Signalling over-privileged mobile applications using passive security indicators

摘要

As mobile devices have evolved from simple phones to rich computing systems, the data stored on these multi-taskers have consequently become more sensitive and private. Due to this, modern mobile operating systems include sophisticated permission systems for restricting the access to this device for the mobile applications. However, many applications acquire more permissions than required. These over-privileged applications can affect data security and user privacy. All application permissions are indicated to the user, but these notifications have been shown to be ignored or not understood. Thus, other mechanisms need to be improved.This paper presents design approaches to communicate the degree of over-privilege in mobile applications. It uses an additional rating system in application stores to inform users before making the decision of installing a specific application. The approaches have been evaluated in a usability study based on distinct prototype Android application stores. The findings show that passive security indicators can be applied to influence the decision-making process of users before downloading and installing an application. (C) 2016 Elsevier Ltd. All rights reserved.