) and security services. Whether in a concentrated or contextual manner, i.e. what is collected for any security service?

4.2.1.3 Experiment setup

The system includes trial design and registration of participants including running and documenting the entire course of the experiment for future analysis. As shown in Figure below, the system was built in a generic manner, so the experiment manager could define the details of the participants which are required for the experiment questions as well.

The manager needs to fill the application fields and the applications according to the appropriate categories.

The experiment manager then selects the required experiment and provide the participants with a link for registration. In the next stage, a participant registers on the system and receives an email confirming their registration request. After the test administrator approves the registration, the participant receives an email with a link to enter the experiment. The participant enters using the entry details and answers the survey questions as described in the process in Figure below. All answers are saved onto the database and the participant receives a thank you message for their participation in the experiment.

Abbildung in dieser Leseprobe nicht enthalten

Figure 22: Experiment scenario description by experiment manager, participant and system

4.2.1.4 Population

The experimental system will be tested initially by six pilot participants to ensure that it was ready. Students attending college N = 24 represent users of Android mobile devices (mostly young people aged 20-40).

4.2.1.5 Tools

The experiment manager informed users about the experiment and instructed the participant to log onto the survey website (http://Survey.idus.co.il/Survey) for registration. The experiment manager then sent the participant a personal email confirming their registration and approval of their participation by the experiment manager, the user was then sent another email to enter and participate in the survey itself.

The questions in the experiment were divided into two types: (1) according to the specific application being presented; and (2) general perception questions. The study data was collected in SQL tables database and was then converted into EXCEL for CSV files. The data was then analyzed using various statistical operations to represent findings graphically. All data collected is stored through a secure connection of the survey website by the service of the college.

- The backend is registered in python + flask.
- Frontend: html, js, css
- Database: MySQL

4.2.2 Final Experimental Design

The current study was conducted online and showed users different randomized set of antivirus applications (4! =24) and asked for feedback on a scale of 1 (little to no extent) to 7 (to a great extent).

In the first part of the survey, users were shown four applications in an accumulated display and were asked to answer three questions regarding (1) their willingness to install an antivirus application; (2) the application defends me from viruses; and (3) the application collects too much information about me.

The second part of the survey contained 17 questions which are shown in the next pages. An overall security score was calculated based on seven categories and popularity of feature amongst 17 applications evaluated from the av-comparatives.org report. Calculation privacy invasion was done in previous sections as well and produced pairs for category low, medium and high.

4.2.2.1 Variables & Questionnaire

The model was built from 3 main dimensions:

1. Intervention variables
2. Perceptions and attitudes
3. Motivation (Norms, Experience, Knowledge, Beliefs)

The application collects too much personal data about me – perceived privacy invasion:

Is used to check the amount of information collected by an application by different applications on smartphone devices, using the contextual and accumulated displays we will see in which the amount of privacy invasion which is represented by perceived privacy.

This means how a user perceives that an application is having higher privacy invasion onto their device the higher the privacy is invasion it’s meaning more information is exposed to different applications which have higher privacy invasion rate to the device.

The application defends me from viruses – perceived security :

Is used to check the protection of the device against harmful malware and backdoors penetrations by having different security antivirus applications on smartphone devices.

Using the contextual and accumulated displays we will be able to determine the amount of protection a mobile smartphone antivirus application is granting for the device – Perceived security which is used to represent how good users believe an application is protecting them against harmful malware and viruses.

I will consider installing this application :

Is used to check the willingness to install an application on the mobile smartphone after accounting different factors such as the perceived privacy invasion and perceived security.

1. The higher the willingness to install it means the more users will want to install an application on the device and give more confidence about the antivirus application which is checked.

We used 20 questions to represent the aforementioned three dimensions. The variables referring to motivation and general attitudes are confounding variables.

Experience

Abbildung in dieser Leseprobe nicht enthalten

Results of privacy and security are affected from decisions from previous research papers control variables (experience, knowledge, beliefs and norms about engaging in the behavior).

Questionnaires were administered to participants via an online website built specifically for this study by a student with a bachelor’s degree as per Dr. Hadas Hassidim’s requirements. Individuals who registered for the study were asked to include their past knowledge upon registration, what they’re studying, their age and full details. User Stories, requirements and processes for the experimental system.

Table 6: General questions summary table

Abbildung in dieser Leseprobe nicht enthalten

Table 13 shows description of the dependent and independent variables. We investigate the role played by the actual security and privacy invasion levels of the apps as well as by the perceptions of the users, the attitudes and the motivation consisting of beliefs, self-experience, knowledge and social norms.

4.2.2.2 Participants of final experiment

Twenty-four participants were included in the final experiment, of which 21 were male and 3 were female. All participants were aged between 21 and 32 years. Therefore, most of the participants fall into the age range that widely uses applications and installs mobile security software. 83% of the participants were found to be using security application on their mobile phones. Of which, 62.5% of participants answered that they did not possess any security knowledge. All the participants were students of the SCE Academic College of Engineering.

4.2.2.3 Data analysis

To analyze this data, we used the Average function and CLM analysis to construct a more detailed analysis of the combined results of both techniques and to introduce the results via detailed graphs for further explanation of the models.

The First part of the experiment has included a display selection:

a. Contextual display applications – meaning many screens shown to the user for each application depending on security feature quantity
b. Accumulated display applications – meaning a single screen with all permissions and security features.

In a random order for each participant (4!=24) combinations totally for all 24 participants so all participants have seen all the 8 applications in different combinations each, and after it part 2 which included 17 questions which was split into 4 categories(knowledge, experience, norms and beliefs) has been asked and analysis was done for all parts only due to lack of difference in results in the second part it was not possible to conduct an LMM or Anova tests to test the part 2 analysis other than an average analysis.

Independent Variables

The independent variables in this study are: (1) security level; (2) privacy level; (3) and display type. Display type was measured on a binary scale, with 0 representing antivirus applications displayed contextually, and 1 representing applications displayed in an accumulated fashion. Security and privacy levels were calculated based on each applications privacy and security properties, which were calculated to provide a total score for each security application (Appendix 1). Scores over 0.75 were then recoded as 1 (high) and scores below 0.75 were recoded as 0 (low). For continuous variables, a correlation analysis was used to confirm whether the binary variables, security and privacy levels, shared a relationship with security and privacy scores. Specifically, we wanted to confirm whether low security and privacy levels corresponded with low security and privacy scores, and high security and privacy levels corresponded with high security and privacy scores. Results found a large, positive, significant correlation between security levels and security scores, r = 0.756, p < .001, and between privacy levels and privacy scores, r = 0.784, p < .001. This confirms that the coding of security level and privacy level are adequate in reflecting low and high scores.

Dependent Variables

The dependent variables in the current study are: (1) intention to install a security application (2) perceived privacy invasion; and (3) perceived security. Each dependent variable was measured on a 7-point Likert-type scale, with responses ranging from 1 (little to no extent) to 7 (great extent). Total scores for every Antivirus application were created by averaging scores across 6 factors. These factors include: (1) anti-malware; (2) anti-spam; (3) anti-theft; (4) authentication; (5) parental-control; and (6) backup-monitoring.

Data preparation

SPSS (Version 23) was used for initial data preparation, assumption checking and analyses. Descriptive analyses were used to identify any potential outliers, out of range values, and missing data values. No out of range values, outliers or missing data values were detected. Shapiro-Wilk’s test of normality suggests that we are unable to reject the hypothesis that the sample comes from a normally distributed population, thus rejecting the assumption of normality. Therefore, perceived security, willingness to install, perceived privacy invasion, security score and privacy score were not normally distributed. The central limit theorem suggests that the distribution of a sample approximates a normal distribution as sample size increases, irrespective of the population distribution shape (Field, 2013). Therefore, due to our relatively large sample size (n = 192), normality was assumed in accordance with the central limit theorem.

4.2.2.4 Experimental Design

The experiment is a web-based system that can be run in three modes:

a) Accumulated – Traditional display which has a display based which includes all security features in a single display as shown in following image sample:

Abbildung in dieser Leseprobe nicht enthalten

b) Contextualized – This is the new method of display which includes showing each security feature separately:

Abbildung in dieser Leseprobe nicht enthalten

c) both accumulated and contextualized

Each participant will be shown a figure and a series of question on their willingness to install the application on their device, 3 set of experiments will be available: one will include method 1, method 2 and a mixture of both methods.

The design which was chosen to be displayed for the students will be Red-Triangle it was selected based on the results of the pilot experiments.

The experiment will be conducted on twenty-four participants were included in the final experiment, of which 21 were male and 3 were female. All participants were aged between 21 and 32 years. Therefore, most of the participants fall into the age range that widely uses applications and installs mobile security software. 83% of the participants were found to be using security application on their mobile phones. Of which, 62.5% of participants answered that they did not possess any security knowledge. All the participants were students of the SCE Academic College of Engineering.

The 24 participants will be divided into 2 groups, each group will be asked separate questions based on the accumulated and contextualized displays.

After the participants have answered the questions there will be analysis prepared for the results of the experiment and conclusions based on the answers.

Each participant will be given 35 NIS or a Bonus score for their participation in the experiment and they will be required to sign a non-disclosure agreement for their participation in this experiment.

After which the participants will be presented with a series of questions which will be dependent on presented images after which they will be required to select the answers which they see most fitting the answer.

4.2.2.5 Non-Disclosure Agreement

A non-disclosure agreement is signed by each user from whom data is collected. Agreement form is available in appendix. (section 8.6).

4.2.3 Results

4.2.3.1 Pilot Results analysis

The interpretations are done in order to find the best version for antivirus design.

Table 7: Analysis of average values of each application version for question 1 and 2

Abbildung in dieser Leseprobe nicht enthalten

The average values of each variation are displayed in Table 14. In Q1, the highest scores for the best values are ClearX. In Q2, the highest scores for the best values is Red-Triangle. Overall, it appears that the ClearX version and Red-Triangle should be used according to mean scores and maximum differences between low and high values of each version.

Furthermore, a two-way analysis of variance was conducted to compare user’s perceived security and willingness to install for different design versions and application types. As shown in Table 14, there were four Design versions: (1) ClearX; (2) Red-Green; (3) Red-Triangle; and (4) RedX, and for four different applications: (1) J; (2) D; (3) K; and (4) C. The descriptive statistics for each of these applications and design versions can be found in Table 15, 16 and 17.

Table 8: Mean scores for Willingness to Install and Perceived Security by Application and design versions

Abbildung in dieser Leseprobe nicht enthalten

Table 9: Perceived Security and Willingness to Install by Designs

Abbildung in dieser Leseprobe nicht enthalten

Table 10: Perceived Security and Willingness to Install by Applications

Abbildung in dieser Leseprobe nicht enthalten

Perceived Security:

Levene’s Test of Equality of Error Variances was significant for perceived security, Levene’s (15, 32) = 2.19, p = .031. Therefore, we will use a more stringent significance value when interpreting the results of the study (p = .01).

There was a significant main effect for applications, F (3, 48) = 83.90, p < .001. The effect size was large (partial eta squared = 0.89). The main effect for design versions was not significant, F (3, 48) = 0.22, p = .883. The interaction between design versions and applications was not significant, F (9, 48) = 0.40, p = .925. As shown in Table 18, Post-hoc comparisons, using the Tukey HSD test, indicated that mean perceived security was significantly greater when viewing Application J compared to Application K and D. Furthermore, mean perceived security was significantly lower when viewing Application D, compared to Application C and J. Mean perceived security was significantly lower when viewing Application K, compared to Application J and C. Mean perceived security was significantly higher when viewing Application C, compared to Application D and K.

Table 11: Post Hoc Comparisons for Perceived Security by Application Type

Abbildung in dieser Leseprobe nicht enthalten

As shown in Figure 22, users were more likely to perceive Application J and Application C, which both had a high level of security, defend them from viruses, irrespective of design versions, compared to Applications D and K.

Abbildung in dieser Leseprobe nicht enthalten

Figure 23: Estimated Marginal Means of Question 1: Perceived Security

Willingness to Install:

Levene’s Test of Equality of Error Variances was significant for willingness to install, Levene’s (15, 32) = 7.47, p < .001. Therefore, we will use a more stringent significance value when interpreting the results of the study (p = .01).

There was a significant main effect for application, F (3, 48) = 148.67, p < .001. The effect size was large (partial eta squared = 0.93). The main effect for design versions was not significant, F (3, 48) = 1.33, p = .281. Furthermore, the interaction between application and design versions was not significant, F (9, 48) = 2.00, p = .072. As shown in Table 19, Post-hoc comparisons, using the Tukey HSD test, indicated that mean willingness to install was significantly greater when viewing Application J compared to D and K. Mean willingness to install was significantly lower when viewing Application D compared to J and C. Mean willingness to install was significantly lower when Application K compared to J and C. Mean willingness to install was significantly greater when viewing Application C, compared to D and K.

Table 12: Post Hoc Comparisons for Willingness to Install by Applications

Abbildung in dieser Leseprobe nicht enthalten

As shown in Figure 23, users were more willing to install Application C and J, which had high levels of security, irrespective of design versions condition, compared to Applications D and K.

Abbildung in dieser Leseprobe nicht enthalten

Figure 24: Estimated Marginal Means of Question 2: Willingness to Install

As the interaction between applications and design versions was not significant, and design versions was not significant, we did not run any further analyses to determine the best combination.

Conclusions:

Users are more likely to install an application that has high security. In the current study, application J and C demonstrated superiority over D and K in terms of increasing user’s willingness to install an antivirus application and their perceptions of security. As per mean scores, ClearX depicted the most amount of security risk for both questions. For perceived security, Red-Triangle and RedX demonstrated the highest mean values, and for willingness to install, Red-green. However, Design versions was not found to have a significant effect on users’ willingness to install or perceived security. Therefore, we are unable to draw any conclusions regarding the best design versions to use.

4.2.3.2 Final experiment analysis

Final Experiment Average Analysis

4.2.3.2.1 Part 1 Questions:

The questions in part one included: (1) perceived security (“the application defends me from viruses”); (2) willingness to install (“I will consider installing this application”); and (3) perceived privacy invasion (“the application collects too much personal data about me”).

As shown in Table 20, participants perceived applications B and D as the best defense against viruses, were more likely to consider installing these applications compared to any other applications and perceived them to collect too much personal information about them (Appendix x). The best results were found in applications B and D which had high privacy and low security.

Table 13: Part 1 analysis average summary table

Abbildung in dieser Leseprobe nicht enthalten

Table 14: Shapiro-Wilk’s Tests of Normality for Metric Variables

Abbildung in dieser Leseprobe nicht enthalten

Note: Shapiro-Wilk’s test tests the null hypothesis that the sample came from a normally distributed population.

Independent sample t-tests

Intention to install security applications. Participants were more inclined to install applications that had higher levels of security. Participants were more likely to install applications when programs were displayed contextually, compared to applications with an accumulated display.

Perceived privacy. Participants perceived privacy invasion to be higher when applications had high levels of security, compared to low levels of security. This could suggest that participants are unable to detect whether applications protect their privacy, or that high security is more important than privacy. Furthermore, participants perceived privacy invasion greater when programs were viewed contextually.

Perceived security. Participants perceptions of security were higher when applications had actual levels of high security, compared to those with low security levels. This suggests that participants are able to correctly identify antivirus applications with high levels of security. Furthermore, participants perceived security as greater when applications were viewed contextually.

Results of the CLM Models

Abbildung in dieser Leseprobe nicht enthalten

Note: * p < .001, ** p < .01, p < .05,

Willingness to install. Participants were more likely to install an antivirus application when they perceived the application to have a high level of security and a low level of privacy invasion. Additionally, they were more likely to install an application when the application was high in security and low in privacy invasion. These findings suggest that participants make informed decisions based on the privacy and security levels of applications before installing. Furthermore, results indicate that users are able to correctly identify applications with high security and low privacy invasion when making a decision to install an antivirus application.

Perceived privacy invasion. Participants were more likely to perceive that an antivirus application violates privacy when actual levels of privacy invasion were high, and perceived levels of security were low. Perceived privacy invasion levels were higher when users viewed the applications contextually. Furthermore, participants were more likely to perceive that an application violates privacy when they are less willing to install the application itself. These findings suggest that users are able to accurately identify applications that violate privacy. Specifically, their perceptions of privacy invasion correctly match the applications violations of privacy. Furthermore, users perceive applications that violate their privacy to have low levels of security. Users are less willing to install applications they perceive to violate privacy.

Perceived security. Users are more likely to install applications they perceive to have high levels of security. Interestingly, users perceive security to be higher in applications they perceive to violate their privacy. Furthermore, users are more likely to perceive security higher in applications viewed contextually. These results suggest that users make informed decisions regarding their perceptions of security when installing antivirus applications. However, users incorrectly perceive privacy to be violated, even when perceived security levels are high. This suggests that users are skeptical of how applications protect their privacy.

The full results for these analyses are in section 6.3 of the appendices.

4.2.3.3 Research Hypothesis results

Security and Privacy Perceptions:

1. How does perceived security for a specific security application effects user’s willingness to install the application?

Hypothesis: Higher level of security will increase the willingness to install the security application.

1. Accepted: Results found a small, positive, significant relationship between intention to install and security score, rT = 0.190, p < .001, suggesting that participants were more inclined to install applications that had higher levels of security
2. How does perceived privacy invasion for a specific security application effects user’s willingness to install the application?

Hypothesis: The higher the level of privacy invasion, the lower the user's willingness to install a security application.

Rejected: Intention to install and privacy level. An independent samples t-test was conducted to compare participant’s intention to install a security application for low and high privacy invasion levels. There was no significant difference in participants intentions to install applications with low (M = 2.80, SD = 1.69) or high (M = 2.41, SD = 1.80) privacy, t (190) = 1.53, p = .127

Security and Privacy Visualization:

3. How does security and privacy visualization properties influence user’s willingness to install a security application?

Hypothesis: The display of security features in the contextualized method increases the user's willingness to install a security application

Accepted: Note: ** p < .010

Intention to install and application display type. An independent samples t-test was conducted to compare participant’s intent to install a security application for different display types. There was a statistically significant difference in intention to install when programs were viewed in an accumulated display (M = 2.13, SD = 1.39) and contextual display (M = 3.08, SD = 1.95), t (171.58) = 3.92, p < .001. Levene’s test indicated unequal variances (F = 20.33, p < .001), therefore degrees of freedom were adjusted from 190 to 171.58. Intention to install was higher when programs were displayed contextually, compared to when viewed in an accumulated display.

4. How does privacy visualization properties influence user’s willingness to install a security application?

Hypothesis:

A. The higher the level of privacy invasion the higher the Perceived privacy invasion

Rejected: Perceived privacy invasion and privacy level (score). An independent samples t-test was conducted to compare participant’s levels of perceived privacy invasion for applications with low and high levels of privacy. There was no statistically significant difference in perceived privacy invasion between applications that had low (M = 4.15, SD = 1.82) and high (M = 4.36, SD = 2.19) levels of privacy, t (184.06) = -0.70, p = .482. Levene’s test indicated unequal variances (F = 6.84, p = .010), so degrees of freedom were adjusted from 190 to 184.06

B. The higher the Perceived privacy invasion the less a security collects information from the smartphone device

Rejected: An independent samples t-test was conducted to compare participant’s levels of perceived privacy invasion for applications with low and high levels of privacy. There was no statistically significant difference in perceived privacy invasion between applications that had low (M = 4.15, SD = 1.82) and high (M = 4.36, SD = 2.19) levels of privacy, t (184.06) = -0.70, p = .482

Security and privacy correlation:

3. How does correlation between privacy level and dependent variable perception of privacy?

Hypothesis: Privacy invasion perception are positively correlated with the levels of privacy

REJECTED: Perceived privacy invasion and privacy score: There was no significant relationship found between perceived privacy invasion and privacy score, rT = .076 p = .160

4. How does correlation between security level and dependent variable perception of security?

Hypothesis: Security perception are positively correlated with the levels of security

ACCEPTED: Perceived security and security score: Results found a small, positive, significant relationship between perceived security and security score, rT = 0.265, p < .001.

Table 15: Table includes best results for each of the results for the three questions and difference.

Abbildung in dieser Leseprobe nicht enthalten

4.2.3.3.1 Part 2 average analysis:

Table 16: Summarized results normalized values for part 2 questions

Abbildung in dieser Leseprobe nicht enthalten

Figure 25: Part 2 four categories comparison chart

Experience: as per Average analysis half of the participants have answered 0.428 and half answered 0.5 meaning half of the participants read about misuse of information collected from the Internet which was the strongest indicator.

Norms: all participants have answered 0.38 meaning that all my friends think I should install, or I think I should do what my friends want to a medium level.

Beliefs: Most of the participants have answered around 0.32-0.38 meaning that most of the participants have little knowledge of safeguards from financial losses and have little confidence in mobile antiviruses.

Knowledge: more than half of participants have answered that they know antivirus is software to protect from viruses and sim helps increasing privacy and more than half said they don’t make sure antivirus updates itself regularly or use password to lock their screens.

Graphs for all these 4 categories can be found in section 6.3.4, Note: only an average analysis was possible due to similar results which showed no significance hence it was not possible to run any other tests on these results.

5 Discussion and Conclusions

The current study compared the effects of antivirus applications that used a traditional, accumulated approach (a single screen display) to display privacy and security information, and an innovative contextualized approach, which displayed each security feature separately and included privacy per feature.

The current study also analyzed factors influencing user’s willingness to install mobile security antivirus applications, including the role of perceived privacy and security, knowledge, social norms and experience. Additionally, real privacy invasion and different security features of real different mobile antivirus applications were included.

Participants in the current study provided consent via a consent form with privacy frameworks like GDPR [European Union, 2016]. After participants demonstrated awareness and understanding of the current study, they completed a survey.

Smartphone users demonstrated a tradeoff between security and privacy. We used accumulated and contextualized displays of privacy and security for each antivirus application to demonstrate this tradeoff, which allowed us to show users willingness to install an antivirus application.

Prior to commencing the study, we conducted a pilot study using four versions of applications. Results found the Red-Triangle version to be the best option and was subsequently used as the basis for the study’s main experiment.

Participants in the main experiment were presented with antivirus applications presented: (1) using the traditional accumulated approach; and (2) using the new contextualized approach. These applications were randomly presented to participants for each antivirus category: (1) low security and low privacy invasion; (2) low security and high privacy invasion; (3) high security and low privacy invasion; and (4) high security and high privacy invasion.

We explored participant's willingness to install an application and other factors responsible for influencing their perceptions of privacy invasion and security. Results indicated that greater smartphone users place greater attention on security features rather than privacy invasion when exploring mobile antivirus applications.

Security levels had a positive effect on users’ willingness to install an antivirus application. Specifically, users were more likely to install an application when security levels were high. Moreover, privacy invasion influenced users’ willingness to install an application. Specifically, users were more likely to install an application when it had high levels of security and low levels of privacy invasion. Applications which violated privacy were less likely to be installed by users. Whilst some tests demonstrated that users expressed a willingness to install applications with high security levels and privacy invasion levels, installation rates were higher amongst applications with low privacy invasion.

The current findings suggest that users are willing to give up some of their privacy in exchange for high levels of security when installing antivirus software. Moreover, users typically use more antivirus security features than privacy features. Applications with high privacy invasions are also typically more secure (medium to high privacy invasion have been used more than the low security levels where there were similar rates).

Users were not afraid to trade their privacy for higher levels of security within antivirus applications. In the current study, the attitude of relinquishing privacy had a negative effect on users’ willingness to install an antivirus application. Users with previous technological experience demonstrated a greater understanding of potential privacy invasion and security issues. This increased user’s willingness to install an antivirus application.

Privacy is a concern for user’s who download antivirus applications on their smartphones. There are a number of different ways to prevent privacy violations. One of which is to minimize security risks within applications by scanning any application which has the potential to obtain too much person information from users. Any program identified will be removed to minimize risk. Another way is to manually remove permissions from different applications that do not necessarily require the requested information or are being unused by users. Nowadays, Google and other application developers are focusing on security and privacy and trying to improve these aspects to minimize user risk in each application they develop. The current study provides us with a deeper understanding of the security and privacy risks affiliated with antivirus software applications and provides solutions to increase security and privacy awareness.

6 References

1. Regulation, P. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council. REGULATION (EU), 679, 2016.

2. Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., & Wolf, C. (2011, May). Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In 2011 IEEE Symposium on Security and Privacy (pp. 96-111). IEEE.

3. Chintalaphani, A. R. (2017). Survey and Analysis of Android Authentication Using App Locker.

4. Faruki, P., Ganmoor, V., Laxmi, V., Gaur, M. S., & Bharmal, A. (2013, November). AndroSimilar: robust statistical feature signature for Android malware detection. In Proceedings of the 6th International Conference on Security of Information and Networks (pp. 152-159). ACM.

5. Firtman, M. (2013). Programming the Mobile Web: Reaching Users on iPhone, Android, BlackBerry, Windows Phone, and more. " O'Reilly Media, Inc.".

6. Friedewald, M., van Lieshout, M., Rung, S., Ooms, M., & Ypma, J. (2014, September). Privacy and security perceptions of European citizens: A test of the trade-off model. In IFIP International Summer School on Privacy and Identity Management (pp. 39-53). Springer, Cham.

7. Gomes, R., Immorlica, N., & Markakis, E. (2009, December). Externalities in keyword auctions: An empirical and theoretical assessment. In International Workshop on Internet and Network Economics (pp. 172-183). Springer, Berlin, Heidelberg.

8. Gostev, A., Zaitsev, O., Golovanov, S., & Kamluk, V. (2011). Kaspersky Security Bulletin. Malware Evolution 2010. Kaspersky Lab (April 2009), 5.

9. Jeon, W., Kim, J., Lee, Y., & Won, D. (2011, July). A practical analysis of smartphone security. In Symposium on Human Interface (pp. 311-320). Springer, Berlin, Heidelberg.

10. Kalra, M. (2016). Security Ads in Mobile Apps. In International Journal of Engineering Research and Applications, (pp. 1-4).

11. Kammer, D., & Combs, R. (2007). U.S. Patent Application No. 11/634,371.

12. La Polla, M., Martinelli, F., & Sgandurra, D. (2012). A survey on security for mobile devices. IEEE communications surveys & tutorials, 15(1), 446-471.

13. Leavitt, N. (2011). Mobile security: finally, a serious problem? Computer, 44(6), 11-14.

14. Micro, T. (2013). Mobile security.

15. Norouzi, M., & Parsa, S. (2014). Verification of the Protection Services in Antivirus Systems by Using NuSMV Model Checker. International Journal in Foundations of Computer Science & Technology, 4(5), 57-67.

16. Pramod, D., & Raman, R. (2014). A study on the user perception and awareness of smartphone security. International Journal of Applied Engineering Research, ISSN, 0973-4562.

17. Randall, N. (2004). PC Magazine's Windows XP Solutions. John Wiley & Sons, Inc..

18. Sammons, J., & Cross, M. (2016). The Basics of Cyber Safety: Computer and Mobile Device Safety Made Easy. Elsevier.

19. Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., & Glezer, C. (2010). Google android: A comprehensive security assessment. IEEE Security & Privacy, 8(2), 35-44.

20. Thuraisingham, B. (2005). Database and applications security: Integrating information security and data management. Auerbach Publications.

21. Zaitsev, O. V., & Denisov, V. I. (2013). U.S. Patent No. 8,370,939. Washington, DC: U.S. Patent and Trademark Office.

22. Avira Antivirus (Version 10) [Computer Software]. (2010).

23. iYogi. (2017, July 7). How to schedule automated PC scans using Avira® Antivirus. Retrieved from https://vimeo.com/13039727.

24. Pries, K. H., & Dunnigan, R. (2015). Big Data Analytics: A practical guide for managers. Auerbach Publications.

25. Mishra, S. M. (2015). Wearable android: android wear and google fit app development. John Wiley & Sons.

26. Shipley, T. G., & Bowker, A. (2013). Investigating internet crimes: an introduction to solving crimes in cyberspace. Newnes.

27. Knights, K. (2001). Strategic planning in public relations: A practical guide. Thorogood.

28. Stacey, N. G. (1999). Competence without Credentials.

29. Tencent We Secure [Computer Software]. (2017).

30. Chapple, M. J., & Seidl, D. (2017). Alibaba Money Shield antivirus review

31. Laudon, K. C., & Laudon, J. P. (2018). Google play protect antivirus.

32. Warren, M., Hutchinson, W., & Dhillon, G. (2012). G data internet security. Bradford, England: Emerald Group Publication.

33. Thanigaivelan, N. K., Nigussie, E., Virtanen, S., & Isoaho, J. (2017, August). Towards self-aware approach for mobile devices security. In International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security (pp. 171-182). Springer, Cham.

34. Zaidi, S. F. A., Shah, M. A., Kamran, M., Javaid, Q., & Zhang, S. (2016). A survey on security for smartphone device. International journal of advanced computer science and applications, 7(4), 206-219.

35. He, D., Chan, S., & Guizani, M. (2015). Mobile application security: malware threats and defenses. IEEE Wireless Communications, 22(1), 138-144.

36. Mollah, M. B., Azad, M. A. K., & Vasilakos, A. (2017). Security and privacy challenges in mobile cloud computing: Survey and way ahead. Journal of Network and Computer Applications, 84, 38-54.

37. La Polla, M., Martinelli, F., & Sgandurra, D. (2012). A survey on security for mobile devices. IEEE communications surveys & tutorials, 15(1), 446-471.

38. Bryan, A. (2012). Android (Operating System) - Unabridged Guide. “Lightning Source”.

39. Huff, M., & Roth, A. L. (2018). Censored 2019: The Top Censored Stories and Media Analysis of 2017-2018. “Seven Stories Press”.

40. Smyth, N. (2017). Android Studio 3.0 Development Essentials-Android 8 Edition. Payload Media, Inc..

41. Oberheide, J., Veeraraghavan, K., Cooke, E., Flinn, J., & Jahanian, F. (2008, June). Virtualized in-cloud security services for mobile devices. In Proceedings of the first workshop on virtualization in mobile computing (pp. 31-35). ACM.

42. Hoog, A. (2011). Android forensics: investigation, analysis and mobile security for Google Android. Elsevier.

43. Li, Q., & Clark, G. (2013). Mobile security: A look ahead. IEEE Security & Privacy, 11(1), 78-81.

44. Jain, A. K., & Shanbhag, D. (2012). Addressing Security and Privacy Risks in Mobile Applications. IT Professional, 14(5), 28-33. S

45. Leavitt, N. (2011). Mobile security: finally, a serious problem? Computer, (6), 11-14. S

46. Shih, D. H., Lin, B., Chiang, H. S., & Shih, M. H. (2008). Security aspects of mobile phone virus: a critical survey. Industrial Management & Data Systems.

47. Popa, D., Cremene, M., Borda, M., & Boudaoud, K. (2013, January). A security framework for mobile cloud applications. In 2013 11th RoEduNet International Conference (pp. 1-4). IEEE.

48. Security Enhancements in Android 8.0: Android Open Source Project. (n.d.). Retrieved from https://source.android.com/security/enhancements/enhancements80.

49. Security Enhancements in Android 7.0: Android Open Source Project. (n.d.). Retrieved from https://source.android.com/security/enhancements/enhancements70

50. Shut the HAL Up. (2017, July 18). Retrieved from https://android-developers.googleblog.com/2017/07/shut-hal-up.html.

51. Clement, J. (2019, July 22). Mobile share of website visits worldwide 2018. Retrieved from https://www.statista.com/statistics/241462/global-mobile-phone-website-traffic-share/.

52. Li, Q., & Clark, G. (2013). Mobile security: A look ahead. IEEE Security & Privacy, 11(1), 78-81.

53. Suman J., & Balgopal S. (2016). Evolution Pattern of Mobile Phones – A Historical Study, In The SIJ Transactions on Industrial, Financial & Business Management, 4(6). SIJ

54. Ahvanooey, M. T., Li, Q., Rabbani, M., & Rajput, A. R. (2017). A survey on smartphones security: software vulnerabilities, malware, and attacks. Int. J. Adv. Comput. Sci. Appl, 8(10), 30-45.

55. Mercer, R., Young, M., Rimpeekool, W., Marshall, A., Hector, D., Dickson, J., & Phillips, R. (2013). Literature review on the impact of label format on consumers’ attention and comprehension for mandated label elements. report prepared for Food Standards Australia New Zealand by Instinct and Reason, Canberra.[Google Scholar].

56. Kelley, P. G., Bresee, J., Cranor, L. F., & Reeder, R. W. (2009, July). A nutrition label for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security (p. 4). ACM.

57. Wijesekera, P., Reardon, J., Reyes, I., Tsai, L., Chen, J. W., Good, N., ... & Egelman, S. (2018, April). Contextualizing privacy decisions for better prediction (and protection). In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (p. 268). ACM.

58. Mirzoev, T., Brannon, M., Lasker, S., & Miller, M. (2014). Mobile application threats and security. World of Computer Science and Information Technology Journal, 4(5), 57-61.

59. Lin, J. (2013). Understanding and capturing people's mobile app privacy preferences (No. CMU-CS-13-127). CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE.

60. Robert P. Griffin, Jr. (2017). Study on Mobile Device Security. Homeland Security

61. NowSecure. (2016). Mobile Security Report. NowSecure

62. Enck, W., Octeau, D., McDaniel, P. D., & Chaudhuri, S. (2011, August). A study of android application security. In USENIX security symposium (Vol. 2, p. 2).

63. Arshad, S., Shah, M. A., Khan, A., & Ahmed, M. (2016). Android malware detection & protection: a survey. International Journal of Advanced Computer Science and Applications, 7(2), 463-475.

64. Fife, E., & Orjuela, J. (2012). The privacy calculus: Mobile apps and user perceptions of privacy and security. International Journal of Engineering Business Management, 4(Godište 2012), 4-11.

65. Christos P., Hadas C., Eran T., Bruno L. (2019, February) Between privacy and security: the factors that drive intentions to use cyber-security applications.

66. Silic, M., Cyr, D., Back, A., & Holzer, A. (2017, March). Effects of Color Appeal, Perceived Risk and Culture on User's Decision in Presence of Warning Banner Message. In Silic, M., Cyr, D., Back, A., & Holzer, A.(2017, January). Effects of Color Appeal, Perceived Risk and Culture on User’s Decision in Presence of Warning Banner Message. In Proceedings of the 50th Hawaii International Conference on System Sciences.

67. Jacobson, N. G. (2016). Color-in-context.

68. Elliot, A. J. (2015). Color and psychological functioning: a review of theoretical and empirical work. Frontiers in Psychology, 6, 368.

69. Silic, M., Silic, D., & Oblakovic, G. (2016). THE EFFECTS OF COLOUR ON USERS’COMPLIANCE WITH WARNING BANNER MESSAGES ACROSS CULTURES.

70. Silic, M., Silic, D., & Oblakovic, G. (2016). Restrictive deterrence: impact of warning banner messages on repeated low-trust software use.

71. Field, A. P. (2013). Discovering statistics using IBM SPSS Statistics (4th ed.). London: Sage Publications.

72. Nakagawa, S. and Schielzeth, H. (2013), A general and simple method for obtaining R2 from generalized linear mixed‐effects models. Methods Ecol Evol, 4: 133-142. doi:10.1111/j.2041-210x.2012.00261.x

7 Appendices

7.1 Method 2 applications

Table 17: Categorization of Different Applications Based on Privacy Level for App Ranking After 2018

Abbildung in dieser Leseprobe nicht enthalten

All the screens of the Apps for each Couple

Couple I: A+K

Abbildung in dieser Leseprobe nicht enthalten

Figure 26: A+K Antivirus applications

Couple II: J+L

Abbildung in dieser Leseprobe nicht enthalten

Figure 27: J+L Antivirus applications

COUPLE III: B+D

Abbildung in dieser Leseprobe nicht enthalten

Figure 28:B+D Antivirus applications

COUPLE IV: C+I

Abbildung in dieser Leseprobe nicht enthalten

Figure 29: C+I Antivirus applications

7.2 Method 2 App permissions privacy aspect

Legend:

Table 18: Privacy facts list

Abbildung in dieser Leseprobe nicht enthalten

Security Feature: Anti-Malware

Table 19: Anti-Malware Security Feature of Different Application

Abbildung in dieser Leseprobe nicht enthalten

Security Feature: Anti-Spam Legend:

Table 20: Anti-Spam Security Feature of Different Application

Abbildung in dieser Leseprobe nicht enthalten

Security Feature: Anti-Theft

Table 21: Anti-theft Security Feature of Different Application

Abbildung in dieser Leseprobe nicht enthalten

Security Feature: Authentication

Table 22: Authentication Security Feature of Different Application

Abbildung in dieser Leseprobe nicht enthalten

Security Feature: Parental Control

Table 23: Parental Control Security Feature of Different Application

Abbildung in dieser Leseprobe nicht enthalten

Security Feature: Backup/Monitoring

Table 24: Backup/Monitoring Security Feature of Different Application

Abbildung in dieser Leseprobe nicht enthalten

7.3 Final experiment results

7.3.1 Part 1 Results average

Question One: The application defends me from viruses – perceived security.

Abbildung in dieser Leseprobe nicht enthalten

Figure 30:: Best results for the application defends me from viruses AVG.

As shown in Figure 24, application B, which demonstrated low security, received a score of 0.24, and application D, which demonstrated high privacy, received a score of 0.67.

Abbildung in dieser Leseprobe nicht enthalten

Figure 31: The application defends me from viruses – perceived security

As shown in figure 29 best results are in High privacy/Low security area in apps B,D where D got 4.7 and B: 1.66 meaning this is the most significant value.

Question Two: I will consider installing this application – willingness to install.

Abbildung in dieser Leseprobe nicht enthalten

Figure 32:Best results for I will consider installing this application AVG

As shown in Figure 25, application B, which demonstrated low security, received a score of 0.19, and application D, which demonstrated high privacy, received a score of 0.47.

1) Willingness to install

I will consider installing this app.

Abbildung in dieser Leseprobe nicht enthalten

Figure 33: I will consider installing this app.

As shown in figure 27 Best results are in High privacy/Low security area in apps B, D where D got 3.29 and B: 1.35 meaning this is the most significant value.

Question Three: The application collects too much personal information about me – perceived privacy invasion.

Abbildung in dieser Leseprobe nicht enthalten

Figure 34:Best results for the application collect too much personal information about me AVG.

As shown in Figure 26, Application B which was high in privacy received a score of 0.19, and application D, which was low in security received a score of 0.47.

Abbildung in dieser Leseprobe nicht enthalten

Figure 35: The application collects too much personal information about me - Perceived Privacy

As shown in figure 28 best results are in High privacy/Low security area in apps B,D where D got 5.28 and B: 1.28 meaning this is the most significant value.

7.3.2 CLM Results

Intention to Install Security Applications

Intention to install and privacy level. An independent samples t-test was conducted to compare participant’s intention to install a security application for low and high privacy invasion levels. There was no significant difference in participants intentions to install applications with low (M = 2.80, SD = 1.69) or high (M = 2.41, SD = 1.80) privacy, t (190) = 1.53, p = .127. A correlation analysis was conducted to confirm this relationship using privacy score. As the assumption of linearity was violated, Kendall’s tau was reported and will be used for the following analyses (Fields, 2014). Similarly, no significant relationship was found between intention to install and privacy score, rT = -.077, p = .157.

Intention to install and security level. An independent samples t-test was conducted to compare participant’s intention to install a security application for low and high levels of perceived security. There was no significant difference in participants intentions to install applications with low (M = 2.37, SD = 1.76) or high (M = 2.84, SD = 1.73) levels of security, t (190) = -1.84, p = .067. However, as this relationship was approaching significance, a correlation analysis was conducted to further investigate the relationship between intention to install and security score. Results found a small, positive, significant relationship between intention to install and security score, rT = 0.190, p < .001, suggesting that participants were more inclined to install applications that had higher levels of security.

Intention to install and application display type. An independent samples t-test was conducted to compare participant’s intent to install a security application for different display types. There was a statistically significant difference in intention to install when programs were viewed in an accumulated display (M = 2.13, SD = 1.39) and contextual display (M = 3.08, SD = 1.95), t (171.58) = 3.92, p < .001. Levene’s test indicated unequal variances (F = 20.33, p < .001), therefore degrees of freedom were adjusted from 190 to 171.58. As shown in Figure below, intention to install was higher when programs were displayed contextually, compared to when viewed in an accumulated display.

Abbildung in dieser Leseprobe nicht enthalten

Figure 36: Boxplot of intention to install a security application by display type

Perceived Privacy

Perceived privacy invasion and privacy level (score). An independent samples t-test was conducted to compare participant’s levels of perceived privacy invasion for applications with low and high levels of privacy. There was no statistically significant difference in perceived privacy invasion between applications that had low (M = 4.15, SD = 1.82) and high (M = 4.36, SD = 2.19) levels of privacy, t (184.06) = -0.70, p = .482. Levene’s test indicated unequal variances (F = 6.84, p = .010), so degrees of freedom were adjusted from 190 to 184.06. A correlations analysis was conducted to confirm that this relationship was not significant. Accordingly, no significant relationship was found between perceived privacy invasion and privacy score, rT = .076 p = .160.

Perceived privacy invasion and security level. An independent samples t-test was conducted to compare participant’s levels of perceived privacy invasion for applications with low and high security levels. There was a statistically significant difference between perceived privacy invasion for low (M = 3.67, SD = 2.13) and high security level scores (M = 4.84, SD = 1.71), t (181.78) = -4.17, p < .001. Levene’s test indicated unequal variances (F = 9.33, p = .003), therefore degrees of freedom were adjusted from 190 to 181.78. As shown in Figure below, perceived privacy invasion was higher when applications had high security levels, compare to low security levels. A correlations analysis was conducted to confirm this relationship using security score. Results found a small, positive, significant relationship between perceived privacy invasion and security score, rT = .265, p < .001.

Abbildung in dieser Leseprobe nicht enthalten

Figure 37: Boxplot of perceived privacy invasion for high and low security scores

Note: * p < .001

Perceived privacy invasion and display type. An independent samples t-test was conducted to compare participant’s perceived privacy invasion for different display type. There was a statistically significant difference in perceived privacy invasion when programs were viewed in an accumulated display (M = 3.07, SD = 1.54) and contextual display (M = 5.44, SD = 1.71), t (190) = 10.07, p < .001. As shown in Figure below, perceived privacy invasion was greater when programs were viewed contextually, compared to when viewed in an accumulated display.

Abbildung in dieser Leseprobe nicht enthalten

Figure 38: Boxplot of perceived privacy invasion for display type

Note: * p < .001

Perceived Security

Perceived security and privacy level. An independent samples t-test was conducted to compare participant’s perceptions of security and for applications with low and high privacy levels. There was no statistically significant difference in perceived security between applications with low (M = 3.87, SD = 1.87) and high (M = 3.69, SD = 1.88) privacy levels, t (.653) = 0.65, p = 0.514. A correlation analysis was conducted to confirm this finding using privacy score. Similarly, no significant relationship between perceived security and privacy score, rT = -0.014, p = .801.

Perceived security and security levels. An independent samples t-test was conducted to compare participant’s perceptions of perceived security for applications with low and high security levels. There was a statistically significant difference in perceived security between low (M = 3.37, SD = 1.91) and high (M = 4.19, SD = 1.76) security levels, t(190) = -3.08, p = .002. As shown in Figure below, perceptions of security were higher between applications that with high security levels, compared to those with low security levels. A correlation analysis was conducted to further investigate this relationship, and results found a small, positive, significant relationship between perceived security and security score, rT = 0.265, p < .001.

Abbildung in dieser Leseprobe nicht enthalten

Figure 39: Boxplot of perceived security for low and high security levels

Note: ** p < .010

Perceived security and display type. An independent samples t-test was conducted to compare participant’s levels of perceived security for applications displayed contextually and in an accumulated display. There was a statistically significant difference in perceived security when programs were viewed in an accumulated display (M = 3.07, SD = 1.54) and contextual display (M = 5.44, SD = 1.71), t (10.07) = 10.07, p < .001. As shown in Figure below, perceived security was greater when applications were viewed contextually, compared to when viewed in an accumulated display.

Abbildung in dieser Leseprobe nicht enthalten

Figure 40: Boxplot of perceived security for contextual and accumulated displays.

Note: * p < .001

Generalized Linear Mixed Model

Generalized Linear Mixed Models (GLMM) were used to predict the three dependent variables: (1) intention to install a security application; (2) perceived privacy invasion; and (3) perceived security. This analysis was chosen as it allows for non-normality and linearity of variables. Furthermore, it allows us to select user IDs and include the eight application types as a repeated measure. Traditional Adjusted R2 is often not available for Generalized Linear Mixed Models as it is susceptible to numerous problems. Therefore, we will use Conditional R2, as suggested by Nakagawa and Schielzeth (2013), which measures the amount of variance explained by both the fixed and random effects of the model.

Model 1: Intention to install a security application. A GLMM was used to test the following equation:

Equation 6: Intention to install clm

Intention to install = display type + privacy level + security level + perceived privacy invasion + perceived security

Initial AICC = 541.20 and BIC = 566.19. Conditional R2 was computed in R and demonstrated that when all five variables were included in the model, 65.92% of the variance of intention to install was explained by the entire model. As shown in Table below, the corrected model demonstrates that the overall model is significant, as are all fixed effects, with the exception of display type. We then repeated the same analysis removing display type to see if the model fitted the data better, however AICC = 541.35 and BIC = 566.39 both slightly increased. Whilst conditional R-Square slightly declined to 64.84%, these changes were only minimal. Therefore, we decided to keep display type in the original model.

Table 25: Intention to Install Fixed Effects Model

Abbildung in dieser Leseprobe nicht enthalten

Note: Conditional R2 = 65.92%, DV = Intention to Install, IV = Display type, Privacy Level, Security Level, Perceived Security, Perceived privacy invasion

In order to evaluate the model’s predictions, a scatterplot of predicted vs. observed values was used. These plots enable us to determine how much of the linear variation in the observed values is explained by the variation in the predicted values. As shown in Figure 40, the predicted and observed values of intention to install are linear and are somewhat dispersed at higher scores. Therefore, reflecting a small to moderate linear relationship.

Abbildung in dieser Leseprobe nicht enthalten

Figure 41: Predicted by Observed Values of Intention to Install

As shown by the fixed coefficients in Table below, all coefficients expect display type were significant. Therefore, the model to predict intention to install a security application can be represented by the following equation:

Equation 7: Intention to install calculation

Intention to install = 1.074 + 0.827 (perceived security) – 0.313 (perceived privacy invasion) + 0.227 (privacy level) + 0.497 (security level)

Table 26: Fixed Coefficients of Intent to Install Model

Abbildung in dieser Leseprobe nicht enthalten

Note: Conditional R-Square = 65.92%, DV = Intention to Install, IV = Display type, Privacy Level, Secuirty Level, Perceived Secuirty, Perceived privacy invasion

Abbildung in dieser Leseprobe nicht enthalten

Figure 42: Intention to install a security application for low and high privacy levels

Abbildung in dieser Leseprobe nicht enthalten

Figure 43: Intention to install a security application for low and high security levels

Model 2: Perceived privacy invasion. A GLMM was used to test the following equation:

Equation 8: Perceived privacy violation

Perceived privacy violation = display type + privacy level + security level + intention to install + perceived security

Initial AICC = 653.78 and BIC = 678.78 demonstrated that the Bayesian model was superior to the AICC model. Conditional R-Square demonstrated that when all five variables were included, 67.78% of the variance of perceived privacy violation is explained by the entire model. As shown in Table below, the corrected model, which denotes the model as a whole, demonstrates that the overall model is significant. Furthermore, all fixed effects are significant, except for privacy level. Privacy level was then removed from the model to see if we could achieve a better fit of the data, however there was very minimal change in AICC = 654.22, BIC = 679.26 and Condition R-Square = 66.78%, which all indicated a poorer fit. Therefore, we decided to keep the original model.

Table 27: Fixed Effects of the Perceived Privacy Violation Model

Abbildung in dieser Leseprobe nicht enthalten

Note: Conditional R-Square = 67.78%, DV = Perceived Privacy Violation, IVs = Display type, Privacy level, Security level, Perceived security, Intent to install

Abbildung in dieser Leseprobe nicht enthalten

Figure 44: The predicted and observed values of perceived privacy invasion

As shown in Figure above, the predicted and observed values of perceived privacy invasion are relatively linear and are quite broadly dispersed. This may indicate that there are additional predictors of perceived privacy invasion that could be added to future models.

The model coefficients, as shown in Table below, demonstrate that all coefficients in the model, with the exception of privacy level, are significant.

Table 28: Fixed Coefficients of the Perceived Privacy Model

Abbildung in dieser Leseprobe nicht enthalten

Note: Conditional R-Square = 67.78%, DV = Perceived Privacy Violation, IVs = Display type, Privacy level, Security level, Perceived security, Intent to install

Therefore, the model to perceived privacy invasion can be represented by the following equation:

Equation 9: Perceived privacy violation calculation

Perceived privacy invasion = 3.264 + 0.562 (perceived security) – 1.256 (security level) + 1.736 (display type) – 0.631 (intent to install)

Specifically, for each one-unit increase in participant’s levels of perceived security, perceived privacy invasion increased by 0.561. For each one-unit increase in intent to install, perceived privacy invasion decreased by 0.631. As shown in Figure 44, participants viewing applications with low security demonstrated a 1.256 points reduction in perceived privacy invasion. As shown in Figure 45, perceived privacy invasion was 1.738 points higher when viewing applications in a contextual display, than when viewing applications in an accumulated display.

Abbildung in dieser Leseprobe nicht enthalten

Figure 45: Perceived privacy invasion for low and high security levels

Abbildung in dieser Leseprobe nicht enthalten

Figure 46: Perceived privacy invasion for contextual and accumulated application displays

Model 3: Perception that the application defends them from viruses. A GLMM was used to test the following equation:

Equation 10: Perceived Security

Perceived Security = display type + privacy level + security level + perceived privacy invasion + intention to install

Initial AICC = 529.78 and BIC = 554.877 demonstrated that the AICC model was superior to the BIC model. Conditional R-Square demonstrated that, when all five variables were included in the model, 73.38% of the variance in perceived security was explained by the entire model. As shown in Table below, the corrected model, and all effects, except for privacy level and security level, were statistically significant.

Table 29: Fixed Effects of the Perceived Security Model

applications in a contextual display, than when

Note: Conditional R-Square = 73.38%, DV = Perceived Security, IVs = Display type, Privacy Level, Security Level, Intention to install, Perceived privacy invasion

In order to see if we could achieve a better model fit, privacy and security levels were removed from the analysis. When security level was removed from the model, Conditional R-Square = 73.38%, therefore demonstrating no change. When privacy level was the only variable removed from the analysis, Conditional R-Square = 73.49%. When both perceived security and perceived privacy were removed from the model, Conditional reduced slightly to R-Square = 73.31%, whilst AICC = 525.17 and BIC = 550.25 decreased showing model superiority. Therefore, this superior model was used to predict perceived security. As shown in Table below, the overall model and all fixed effects were significant.

Table 30: Fixed Effects for the updated Perceived Security Model

Abbildung in dieser Leseprobe nicht enthalten

Note: Condition R-Square = 73.31%, DV = Perceived Security, IVs = Display type, Intention to install, Perceived privacy invasion

As shown in Figure 46, and by the aforementioned Condition R-Square, AICC and BIC statistics, the model shows linearity. Furthermore, all values lie around the diagonal suggestion a moderate linear relationship.

The fixed coefficients, as shown in Table 30, are all significant except for the intercept. Therefore, the model to predict perceived security can be represented by the following equation:

Perception that the application defends from viruses = 1.078 (display type) + 0.271 (perceived privacy violation) + 0.739 (intention to install)

Abbildung in dieser Leseprobe nicht enthalten

Figure 47: Predicted by Observed Values of Perceived Security

Table 31: Fixed Coefficients of the superior Perceived Security Model

Abbildung in dieser Leseprobe nicht enthalten

Note: Condition R-Square = 73.31%, DV = Perceived Security, IVs = Display type, Intention to install, Perceived privacy invasion

Specifically, for each one-unit increase in intention to install, perceived security increases by 0.739 points. For each one-unit increase in perceived privacy violation, perceived security increases by 0.271. As shown in Figure below, applications viewed contextually were 1.078 points greater in perceived security then when viewed in an accumulated display.

Abbildung in dieser Leseprobe nicht enthalten

Figure 48: Perceived security for contextually and accumulated application displays

7.3.3 Summary

Participants showed a higher mean score on all three dependent variables when viewing applications contextually. Additionally, the perceived privacy violation and perceived security was both higher when viewing applications with higher security scores.

Models were fitted to each of the dependent variables. The model for intention to install suggests that individuals are more likely to install an application when they perceive it to have a high level of security, a low risk of perceived privacy violation, and when the application itself has high levels of privacy and security.

Equation 11: Intention to install

Intention to install = 1.074 + 0.827 (Perceived security) – 0.313 (Perceived privacy violation) + 0.227 (Privacy levels) + 0.497 (Security levels)

The model for perceived privacy violation suggests that individuals are more likely to perceive a privacy violation in an application when perceived security is high, actual security level is low, when displayed contextually, and when they are not intending to install the application itself.

Equation 12: Perceived privacy violation

Perceived privacy violation = 3.264 + 0.561 (Perceived security) – 1.256 (Security Level) + 1.738 (Contextual display) – 0.631 (Intention to install)

The model for perceived security suggests that individuals are more likely to believe a security application to be effective and secure when the application itself is displayed contextually, perceived privacy violation is high, and intention to install is also high. (Field, 2013) and (Nakagawa et.al. 2013).

Equation 13: Perceived security

Perceived security= 1.078 (Contextual display) + 0.271 (Perceived privacy violation) + 0.739 (Intention to install)

7.3.4 Part 1 Results CLM & GLMM & T tests

Table 32: Group statistics

Abbildung in dieser Leseprobe nicht enthalten

Table 33: Independent Samples Test

Abbildung in dieser Leseprobe nicht enthalten

Table 34: Group Statistics

Abbildung in dieser Leseprobe nicht enthalten

Table 35: Independent Samples Test

Abbildung in dieser Leseprobe nicht enthalten

Table 36: Group Statistics

Abbildung in dieser Leseprobe nicht enthalten

Table 37: Independent sample test

Abbildung in dieser Leseprobe nicht enthalten

7.3.5 Part 2 results graphs

Experience

1. How often have you personally been a victim of privacy infringement?
2. To what extent you have heard or read about the use and potential for misuse of information collected over the Internet.

Analysis: 50% of the participants have replied they've read about potential for misuse of information about 5/7 and the other 50% have replied they've had 6/7, meaning all the participants have heard or read about use and potential misuse of information collected from internet to a relatively great extent.

Abbildung in dieser Leseprobe nicht enthalten

Norms

1. People who are important to me think I should install mobile security applications

Analysis: 100% of the participants have replied 3/7 meaning that to a small extent people who are important to me think I should install security antivirus applications.

Abbildung in dieser Leseprobe nicht enthalten

2. My friends think that I should install security antivirus applications.

Analysis: 50% of the participants have replied 1/7 and the other 50% have replied 3/7 meaning that most of their friends thinks that they should install antivirus security applications to a small extent.

Abbildung in dieser Leseprobe nicht enthalten

3. In general, I want to do what my friends think I should do.

Analysis: 50% have replied 4/7 and the other 50% have replied 2/7 meaning that 50% believe they want to do what their friends think they should to to a relatively great extent while the other 50% to a small extent.

Abbildung in dieser Leseprobe nicht enthalten

Beliefs

1. If I would've wanted, I could've easily managed my applications by myself.

Analysis: 50% of the participants have replied 4/7 and the other 50% chose 2/7 meaning that 50% of the participants believe they could've easily managed their applications by themselves, while the other 50% believe it to a very small extent.

Abbildung in dieser Leseprobe nicht enthalten

2. To what extend are you familiar with the requests for permissions and the types of data in applications??

Analysis: 100% of the participants have replied they are 2/7 meaning have very small familiarity with permissions and other types of data in mobile applications.

Abbildung in dieser Leseprobe nicht enthalten

3. To what extend do you know the advantages of security applications?

Analysis: 50% of the participants have replied 2/7 and the other 50% chose 3/7 meaning that 100% of the participants know the advantages of security applications to a relatively small extent to some extent.

Abbildung in dieser Leseprobe nicht enthalten

4. I know safeguards to protect the information on my device from misuse.

Analysis: 50% of the participants have chosen 3/7 and the other 50% chose 1/7 meaning that most of the participants have some extent (50% of participants) to none knowledge (50%) of safeguards on protecting their information.

Abbildung in dieser Leseprobe nicht enthalten

5. I am aware of safeguards against financial loss when using mobile apps

Analysis: 50% of the participants have chosen 2/7 and 50% chose 1/7 meaning that 100% of the participants have little to no extent awareness of safeguards against financial loss when using mobile applications.

Abbildung in dieser Leseprobe nicht enthalten

6. I am aware of safeguards to prevent password theft and personal information theft.

Analysis: 50% of the participants have chosen 4/7 and 50% have chosen 1/7 meaning that 50% of the participants have decent level of awareness of safeguards to protect password and personal information theft and 50% have little to no extent of awareness

Abbildung in dieser Leseprobe nicht enthalten

7. When someone sends me a link, I open it only after I check where the link points

Analysis: 50% of the participants have chosen 6/7 and the other 50% have chosen 2/7 meaning that 50% open links only after checking to where the link points to a great extent and 50% of the participants check it to a very little extent (almost never).

Abbildung in dieser Leseprobe nicht enthalten

Knowledge

1. I use a password or screen lock to unlock my mobile device.

Analysis: 50% of the participants have said they use password protection to unlock their screen while the other 50% don't use have little to none use of it.

Abbildung in dieser Leseprobe nicht enthalten

2. I make sure my antivirus software updates itself regularly

Analysis: almost 100% of the participants have said 2/7 or 1/7 meaning that they check the antivirus software updating to a very small extent.

Abbildung in dieser Leseprobe nicht enthalten

3. Antivirus software is used to protect against viruses.

Analysis: 50% of the participants have chosen 5/7 and 50% have chosen 7/7 meaning that most of the participants believe that antivirus is a software to protect against viruses to a great extent.

Abbildung in dieser Leseprobe nicht enthalten

4. To what extent might a SIM card affect user privacy? (Self-development based on common knowledge).

Analysis: 50% of the participants have chosen 5/7 and 50% chose 7/7 meaning that most of the participants think that a Sim card might affect user privacy to a great extent.

Abbildung in dieser Leseprobe nicht enthalten

5. I make sure my antivirus software updates itself regularly.

Analysis: almost 100% of the participants have said 2/7 or 1/7 meaning that they check the antivirus software updating to a very small extent.

Abbildung in dieser Leseprobe nicht enthalten

7.4 The ethical participation documents

The cellular phone has become popular in recent years and is used daily most of the day for various actions, while monitoring location, activities, and user behavior. As a result, many questions arise about privacy, data security and the willingness to install applications with different permissions for personal information (such as location, camera, microphone, including personal files, etc.). The study is a follow-up study on the factors affecting the willingness to use security applications. The present study examines the impact of contextual presentation of security-privacy, i.e. what information is collected for specific security rather than a general summary as in the previous study.

7.5 The purpose of the research and the rationale

The purpose of the study is to examine the user's perceptions and behavior when installing security applications depending on how the data is presented. The balance between benefit and cost includes several aspects:

- Security of the wireless device and the information in it - the security subject while being aware of the security level and types of security services offered by the application.
- User privacy - expressed in the authorization of personal information on the cellular device (cost). Collecting personal information (such as location, and access to the camera) for the provision of security services.
- How data is displayed about the information collected (privacy features) and security services. Whether in a concentrated or contextual manner, i.e. what is collected for any security service?

7.6 Experiment setup

The system includes trial design and registration of participants including running and documenting the entire course of the experiment for future analysis. The system was built in a generic manner, so the experiment manager can define the details of the participants required for the experiment questions, the application fields and the applications according to the appropriate categories (see Figure below on the right).

The experiment manager will then set up the required experiment and run the run. Participants link for site registration.

Abbildung in dieser Leseprobe nicht enthalten

Figure 49: : Right Experimental scenario description by experiment manager, left side Experiment move (participant)

In the next stage, a participant register to the system and receives an email about the registration. After the test administrator approves the registration, the participant receives an email with a link to enter the experiment. The participant enters with the entry details and answers the survey questions as described in the process in Figure above on the left, all the answers are saved in the database and the participant receives a thank you message for his participation in the experiment.

7.7 Population

The experimental system will be tested initially by 6 pilot participants to ensure that it is ready. Students attending college N = 24 represent users of Android mobile devices (mostly young people aged 20-40).

7.8 Tools

The experiment manager will guide the user about the experiment and instruct the participant to log on to the website http://Survey.idus.co.il/Survey where the user will register on the site where the survey was conducted, send him a personal email confirming his registration and approval of his participation by the experiment manager He will be sent another email to enter and participate in the survey itself.

The questions in the experiment are divided into two types - according to specific application that is presented and general perception questions. The study data will be collected in the SQL tables database and will be converted to EXCEL for CSV files. These data will then be followed by various statistical operations to display the findings graphically and these data will be stored through secure connection of the site with the server of the college.

Backend: The backend is registered in python + flask.

Frontend: html, js, css

Database: MySQL

7.9 The course of the study

The research itself is divided into three main parts: system design and development, data collection and analysis of results. Data collection will be carried out by the current experiment, where a general questionnaire will be presented to each participant as well as a set of security applications according to the summarizing approach and the contextual approach. Design the experiment among the participants, while balancing and randomizing the displayed applications. Data will be collected in the database and can be used for statistical analysis.

7.10 Analysis of the data

At the end of the second part of the study, after the data are collected, descriptive statistical tools and behavior modeling using linear or mixed regression will be used. According to these data, the research hypotheses will be examined, and conclusions will be drawn accordingly. Dependent variable - willingness to install the application. Explanatory variables include privacy perceptions and attitudes, security perceptions, and the level of privacy and security of the presented applications.

7.11 Expected outcomes and importance of research

The results of the study will be able to teach about user preferences and perceptions of privacy and security, the relationship between cost and benefit and the impact of how the data are presented.

7.12 Importance of research

Awareness of the importance of privacy and the impact of information security has been studied in previous studies and is also known as the phenomenon of the privacy paradox. However, changes in system design because of changing needs make it necessary for further studies to be able to rely on these results.

In this study, emphasis was placed on data visualization (security and privacy) to present more clearly their meaning. The study will enable an understanding of the impact of visualization on users' understanding of the benefits of security and the meaning of collecting information accordingly, so that insights can be implemented to improve the interface of user-authorized security systems.

7.13 Consent form

The Contribution of Contextualized Security in Mobile Security Apps

I, the undersigned _________________, ________________, __________________

.......ID.........Name...........Email

Research

The purpose of the study is to understand user perceptions and decisions when providing access to information on the device. The experiment includes registration to the system, approval of participation after a short explanation of the experiment, and a response to a survey that includes presenting a set of applications accompanied by questions. In addition, answers to the demographic questionnaire and general perceptions. Throughout the prediction, the system will document the answers to the various questions that will be presented to the participant.

Conditions of participation

The population of participants in the study are

- At least 18 years of age with a mobile device with an Android 6+ operating system
- Students at the SCE - Sami Shamoon College of Engineering

The nature of the experiment

- The experimenter will register for the site where the survey will be conducted and confirm its participation
- The experimenter receives an email with a participation certificate: First of all, the first email for participation in the first trial and after all participants in the experiment are completed will send another email to participants for participation in the second part of the experiment and the experimenter will make sure in each experiment that the information is properly saved at the end of each experiment.
- The experimenter answers questions during the experiment
- Total payment for trial participation will be given at trial end (for complete payment details, please refer to Chapter 5)
- How to use it fully will be displayed on the initial agreement acceptance page.

Experiment routine

The experiment will be conducted in sequence with the following steps:

At the time of registration

- The experimenter can contact you to answer questions with the Experiment Manager. The experimenter will receive the instructions read and sign the required documents, once he understands the course of the experiment and allows his results to be used for research purposes.
- The experimenter will perform the registration on the site and ensure that you receive an initial registration email.
- Site operators will adjust the experimenter to the type of experiment required.
- The experimenter will verify receipt of a mail with participation confirmation and explanation of entry into the system.

- Experiment operators will make sure the experimenter understands the different options for using the site.
- Experiment operators will also verify from the server that the registration is indeed successful, and the data has been successfully saved in the appropriate SQL tables.

During the experiment

- The experimenter will answer the questions on the website for each application screen shown.
- Experimental operators will monitor site usage by server-side monitoring if new records of site usage and final output of responses selected by each participant were received.
- If it is found that the experimenter does not use the site (no registration and final answers appear on his part) and does not exercise his participation in the experiment, the experimenter will receive a request to participate in the survey and if the questions are not answered, the participant will be stopped and no fee will be paid for participation.
- At the end of the experiment operators of experiment will ensure that all questions have been answered by the experimenter to make the payment.

When the experiment is over

Experiment operators will ensure that all questions are filled out by the experimenter to pass the payment.

Payments

To compensate for the time, the researcher spent on researching and answering all questions, he will receive a total of NIS 35 for the trial which 20-30 minutes or in the course score a bonus is approximately as determined by Dr. Hadas Hasidim.

Experimental statements and signature

- I hereby declare that I agree to participate in research on "Security and privacy aspects of security applications".
- I hereby declare that I have been explained to the research objectives and methodology (in general).
- I am aware that participants may be at risk if the information collected during the study is disclosed
- College servants. To minimize this risk, researchers use industry-standard standards to protect users' information, including encryption of information, server security, and hiding the identity of research participants. However, I declare that I am aware of the risk and that the College or researchers on its behalf are not responsible for the disclosure or damage caused by the disclosure.
- I am free to choose not to participate in the study and I am free to quit at any time my participation in the experiment.
- Researchers undertake to delete any information collected during the study if requested by me contact the researchers
- Confidentiality of my personal identity in scientific publications. Also, any information
- To be published as a result of the study will be summarized for a group of study participants. However, I am aware that presenting the information in a concise manner does not yet protect the personal information perfectly.
- I am guaranteed a willingness to answer any questions raised by me and the possibility of consulting another party
- As for the decision to participate or continue it. For further questions, please contact Dr. Hadas Hasidim at 08-6475889 Email:hadasch@sce.ac.il
- I declare that I gave my consent of my own free will and that I understood all of the above
- Compensation for participating in the survey: NIS 35 / bonus score, please choose one of the two options.
- The above consent was obtained by explaining to the participant in the experiment all the above and verifying that all my explanations were understood by him
- I hereby declare that I have given my consent of my own free will and that I understand all the above

________________ _________________ ________________

The name of the participant Signature of the participant Date

- The above consent was accepted by me after I explained to the participant in the experiment all the above and confirmed that all my explanations were understood by him

________________ _________________ ________________

Name of Investigator Signature of Investigator Date

7.14 Final Experiment Questionnaire

Part 1 questions for each application:

1. The application collects too much personal data about me – perceived privacy invasion.
2. The application defends me from viruses – perceived security.
3. I will consider installing this application – willingness to install.

7.14.1 Part 2 Questionnaire

Experience

1. How frequently have you personally been a victim of privacy invasion?
2. To what extent heard or read about the use and potential for misuse of information collected from the Internet?

Norms

1. People who are important to me think that I should install security antivirus.
2. My friends think that I should install security antivirus applications
3. Generally speaking, I want to do what my friends think that I should do.

Beliefs

1. If I would've wanted, I could've easily managed my applications by myself.
2. To what extend are you familiar with the requests for permissions and the types of data in applications?
3. To what extend do you know the advantages of security applications?
4. I know safeguards to protect the information on my device from misuse
5. I am aware of safeguards against financial loss when using mobile apps
6. I am aware of safeguards to prevent password theft and personal information theft.
7. When someone sends me a link, I open it only after I check where the link points

Knowledge

1. I use a password or screen lock to unlock my mobile device.
2. I make sure my antivirus software updates itself regularly.
3. To what extent do you notice security policy before installing the mobile app?
4. To what extent might a SIM card affect user privacy?
5. Antivirus software is used to protect against viruses

Part 2 questions

1. How often have you personally been a victim of privacy infringement?
2. To what extent you have heard or read about the use and potential for misuse of information collected over the Internet.
3. People who are important to me think I should install mobile security applications.
4. My friends think that I should install security antivirus applications.
5. In general, I want to do what my friends think I should do.
6. If I would've wanted, I could've easily managed my applications by myself.
7. To what extend are you familiar with the requests for permissions and the types of data in applications??
8. To what extend do you know the advantages of security applications?
9. I know safeguards to protect the information on my device from misuse.
10. I am aware of safeguards against financial loss when using mobile apps
11. I am aware of safeguards to prevent password theft and personal information theft.
12. I use a password or screen lock to unlock my mobile device.
13. When someone sends me a link, I open it only after I check where the link points
14. I make sure my antivirus software updates itself regularly
15. To what extent do you notice security policy before installing the mobile app?
16. To what extent might a SIM card affect user privacy?
17. Antivirus software is used to protect against viruses.

Reference keys

Table 17: Reference keys for applications

Abbildung in dieser Leseprobe nicht enthalten

7.15 MRG effitas tests:

MRG Effitas is the name of the company which runs tests for detection methods to check and detect malware before the application is installed on a smartphone. Malware should be detected by proper Antivirus application suite. In the middle of an antivirus application installation the detection should be done to check installation time protection of antivirus products as installing malware on the device does not mean unwanted consequence for the smartphone user.

Having malware on the smartphone displaying system alert window, the application can request the administrator device permission to the user and if approved the user will not be able to get rid of the unwanted application due to the administrator permissions.

Protection Score: Measures protection against malicious android apps and includes:

1. Detection of the latest Android malware in real-time (2912 samples used);
2. Detection of the latest Android malware which has been discovered in the last 4 weeks, which will allow us to protect against unwanted malware using worldwide unique automated test android systems which are ran on the latest smartphones in the market.

Usability: This refers to the impact of security software on the usability of a device. It includes whether the application has an impact on the battery life, the device speed during normal usage, and internet traffic. This might lead to having false warning during installation and usage of legitimate applications from the Google play store and false warnings during installation of legitimate software from third party app store.

All of the aforementioned factors are taken into consideration when conducting usability tests and are incorporated into Android AV-Test test environments by Android experts in order to receive a thorough evaluation.

Features: Important advanced security features include: anti-theft (remote wipe, remote lock, locate) lock and wipe device if stolen, call Blocker from unknown numbers, message filter to filter out emails or SMS messages from unwanted content, safe browsing using browser with protection against phishing or malicious websites, parental control to control and observe children's behavior on the mobile device, backup or personal data to cloud of SD-card, and encryption (VPN or device encryption). Other features include safe Wi-Fi, privacy check, and app lock.

Comparative scores are taken from the Anti-Virus Comparative (2018) report includes tests conducted by AV comparative teams using 2,604 malicious applications to create test sets and apps with similar environment to check the scores of the latest smartphone devices in the market. The tests include their ability to detect malware using real-time protection false positive tests by downloading 500 popular apps from third party stores. (Anti-Virus Comparative, 2018)

MRG Effitas: Content is built from scores taken from the MRG Q3 2018 Report. MRG Effitas is an IT security research company that focuses on malware analysis and samples analysis using different test environments. MRG Effitas has performed in depth tests of Android antivirus software of the same protection level measured in real life with different pieces of malware testing which was done on Android 6.

Early detection stage devices had not been infected with malicious APK files. Properly designed antivirus suite should detect threats as early as possible, preventing users from installing dangerous applications on devices.

Tests which were done at the beginning of the install was using the detection during installation to check time protection of the antivirus products. False positive tests were done in order to cover all aspects of efficacy of participants with limited samples from the Google Play store using good certificates and beginning samples with certificates signed neutral or sign malicious samples.

These chart information is based on av-test.org reports and analysis previous app features chart is based on Av-Comparative report September 2018: https://AV-comparatives.org/wp-content/uploads/2018/08/avc_mob_2018_en.pdf https://www.mrg-effitas.com/wp-content/uploads/2018/09/MRG-Effitas-Android_2018q3_v103.pdf

7.16 Mobile security applications

7.16.1 A

Introduction

It is the built-in protective malware product of the Google which allows checking the: apk files and other files before installing them whether they are safe or not. The app consists of the anti-malware scan which allows detecting the virus on your smartphone. It protects you from the phishing sites and can take action related to the app auditing. The anti-theft features of the app are quite convincing for the users and SMS and Call blocking tool is also present (Faruki, et al. 2013).

Application description

Built in android 8.1 latest version update antivirus has many advanced functions like app scanner & malware scanner as well as by installing find my phone you will be able to wipe phone remotely using the google account and also to detect the mobile on the world map the only permissions the app is asking for is by installing the find my phone access to the location GPS (Mishra, 2015).

The app also has an alarm function to notify remotely of device location accessible on any android device settings> security & lock screen and google play protect or using the google play store and google play protect function (Laudon, K & Laudon, J, 2018).

Abbildung in dieser Leseprobe nicht enthalten

Figure 50: A antivirus application.

Abbildung in dieser Leseprobe nicht enthalten

7.16.2 B

Introduction:

B is the app developed which is the best online store in China. The app is in the Chinese language and the main function of the app is to secure the transference of the money on the platform. When you get to register on the app, you can perform manual security checks and after performing each security check, you get different recommendations to improve the security of your phone (Friedewald & Pohoryles 2014). It also has the facility of the app locking by using which, you can lock the apps of your choice by using pattern or password. It also has the anti-malware scanning tool which helps you to scan your device for finding any malware. The app also provides protection against the fraudulent phone calls and URLs to keep you away from the hackers and fake offers.

Application description

The installation of the app is very easy and does not ask for much permission other than a license agreement, the only time the app asked for permissions was to override the wakeup of the device and go over the do not disturb status for things like alarm safety. Other functions such as antivirus, memory booster, the battery booster does not require any additional permissions to run (Chapple & Seidl, 2017).

The app has advanced functions like fraud interception messages to prevent anti-phishing websites and antitheft feature built in with bank account advance protection pin code setup and other advanced protection (Shipley & Bowker, 2014). The entire interface is in Chinese testing the anti-theft and other permissions was not possible due to the difficulty of login to the menu on Chinese.

App Permissions from google play grants access to the following phone device: Access and manage phone calls and read call logs, device calendar, contacts, location, SMS messages and MMS, photos files & media, device camera, WIFI, device id & information (Chapple & Seidl, 2017).

Abbildung in dieser Leseprobe nicht enthalten

Figure 51: B antivirus application.

7.16.3 C

Introduction

C is the best app on the Google Play store for the security of your phone as it contains the most number of features as compared to other such products. You can download the app from the Play store and then enjoy the 14 days trial version is free. After that period, you must register on the plan of your choice at a reasonable price. It is the most comprehensive app with all necessary and possible security features. The anti-malware scan is quite simple, and you can perform it manually whenever required. It also provides protection against the phishing sites, fake SMS and calls, hacking attempts, and poor security level data. It also provides the VPN and Network security for securing your device on a Wi-Fi network (Sammons & Cross 2016). The app locking and photo vault features of the app are quite impressive for securing the important data. The app permission and firewall protection allow the users to maintain the data limit on a app and control the data access on the apps.

Application description

Beginning with the app installation requires providing license agreement at this stage no permissions are required as shown below:

Abbildung in dieser Leseprobe nicht enthalten

Figure 52: C antivirus application.

Scan function requires providing consent for media files and photos on the device (Thanigaivelan, Nigussie & Isoaho, 2017).

Abbildung in dieser Leseprobe nicht enthalten

Boost ram function requires usage access to be able to use it:

Abbildung in dieser Leseprobe nicht enthalten

Clean junk function runs & cleans temp files & cache for deep scan the software offers to install the extra “C” cleanup boost phone optimizer which then requires access to the files on the device (Thanigaivelan, Nigussie & Isoaho, 2017).

Abbildung in dieser Leseprobe nicht enthalten

Scan WIFI function begins a system to scan and offers to connect to VPN to be invisible to hackers by offering a fake IP, available for premium users only.

Abbildung in dieser Leseprobe nicht enthalten

VPN protection function shows the current IP address and status and offering a VPN secure network by providing also a secure network and fake IP available for premium users only (Thanigaivelan, Nigussie & Isoaho, 2017).

Abbildung in dieser Leseprobe nicht enthalten

Photo vault function is available for protecting photos for future use.

Data usage allows limiting the daily and monthly internet consumption and which day of month to reset requires access to manage phone calls to use:

Abbildung in dieser Leseprobe nicht enthalten

Call blocker function allows blocking numbers from call history or entering a new number manually: requires turning it on and provide the access to contacts of mobile:

Abbildung in dieser Leseprobe nicht enthalten

Power saver function helps save power by reducing things like visibility of screen and execution of battery consuming apps: requires access to the system:

Abbildung in dieser Leseprobe nicht enthaltenAbbildung in dieser Leseprobe nicht enthalten

Abbildung in dieser Leseprobe nicht enthalten

App permissions shows which permissions have which app: and how much space and risk it poses high/low.

Firewall function cannot be activated as required device root.

Anti-theft function requires initially to setup pin code: and then to enable device administrator after this it will request access to the following things:

Abbildung in dieser Leseprobe nicht enthalten

Figure 53: C application permissions

From here the application proceeds to the anti-theft menu where advanced functions are available such as: siren, camera trap, web control SMS control remotely for remote lock or remote wipe or locating the device (Thanigaivelan, Nigussie & Isoaho, 2017).

Abbildung in dieser Leseprobe nicht enthaltenAbbildung in dieser Leseprobe nicht enthaltenAbbildung in dieser Leseprobe nicht enthalten

Figure 54: C Antivirus functions

Additional software is available for installation with the Avast suite: secure line VPN for same network, alarm clock and gallery to view photos.

7.16.4 D

Introduction

D Antivirus also has a huge reputation on the Google Play store due to its super features. The app has the Anti-malware scanning tool which scans the status of the device and recommends if any improvement is needed to be fulfilled. The product also provides Wi-Fi security by checking the network on which you are registered. The app also contains app locking and photo vault features. The call blocker tool is quite amazing along with the perfect security check of all incoming data on your device. The firewall and app permission tools make it an attractive product to be downloaded now (Gomes, et al. 2009). You must set the status of your device “LOST” if you want to check the status of your lost device. But, there is still the room for improvements in the app which will be seen in the future.

Application description

D Antivirus: D, which stands for Antivirus D is another free antivirus package which a subsidiary of Avast software is, has attracted a lot of attention in the security market. The free antivirus software tool is compatible with the following operating systems: Windows, macOS, and Android.

Abbildung in dieser Leseprobe nicht enthalten

The installation process of the “D” Antivirus is relatively simple at the initial screen we get the license agreement and privacy policy and VPN policy upon proceeding we give our agreement to accept them if we wish to use the app, next there are 2 options either continue with ads for free or upgrade to avoid having ads in the system and they have tailored ads which allow the app to trace the user’s activities and uses so they can implement ads which suit for them. Up until this stage no access was required by the system for any resource, by pressing continue we get to the main antivirus app menu which includes a few functions which appear away starting with the: Scan button by pressing on it the app will take you into the scan menu which initially requests access to photos/media/files on your device so the app can scan them for viruses/malware. Note the system will display the problems in red as well as ads and suggest to you how to resolve it including disabled functions (Becher, et al. 2011). Memory boost function allows the system to kill not required apps by having access to the system settings and then the system will begin the process of unrequired apps termination to free more ram on the device, the app afterwards then shows you how many apps were terminated and ads and upgrade page and rate the app or any additional functions available.

Of course, without permission to access usage for feature usage, the app won’t proceed to the next stage of killing tasks running in the background. Clean junk feature shows how much-unrequired files you have on your device and suggest either to use a safe clean basic function or deep clean which will require the installation of “D” cleaner and an approximate suggestion on how much space it can free up by installing the additional app (Norouzi & Parsa 2014). Pressing on the safe clean does not require any additional permission from the app which were not already granted for the app and display ads tailored for you upon the basis of track and another usage. Scan WIFI function scans the basic WIFI usage and if the WIFI network in use is safe by basis of encryption of the data in use and if it’s a public or private WIFI and exposure danger, the app then suggests to connect to a VPN network for the extra protection note: the VPN is a premium feature so it’s not available for use unless you purchase premium and it will give extra protection by encrypting your data and having a false public IP to protect from malicious apps.

Abbildung in dieser Leseprobe nicht enthalten

Figure 55: D antivirus application.

Check speed function measures your current internet speed and if there are any issues with the connectivity available after measurement the app shows you the stats of your current connection and a tailored ad. Upgrade to get it all without having the ads. VPN Protection function is available only for those with premium and upgrade is required to unlock this feature no free test option is available and also to change locations to mask your IP per country of choice and better internet speeds as well as binge watch access paid streams services with VPN connectivity.

The main bar left menu contains functions such as “remove ads “must upgrade to pro premium version to get this feature, app locking feature also a premium feature available for trial under the given 14 days by the company grace period, anti-theft function VPN protection photo vault Wi-Fi security and speed additional apps by “D” such as cleaner secure VPN alarm clock and gallery and power saver/data usage call blocker app permissions firewall “D” account to access app from computer and settings which include a verity of functions such as notifications protections pin code updates activity log and personal privacy which means share data with third parties for set by default to be enabled as agreement was given at initial installation of app (Micro, Trend 2013).

Abbildung in dieser Leseprobe nicht enthalten

App Locking feature to set this up requires a few “simple steps” set up an emergency pin code and a pattern lockage as well as finger scan to proceed to the next page where you can select which apps to lock and require pin code/security pattern to unlock no permissions were required in these areas from the system additionally from what was already provided up to this stage.

Anti-Theft feature by accessing this feature the app brings up the initial screen and It will require first setting of the basic pin code and then connecting to the application via the website to control

Abbildung in dieser Leseprobe nicht enthalten

The app remotely and then to request permissions there are various permissions required will be shown in attached screenshots the flow (Friedewald & Pohoryles 2014).

After admin rights and system modify settings granted System modify settings and basic permissions write will be required by the app and access to various things on the device as shown below: Once the permission to all the device’s settings has been given activation will be successful and proceed on to the Anti-Theft Page:

Abbildung in dieser Leseprobe nicht enthalten

Figure 56: D Antivirus analysis

This means giving up the access to all those resources in exchange for getting all the features listed above the tradeoff for having this “protection” in case device is lost or stolen things such as device lock remote SMS control and even remote wipe and location to detect where the device was last seen on the map. SMS remote commands give the ability to control mobile remotely.

Power Saver function: as the name suggests allows to modify power saver settings and warnings how the device consumption is managed brightness and other functions to save on battery life, this is a premium feature has ads. Data Usage function allows to limit the data used by any app and predetermine what kind of mobile internet data package comes with the mobile data package/month/daily limit (Gomes, et al. 2009).

Firewall feature: requires root permission which means it will require a third-party app that roots the device to give the antivirus app the root access then it will allow to block/deny connectivity from apps inbound/outbound data transfer.

Thus, it is not recommended to use this unless you would like exposure and risk of having your device hacked by rooting which is the highest access to the device means access to the deepest areas of the Android operating system able to do anything on your device by having root permission (Faruki, et al. 2013).

7.16.5 E

Introduction

E Antivirus Security is a good tool to be used for securing the smartphones of users. It has the one-click feature of the scanning of the device for detecting malware and virus. The product gives recommendations after every click for ensuring the security. The anti-thief tools are functional in this product for the security of your confidential and private data. A 4-digit pin must be entered to unlock the device. The “Identity Safeguard” feature of the app allows the user to stay safe from hackers. The web protection tool allows you to stay away from the insecure and harmful sites. It also contains app locker and Private advisor tools for the security of the data present in your device. It also has the new features of camera and microphone protection as well which are quite convincing (Friedewald & Pohoryles, 2014).

“E” has been around for a long time founded in 1986, millions of users worldwide use their products the product gets excellent scores for providing the best protection in a verity of functions to block malware and potential virus threats to the mobile device (Avira Antivirus 10, 2016).

Application description

Beginning the installation screen, the E software provides 2 options selecting the Pro version which is ads free or to targeted ads tailored for your uses.

Abbildung in dieser Leseprobe nicht enthalten

Figure 57: E antivirus permissions

By providing the consent to targeted ads we get to the app main screen where the app requires to run a first scan on the device with a red question mark, by pressing on the scan the app first will check for updates and afterwards will begin scanning applications which are installed on the mobile device without requiring any permissions for the app (Avira Antivirus 10, 2016)

After the initial scan is complete the app then shows option to scan remaining files and then it will prompt for access to the photos/media/files on the mobile device to be able to scan the device with a deep scan and by providing the consent the app will initiate this scan.

Abbildung in dieser Leseprobe nicht enthalten

Next on we get to the Security button on the bottom of the screen which includes a few features unfortunately they are not free for use so were not able to review them: amongst the pro version premium features you will find: App lock, Microphone protection, Camera protection, Web protection.

The Anti-Theft function: pressing on this button the app will prompt for device location permission and then display your current location on the world map in zooms in and will offer you to setup anti-theft to maximize protection (Avira Antivirus 10, 2016)

Abbildung in dieser Leseprobe nicht enthalten

. Abbildung in dieser Leseprobe nicht enthalten

Figure 58: E antivirus permissions

To enable it the app first requires enable permissions for device call and wipe data and find the device, pushing on this will prompt for app prompt to manage phone calls and make them and access to the contacts on your mobile device.

To enable the remote protection, function the app requires administrator privileges to lock wipe device remotely and unauthorized app access and app uninstallation. Control from dashboard requires to register with Avira using fb or google or email and if you select one of them the app would like to view basic profile permissions. After registration is complete functions of alarm enable/lock device/remote wipe will be accessible from the dashboard on the Avira website (Avira Antivirus 10, 2016)

Abbildung in dieser Leseprobe nicht enthalten

Identity Safeguard provides protection for emails & contacts against mail hacking and alerting us when action is required, however by having the free version you will have access only to view the threats found and no other action is possible therefore it’s not a very useful function (SciVee, 2015). Privacy Advisor: shows apps with low/high risks and trusted apps and shows in relatively low specification what is the risk threat if it is high for instance access to storage to view photos and files on the device.

Abbildung in dieser Leseprobe nicht enthalten

More button reveals additional apps which can be installed as addons to the app set for instance Optimizer to free up space on the device app will require access to files on device so that it can delete them and then display how much size which files on the device take as per size and boost battery to show battery consumption to improve battery life, clean private data function will require access to manage phone calls and offer to delete phone call log and other browsing data, this app is a good addition to the Avira antivirus system and has friendly GUI and allows many things the pro function has auto activation and no ads (Avira Antivirus 10, 2016).

Abbildung in dieser Leseprobe nicht enthalten

Figure 59: E antivirus permissions

Phantom VPN to use a fake IP address and thus provide a safe browsing environment this is a premium service, so it requires purchasing subscription to use this feature, password manager which manages strong unique password without needing to remember them or secure qr scanner which allows you to scan in retail shops (Shipley & Bowker, 2014).

Abbildung in dieser Leseprobe nicht enthalten

Other than this the app has activity monitor which shows in relatively slim manner what the app was doing the few last actions.

7.16.6 F

Introduction

F is quite an easy-to-handle device for your smartphone as it is a well-designed product as far as the features and usage of the app are concerned. It is quite like other antivirus apps, but it has some distinguishing features as well, which makes it more suitable (Sammons & Cross 2016). The “account privacy” is a unique tool of this app which checks all the email addresses on your device. Apart from it, this product consists of Anti-Malware scan, web protection, Wi-Fi status check, Anti-theft tools, app locker, and SMS and call blocker.

F – 4 out of 5 Stars: Simplicity is key when it comes to making software. The developers of F seem to know it better than anyone else. Their mobile antivirus tool is incredibly easy to set up and configure and doesn't affect your mobile devices.

Application description

Installation process initially reveals a license agreement that needs to be accepted to proceed.

Abbildung in dieser Leseprobe nicht enthalten

Figure 60: F antivirus

After the screen comes to a sign in / registration page to create a new account using Facebook/Gmail accounts.

The next screen will show us the configuration of protection by pressing next and activate to enable web protection we will be taken to the device accessibility settings to allow Bitdefender mobile security.

Abbildung in dieser Leseprobe nicht enthalten

Must enable accessibility which then prompts the observe actions and retrieve windows content window to proceed with the web protection otherwise it will not work. After this the app will jump to step 3/3 malware scanner and require you either to scan now or skip and request to get permissions:

Abbildung in dieser Leseprobe nicht enthalten

Figure 61: F antivirus functions

After you’ve finished giving out all the permissions to manage your phone calls and access to your photos media and other files on your device you will be able to proceed into the application itself that is the tradeoff to be able to use the app base features (Jeon, et al. 2011).

The following are the base features which need to be activated to enjoy the full features

Abbildung in dieser Leseprobe nicht enthalten

Figure 62: F antivirus permissions

Anti-Theft function in unwanted event phone stolen you will be able to access remotely commands to help get the device back. By pushing on the activate button you will be prompted:

Allow to access device location and to send and view SMS messages and in addition to activating device administrator which gives access to a lot of features as described in the images and all this is required to use the anti-theft feature this is the tradeoff for having the protection against mobile theft (Kammer 2009).

App lock feature requires access to user data to be able to lock apps “usage access”

Snap photo: Activate this feature to take a picture of the thief if he was wrong a few times in a row guessing your password and thus it will allow access to take pictures and record videos a tradeoff for the security which the app provides.

Abbildung in dieser Leseprobe nicht enthalten

Anti-Theft Trusted member function is possible only if you have a “friend” or 2nd mobile device that will be used as backup system which have functions such as: notified for replacement of SIM card and remotely, ability to send via SMS wipe command requires pin code to access this function. (Sammons & Cross 2016).

Setup backup number will require access to contacts to be able to activate friend anti-theft function for contact number exposes mobile for your contact list address book. VPN Premium function: encrypt connection change server and unlimited traffic thus securing the mobile, this function will require access to mobile internet and location to use this. Premium functions are not available for regular free subscription.

After providing access to the WIFI and using VPN function you will receive a public IP address this will shield you from potential attacks or harmful attempts when not on the private secure network.

Malware scanner function scans your device for malware free function requires access to files on storage didn’t request for access when clicked scan the request was at the initial app installation which it does a scan straight after app got installed (Becher, et al. 2011). Web protection provides support for surfing with browsers in the mobile from harmful sites does not require any special access which was not provided already. Reports contain a weekly report about scans and another activity that took place in the app this week and contains past week also activity log contains all the history that was in the recent activities in the app (Jeon, et al. 2011).

Settings contain set up like security pin account privacy In cloud detection app lock snap photo and anti-theft including snap photo and how many attempts and reports notification and send anonymous reports to the company without consent is enabled by default means you don’t even know you agreed on this another leaky part.

My account will contain information about your email and device name and subscription status and uninstall button to remove the app, this app has no firewall capabilities or real-time protection like we had on the other apps even though this app also contains basic anti-theft app but lack the advanced capabilities which other antiviruses had to offer in regards to advance functions especially in the premium app mode. There is very little return in the agreement for using this app not much beneficial only if you are looking for more advanced functions (Leavitt 2011).

F is second in the list and it is an award-winning antivirus as well. The anti-phishing score of this app is quite amazing and it has the best features that you could imagine. It is the ultimate choice of antivirus users. The VPN and ransomware are almost perfect for all users as seen in the tests.

The way F works is that this technology continuously monitors each program (specific processes) running on the PC as it executes, and it notes any malware-like actions. Each action is scored and, when a given threshold is reached, the process is reported as harmful. Unlike heuristic technologies that check executable files when they are accessed or started, Active Virus Control monitors everything applications do as long as they are active (Friedewald & Pohoryles 2014).

F includes more features than most computer protection programs. In addition to protecting against malware and phishing attacks, it alerts you to threats on social media and scans removable media to block malware entering through USB devices.

F’s firewall works in conjunction with Microsoft Windows security features to create a double layer of protection against malware threats. It also keeps hackers who want to steal your identity from swiping personal information (Thuraisingham 2015). Its malware protection is threefold. A file-scanning engine compares suspect code to known malware signatures, while a heuristic monitor watches file behavior and inspects the code. Anything new and suspicious goes up to the company's servers for analysis, and resulting signatures get pushed out several times daily to its 500 million users.

However, apart from everything, F too comes along some cons;

Mediocre scores in some of our hands-on tests

Very limited parental control features on iOS devices

Parental controls are only available with a more expensive version of the software or with Yahoo Messenger Protocol

Some bonus tools are a little basic

Minor ransomware cleanup issues

However, after observing everything that we’ve gathered, my verdict is that Bitdefender’s security suite is accurate, reliable, and stuffed with valuable features. Moreover, it is strongly one of the best antivirus software because of its performance, security-enhancing features, usability and 24/7 technical support (Randall 2004).

7.16.7 G

Introduction

G is the perfect solution of the G to protect multiple devices including PCs, Macs, smartphones, and tablets. It has limited features, but effective ones as compared to the other such products. The app is well designed to provide security against the malware, virus, hackers, and insecure sites. The anti-theft feature of this product is quite amazing as it contains the alarm tool which notifies you when an irregular attempt is made on your phone. The app has the capability of anti-malware scan of each app or internal storage of the device. The app provides privacy to the users as well by limiting the data, controlling the access to the apps, filtering the content. It also consists of the anti-theft and safe browsing features (Sammons & Cross 2016).

It has its pros, which include its good score in your hands-on malware-blocking test. It does a speedy full scan, as well as contains behavior-based deep guard detects brand-new malware. The main highlight of it is its advanced network protection; streamlined, simple interface.

However, it loses its ranking in the protection sector. It fails to block disk-encrypting ransomware and ransomware launched at startup. Moreover, there is no ant phishing URL blocking whatsoever (Leavitt 2011).

The bottom line would be that G Anti-Virus's fast full scan and Deep Guard behavior-based detection system make it a powerful malware fighter, but it failed some of our ransom ware protection tests.

It is the number sixth best app on the Google Play store as it provides excellent security for the Androids. It has the quality features of the remote account management and cross-platform management of the parental controls. It is a key finder for the stolen or lost devices. G Anti-Virus performs a pre-scan to remove infections from your computer before the main program installs. And while it doesn’t stop you from reaching malicious sites or from dangerous files from downloading, it does detect once the threat is on your computer and works to quarantines it (Sammons & Cross 2016). You have access to several free tools from the G website. These include a system scan to see if there is any malware on your computer and a router check to make sure someone isn’t trying to hijack your internet. However, you don’t have to purchase an G product to use these. They are free to anyone who needs them

This antimalware software scans any device that is connected to your computer via USB, including cell phones, and quarantines malware it finds. It also has a personal firewall to monitor your internet connection where hackers and ransomware tend to sneak in. This is the extent of the protection you get with F-Secure Anti-Virus.

Where G is a high-performance internet security suite and a premium solution for your internet safety, it sure has its cons;

- Doesn’t stop online threats from infecting your system
- Parental control is limited
- Mediocre phishing protection
- Mediocre file-copy performance
- A huge number of false positives
- Poor results in the antivirus lab tests

With all, G surely contains more of its positive aspects than the negative ones. Coming down the verdict, G Internet Security's excellent score in our malicious URL blocking test is one of the biggest reasons to go for it, as it isn’t something to miss into.

Application description

Abbildung in dieser Leseprobe nicht enthalten

Figure 63: G antivirus permissions and usage

As soon as you open the app license agreement and “improve “product by sending them usage data, after pushing accept and continue the software requests 3 permissions: manage phone calls and make them, device location and access to media and files on the device, once approved it will ask to create a new account and then to select if you are a parent or a child who uses this device.

Abbildung in dieser Leseprobe nicht enthalten

As soon as the account is created shows your device name and available features which include antivirus finder call blocker statistics banking protection safe browsing and much more. The antivirus is a little slow and progresses very slowly it didn’t request any additional features however it is not very good performance wise I found it to be extremely slow and not worth the exposure of the data for the functionality it provides.

As can be seen from the previous section after finder gets admin permission it can trace location erase all data and change screen lock, as well as other advanced functions remotely as well as SIM swap, notify by number.

Privacy application shows which app has access to what resources on the device and how exposed are they and in detail provides details to the app access.

As can be seen, the app has many things it can access on the device. Family rules function allows changing via the website the family rules for the children. Call blocker allows the device to see who from to get calls and block those who are not wanted.

Abbildung in dieser Leseprobe nicht enthalten

The app requires access to the contacts to work properly and manage block list. Safe Browsing allows the web browser to use safe functions and other protections didn’t ask any permissions to use this feature. Banking protection uses a safe internal browser that the app claims is protected environment:

Abbildung in dieser Leseprobe nicht enthalten

Statistics show the recent statistics regarding the app and subscription explains what is to be gained by buying the app. No additional permissions were required for any of these features besides what was already granted.

Abbildung in dieser Leseprobe nicht enthalten

Figure 64: G antivirus usage functions

7.16.8 H

Introduction

H is a perfect app for the security of your phone as it consists of all necessary tools related to the security of your phone. The anti-malware scan is available in the app which scans the data and identifies the security status of your device. The app also provides web and Wi-Fi protection whenever your device gets linked to the internet. It also has the feature of app auditing and protection which secures all the apps on your smartphone. It has the capability of the filtering of the calls and SMS which secures your phone from hacking attempts. The parental controls which allow you to limit and restrict the data of the apps by using keywords and passcodes (Sammons & Cross 2016).

Application description

H comes from big security company like famous brand name, organized H total security has many users and for a fairly price, installation wise, the setup begins by asking straight up for a bunch of permissions (Warren & Dhillon, 2012).

Abbildung in dieser Leseprobe nicht enthalten

Figure 65: H antivirus permissions

By pressing on the missing configuration for internet security settings we will get prompted to give permission to a few more things including device administrator for lost/found function to work (Warren & Dhillon, 2012):

Abbildung in dieser Leseprobe nicht enthalten

Figure 66: H antivirus permissions and usage

As can be seen the app has advanced functions which include: screen lock including password, device mute, delete personal data, play music, google map trace, sim change and lock phone on sim change detection, send last known location all upper commands are done remotely using the web action center console (Warren & Dhillon, 2012). Web protection function:

Abbildung in dieser Leseprobe nicht enthalten

As shown this function requires the accessibility access to the mobile deice to retrieve content window and observe actions allows to surf using the safe browser in incognito mode. Permissions functions shows which apps have which permissions:

Abbildung in dieser Leseprobe nicht enthaltenAbbildung in dieser Leseprobe nicht enthalten

Protected apps allow to prevent apps from being deleted same as previous function already defined in initial login (Shipley & Bowker, 2014). Parental control allows to define child/teenage profile and then to manage it which resources access on the phone (Warren & Dhillon, 2012). Panic button function allows to set a widget emergency button sends SMS messages to send to anyone who is directed on the rule. Call filter/hide contacts available only for older versions of android function no longer valid as shown below all 3 functions:

Abbildung in dieser Leseprobe nicht enthalten

Figure 67: H antivirus login screen

7.16.9 I

Introduction

I – Antivirus protective product for the safety of the phone as it consists of all necessary tools which are required for keeping your confidential data safe. The app consists of Antimalware scanning and Anti-theft tools which make your phone safe from viruses and hackers. The app ensures the privacy protection of the user and app locking facility as well. The call filtering and SMS blocking are also the key functions of the app. But, there are still many things missing which must have to be added sooner rather than later (Zaitsev & Denisov 2013).

I – 3 out of 5 Stars: The fact that US Government has decided to officially ban I from its governmental, finance and other such organizations, does not make it any less effective. It has been around for a long time and is here to stay. Moreover, they offer an antivirus package for free (Gostev, et al. 2009).

I Anti-Virus is among the top antivirus programs for computers running any version of Windows. It does an exceptional job protecting against malware and phishing attacks. If your PC is already riddled with infections, the software can track them down, set things right and heal the damage. Its on-screen keyboard can help keep sensitive information safe when you access online accounts, and the safe browser feature marks search results so you know if a site is safe to visit. It does cause some slowdown during system scans, though we noticed it mainly while trying to download or upload files. The package uses multiple techniques to keep you safe from harm. The core antivirus engine detects and blocks malware before it can touch your system; System Watcher uses behavior monitoring to spot even brand new, undiscovered threats; and there are separate layers to protect you from network attacks, dangerous email objects and malicious and phishing links.

The I Antivirus extension mainly offers the following benefits:

- Scans all incoming and outgoing mail traffic on the server.
- Removes malicious and potentially dangerous code from e-mail messages.

Automatically updates virus signatures. It also gives you the ease of installing the suite in the 20 PCs, tablets, and smartphones, at a cheap rate. It also has the online dashboard for the management of the security. However, just like every other software, it has its cons too;

- Password management isn’t included with Internet Security
- Warnings from the US Government (Illegal Matters)
- Bonus scans overlap each other significantly
- Unable to detect Keylogger, even if it’s already installed

The bandwidth of the VPN is limited coming to the bottom line, I Anti-Virus consistently performed well in our protection tests, proving it is a great program that can detect and block malware threats on your computer (Gomes, et al. 2009). It is one of the leading providers of antivirus software and has been so ever since it started. It provides a good quality product that is easy to use for anybody.

Application description

The antivirus installation process begins with a request to grant permissions before we can even begin the application:

After providing approval for the photos media and other files and manage calls and make phone calls you will need to choose to buy a subscription or skip after it the device will ask to begin system full scan and update the antivirus definitions to the latest version.

After proceeding with the free trial the app will request to perform a device full scan (we already gave consent to manage calls and provide access to files and media) and update the app to the latest version and latest definitions, besides the access is given already nothing was required for the scan to perform then the app goes into the main screen wherein the bottom area you have an area with a lot of items that can be expanded (Thuraisingham 2015). Feature: Calls & text messages function: Consent to SMS messages view and send and access contacts will be required.

Then you will have the function to choose what to block texts only or calls & texts. Real-time protection requires a premium to use this so it cannot be tested or if you had this before for trial use the trial expired you cannot check but this is a premium feature only. The anti-theft feature has a lot of advanced functions such as remote control commands wipe locate lock and alarm and SIM card watch if changes and uninstallation protection so antivirus cannot be removed.

After the permission to device location calendar and to take and record video and pictures required to create an account for I to allow access via the website and monitor location and other functions, and afterwards set up of emergency pin code or fingerprint to allow access to the next screen.

After the pin code has been set the app will require to get permissions to set the app as administrator and thus grant permission for many functions which are listed such as lock screen disable camera erase data etc. in return to get the ability to use the anti-theft feature.

Abbildung in dieser Leseprobe nicht enthalten

Figure 68: I antivirus permissions

Afterwards you will be asked to enable accessibility and grant permissions to personal data for the app to monitor, from there the anti-theft feature will be shown and be able to set the commands remotely such as data wipe alarm clock and locate remotely using website and SIM watch in case of SIM card swap but not a small tradeoff. App Lock feature also premium not available if free trial expired but does not require any additional permissions from the device from those that were granted already (Chintalaphani, 2017). Text anti-phishing also same as with App Locker premium feature expired cannot use this internet protection uses safe surfing also premium and privacy protection.

The main menu of the app has many features anti-theft call & text filter and scanner are free in addition there are external apps which include: battery life, QR scanner , safe kids, password manager and secure connection as external apps those require the same permission for each resource and do not allow screenshots to be taken by even 3rd party apps I have shown the battery life app which required accessibility permission to observe and retrieve window contents password protection didn’t ask for any special resources besides the use of the system accessibility setting.

QR scanner: feature allows to scan QR codes available via the app requires access to the camera for record and use will request permission.

Then the camera activates, and you will be able to use the camera feature. Parental control: firstly, installation pops license agreement screen then login page account required for both child and parent separate accounts for each.

Abbildung in dieser Leseprobe nicht enthalten

Figure 69: I antivirus permissions and usage

Require approval of administrator access to the device as well as observe and retrieve window content and access to the device phone calls SMS and view and send, contacts of kids and kids location on the map so that the parent can track their children and view their calls and manage them tradeoff for these features.

Abbildung in dieser Leseprobe nicht enthalten

The parent can see the full settings of the device including record and other advanced functions turning off and uninstalling app possible from parent app only.

Secure connectivity App requires permission to the app accessibility which grants access to view content of windows and retrieves them, in addition, the app needs to make and manage phone calls after permission is given the user will be able to encrypt their internet connection and secure their connection. This is an external app installed as an addition to the existing I app which is already installed.

Abbildung in dieser Leseprobe nicht enthalten

7.16.10 J

Introduction

J is a well-known product on the Google Play store as it is one of the best security apps. The app consists of all necessary features for protecting a smartphone from malware, virus, hacking, and phishing sites. It is the best app according to many surveys conducted in the recent past. The key feature of the app is the collaborative action performed by the tools to ensure the security (Sammons & Cross 2016). Some Features:

- Containment Technology
- Cloud-based Protection
- Sandboxing Capability
- 24/7 Monitoring

J provides the most straightforward and powerful means for buyers around the globe, to ensure their information and way of life as they explore their advanced lives over their associated gadgets. During the most recent thirty-five years, J has manufactured a rich and boundless worldwide risk insight organizes, continually breaking down and assembling information on dangers from more than 300 million endpoints over the world (Friedewald & Pohoryles 2014). J Antivirus Plus is the best app for the protection of the phone. It protects about 90 of the Fortune 100 companies, 82% of the world's largest banks, and over 300 million people across the globe (Jeon, et al. 2011). They also go with the motto, “We pledge to remove viruses on your devices or give you your money back, 100% guaranteed”. It is the best anti-phishing product on the Play store as far as the test results are concerned (Faruki, et al. 2013). It has a vast range of protection for all the PCs, Macs, OS, Android, and iOS. J’s trump card is its Security Scan; the official purpose of which is to analyze your defenses and tell you if your computer is vulnerable. It checks the status of your firewall, antivirus, and scans your web history and objects currently running in memory for malware. Windows perform most of these functions already, but J Security Scan makes these alerts more prominent.

However, along with all of this, there are some cons to this as well; J antivirus is not considered as the fastest antivirus among all antivirus software, as it consumes lots of memory, whether in terms of real-time protection or during the scan. In comparison with other antivirus programs, J is not the most efficient solution for the users.

Using a huge amount of memory during scanning is another negative point of this antivirus. The duration of the full scan perhaps takes a long time. The use of memory is high and so you basically require leaving your PC alone for finishing the scan procedure. Nonetheless, despite having a few cons to itself, this antivirus solution comes along with amazing stuff and it still can be your favorite, with all the good aspects it has to offer!

J Got a score – 5 out of 5 Stars : Having been around for a long time, J comes first. Not just because it's an industry veteran but because it contains some impressive security features.

Application description

Protection against different types of malware, easy to use interface, being extremely lightweight is some of its features.

Abbildung in dieser Leseprobe nicht enthalten

The Menu which appear guide us to accept the privacy notice if you click on it you will be taken to the J’ official website with all the privacy and data which is being collected and tailored ads to suit your profile which you will grant permission to use the app by clicking on the Accept button, so at this stage already you have provided the consent to gather information on you and your use of the mobile phone in return to having the ability for using this Antivirus application and seeing ads. From here on you will have an option to see ads and continue to use the J app for free or selecting Remove ads which basically is to purchase the monthly/yearly license subscription this way you will get the app without any ads (Kalra 2016). In the next page the app will require the permissions from you which includes: Location the app will know where you are in return to get Wi-Fi threats protection:

Abbildung in dieser Leseprobe nicht enthalten

By Pressing on Location, the app will require you to allow the access to the device location (Kammer, 2009). Accessibility turn on the widget bar which will allow you to have the control over the app from outside the app, pressing on the accessibility will bring you to the device accessibility settings:

Abbildung in dieser Leseprobe nicht enthalten

Figure 70: J antivirus permissions

App Usage pressing on that button will allow the app to provide consent to use the consumption of data while browsing the internet and other apps which run on the background in return you grant the app access to observe actions and retrieve window content:

After the access was granted and you allowed the app to observe your actions and to retrieve window content we get to the main app screen:

Abbildung in dieser Leseprobe nicht enthalten

Let’s review some additional functions which get additional access to the device:

Storage Cleaner: as the name implies this feature allows you to clean temporary memory and unnecessary files on the device in return you agree to provide the app access to the device storage to your files on the mobile phone. After the consent has been provided you may choose what kind of cache and old files to remove:

Abbildung in dieser Leseprobe nicht enthalten

Memory Booster feature allows the device to terminate unnecessary applications which are running on your system and because you already agreed to provide access for the device to access applications and observe behavior the app can without any problems terminate those unneeded things running in your background:

Abbildung in dieser Leseprobe nicht enthalten

According to Chintalaphani (2017), App Lock feature allows the app to lock the apps in your phone so others cannot access it without knowing the security pin code which you have set, but before you can do it first of all you must provide consent for the app lock to make & manage phone calls, send & view SMS messages and access to phone contacts:

Abbildung in dieser Leseprobe nicht enthalten

Figure 71: J antivirus permissions

After Consent has been granted to all those areas of your mobile phone you will be directed to set a 6-digit pin code to unlock the app security each time you will need to access a locked app in the list which you have selected.

Abbildung in dieser Leseprobe nicht enthalten

Note: Pin code can be recovered using your email address so be careful to secure it as well as otherwise it can be used as a loophole.

Anti-Theft feature has a lot of functions but first before you can proceed any further you must grant permission for the app to access your mobile device cameras in case stolen and privacy protection and also provide consent to allow the app to take pictures and record video you cannot proceed without this consent (Pramod & Raman 2014).

Abbildung in dieser Leseprobe nicht enthalten

After you allowed the app the consent you will be inside the Anti-theft menu which includes features such as GPS location which is set by default to be on, auto lock feature which has a variety of features such as:

Abbildung in dieser Leseprobe nicht enthalten

Theft protection which will require the administrator access to the device to use the “full protection of the device” and you will need to remove the app from the administrator list before you may uninstall it (Pramod & Raman 2014).

There are a variety of additional features available such as SMS to save the last location known if battery low, Thief cam which will take photos of anyone who will try to unlock the device and break into apps or device. The thief cam activation can be selected after 3-5 wrong pin code/pattern/password entries in a row. Auto lock feature locks your device if no SIM card is detected or network loses by protecting privacy and locking the device in any of those cases if someone tries to change the SIM card to disable this feature you will be required to enter the pin code you’ve set. Lock alarm feature sets off the alarm, so others will know your device was stolen or to help you find the thief. Airplane mode lock locks device when it is set to airplane mode.

Change the lock message to return this device contact email address set. Back to Main Anti-Theft feature the locate feature: allows to track the device if stolen by logging to the website of mobile security and click on locate and then select either current position up to 6 hours ago on the map. And can locate using text message send secure locate and pin code to it and it will allow you to trace the location.

The lock will lock your device and only using the 6-digit pin code that the unlocking of the pin code will be done (Friedewald & Pohoryles 2014). Only emergency dial and forgot pin code will be available if you choose to activate this feature. Again, there is the loophole of having your mobile-accessed if the mailbox is not secure.

Thief Protection helps protect by allowing access to things such as Remote factory reset to prevent your data of falling into the wrong hands. Thief cam to take pictures if more than 5 wrong pin code/PW/pattern attempts. Turning this feature off thief protection will be available only by deactivating device administrator in settings. SIM card Track warns if someone will attempt to change the SIM cards or even network loss and track location and show new number inserted into the phone (Becher, et al. 2011). Wipe all data will erase all data on the phone by inserting the pin code.

The app has additional Feature such as:

Deep-Scan: for viruses to scan preinstalled apps, files and text messages. Scan Info displays date of last scan as well as last antivirus definitions update in settings you may choose options such as real-time protection to warn you against real-time antivirus threats scheduled scans auto update and choose scan options you may select what possibly to scan and what not and to notify in case of a virus detection (Friedewald & Pohoryles 2014).

Safe-Web: protecting browsing by preventing dangerous websites and warn you in case of danger.

Safe-WIFI: shows the connection between the device and the internet and warns if the network is unsafe and if you are at risk like no encryption for the network and if even wifi got hacked.

Backup feature allows you to backup text messages, call log, contacts, and media (pro version required for this).

Privacy check: displays the app privacy based on personal info they share and only trust well-known apps.

There are three rankings: high medium and low:

High: Apps which track location access critical data such as phone numbers address book text messages and files on local memory drive.

Medium: app accesses share sensitive data like IP address and device id.

Low: app accesses non-critical data like device model and system version.

System app is an app that system comes with.

Abbildung in dieser Leseprobe nicht enthalten

Kid mode allows you to set a profile which will prevent your kids from accessing apps which you choose to prevent them.

Battery life-prolonging: this feature requires access to modify system settings. To adjust screen brightness and timeout to prolong battery life.

Abbildung in dieser Leseprobe nicht enthalten

You give up on system settings and other control of your device in order to use this feature and expose your device to the dangers which come with it.

Track data storage is simply showing statistics of how much data and % of memory what app uses as well as limit data used by an app.

More info allows you to have the ability to view the tour and get privacy settings which you give access to by using this app.

7.16.11 K

Introduction

Company founded in 1998 world biggest investment corporation which specializes in different services and products, we secure has over 300 million users with 50k installs on google play rated of 4.3 out of 5 (Pries & Dunnigan, 2015).

Application description

At the beginning of the installation phase it already required access to things on the mobile:

Abbildung in dieser Leseprobe nicht enthalten

Figure 72: K antivirus application

The permissions requirement is as it was before the change made on 2018 for the android operating systems on the mobiles of android devices, the license agreement on start now given consent we proceed on to suspicious message then we press on virus scan get to the scanning menu where the app begins to scan the app for virus threats, 2 options are available full scan or quick full includes the SD card as well (Tencent We Secure, 2017).

K safe browser which then prompts to get permissions to the system to be able to work with the android and unknown sources and device location and files on the device all these required for QQ browser to work.

Abbildung in dieser Leseprobe nicht enthalten

Figure 73: K antivirus permissions

Data backup function requires permission to: take pictures, appear on top, modify contacts location and read and write call logs as well as modify contents of USB storage (Tencent We Secure, 2017).

After this we will need to create an account and login to the cell region and receive the function to do backup on the cloud.

Abbildung in dieser Leseprobe nicht enthalten

No other functions available for this app this are app the features available this app is free and that’s all it has to offer.

7.16.12 L

Introduction

This is the last app in our list and it has some important features which lead it to our list of protective apps. It is a well-suited app for the protection of the phone against malware, virus, thieves, hackers, and other fake people (Micro, Trend 2013).

L Antivirus is also in our list of best security apps due to its best features. It protects five devices on all platforms and has produced excellent results in the anti-phishing and URL blocking tests. L Deep Security is a zero footprint anti-malware and file integrity solution for enterprise virtual infrastructure. Deep Security ties in with your system very tightly, and it is a very solid application. Whereas we use an antivirus client on physical machines in the enterprise, we use Deep Security for the protection of our virtual environment. The dashboard alerts and events notify the admin when there is an issue and finding solutions to issues is easy. If needed, support is excellent, and there is a very little delay with Deep Security engineers jumping in to resolve more complex issues (Micro, Trend 2013). However, one important feature L doesn’t have that other basic antivirus programs tend to include is a vulnerability scanner. This tool checks all the programs installed on your computer and lets you know if any need to be updated. Out-of-date programs are among the most common ways hackers sneak into your system. Ransomware also takes advantage of these weak spots. L Antivirus+ Security also doesn’t have safe banking tools, a password manager or parental controls. (Micro, Trend 2013).

- Coming on to the drawbacks on the software:
- Static detection foiled by manual malware modification
- This program doesn’t include a system vulnerability scan
- Gamer mode is not manually enabled
- Once identified one PCMag utility as malware when testing
- Lack of firewall
- Limited parental controls

Nonetheless, the bottom line comes down to the fact that L is excellent at blocking malware trying to enter through your web browser. L Antivirus Security protects your mobile device from both known and zero-day malware internet threats. (Micro, Trend 2013).

Application description

Starting with the installation process there is a requirement to accept the license agreement which straight away pops up with 2 windows

Abbildung in dieser Leseprobe nicht enthalten

After the acceptance the program has all features on trial mode meaning subscription is required to access any of them only the security basic scan is open and system tuner to battery charge and optimize system usage, by opening this it will prompt permission for accessibility as well as manage phone calls and allow permissions to usage as well so it can retrieve and monitor the window content.

Abbildung in dieser Leseprobe nicht enthalten

Figure 74: L antivirus usage and permissions

[...]

181 of 181 pages

Details

Title
The Contribution of Contextualized Security in Mobile Security Applications
Author
Year
2019
Pages
181
Catalog Number
V514420
ISBN (eBook)
9783346110336
Language
English
Tags
Smart Devices, Mobile Applications, Privacy, Mobile Security, Privacy Invasion, Food Label System
Quote paper
Erick Larkin (Author), 2019, The Contribution of Contextualized Security in Mobile Security Applications, Munich, GRIN Verlag, https://www.grin.com/document/514420

Comments

  • No comments yet.
Read the ebook
Title: The Contribution of Contextualized Security in Mobile Security Applications



Upload papers

Your term paper / thesis:

- Publication as eBook and book
- High royalties for the sales
- Completely free - with ISBN
- It only takes five minutes
- Every paper finds readers

Publish now - it's free