Delegate the smartphone user? Security awareness in smartphone platforms

Computers and Security

Volumn 34, Issue , 2013, Pages 47-66

  Mylonas, Alexios ^a   Kastania, Anastasia ^a   Gritzalis, Dimitris ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Application markets; Security awareness; Security survey; Smartphone platforms; Smartphone security

Indexed keywords

SIGNAL ENCODING; SMARTPHONES; SURVEYS;

APPLICATION DELIVERY; PREDICTION MODEL; SECURITY AND PRIVACY; SECURITY AWARENESS; SECURITY CONTROLS; SECURITY SURVEY; SMARTPHONE SECURITIES; THIRD PARTY APPLICATION (APPS);

MOBILE SECURITY;

EID: 84891843335     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2012.11.004     Document Type: Article

References (58)

1. Amini S, Lin J, Hong J, Lindqvist J, Zhang J.Towards scalable evaluation of mobile applications through crowdsourcing and automation. Technical Report CMU-CyLab-12-006. Carnegie Mellon University; 2012.
2. Anderson J, Bonneau J, Stajano F. Inglorious installers: security in the application marketplace. In: Proc. of the 9th workshop on the economics of information security (WEIS'10); 2010.
3. Androulidakis I, Kandus G. A survey on saving personal data in the mobile phone. In: Pernul G, et al., editors. Proc. of 6th international conference on availability, reliability and security (ARES-2011). Austria; 2011a. p. 633-8.
4. Androulidakis I, Kandus G. Mobile phone downloading among students: the status and its effect on security. In: Proc. of 10th international conference on mobile business (ICMB-2011). Italy; 2011b. p. 235-42.
5. Androulidakis I, Kandus G. Feeling secure vs. being secure, the mobile phone user case. In: Proc. of 7th international conference in global security, safety and sustainability (ICGS3-2011). Greece: Springer; 2012. p. 212-9. LNCS-99.
6. Aviv A, Gibson K, Mossop E, Blaze M, Smith J. Smudge attacks on smartphone touch screens. In: Proc. of the 4th USENIX conference on offensive technologies. USENIX Association; 2010. p. 1-7.
7. Baghdassarian S, Milanesi C. Forecast: mobile application stores, world-wide, 2008-14. Tec Report G00209676. Gartner; 2010.
8. Barrera D, Van Oorschot P. Secure software installation on smartphones. IEEE Security and Privacy 2011;9(3):42-8.
9. Böhme R, Köpsell S. Trained to accept?: a field experiment on consent dialogs. In: Proc. of the 28th international conference on human factors in computing systems (CHI '10). USA: ACM; 2010. p. 2403-6.
10. BSA. BSA global software piracy study: shadow market. Technical Report. 9th ed. Business Software Alliance; 2012.
11. Chia P, Yamamoto Y, Asokan N. Is this app safe?A large scale study on application permissions and risk signals. In: Proc. of the 21st international world wide web conference; 2012.
12. Cohen F. Computational aspects of computer viruses. Computers & Security 1989;8(4):297-8.
13. Cohen J. Statistical power analysis for the behavioral sciences. Lawrence Erlbaum; 1988.
14. Communications Committee. Broadband access in the EU: situation at 1 July 2011. Technical Report COCOM11-24; 2011.
15. Coursen S. The future of mobile malware. Network Security 2007; 2007(8):7-11.
16. Cronbach L. Coefficient alpha and the internal structure of tests. Psychometrika 1951;16:297-334.
17. Egele M, Kruegel C, Kirda E, Vigna G. Pios: detecting privacy leaks in iOS applications. In: Proc. of the net and distributed system security symposium (NDSS-2011); 2011.
18. Egelman S, Cranor L, Hong J. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proc. of the 26th annual SIGCHI conference onhuman factors in computing systems (CHI '08). New York, USA: ACM; 2008. p. 1065-74.
19. Enck W, Ongtang M, McDaniel P. On lightweight mobile phone application certification. In: Proc. of the 16th ACM conference on computer and communications security (CCS '09). USA: ACM; 2009. p. 235-45.
20. Enck W, Gilbert P, Chun B, Cox L, Jung J, McDaniel P, et al. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. of the 9th USENIX symposium on operating systems design and implementation (OSDI'10). USENIX Association; 2010. p. 1-6.
21. Enck W, Octeau D, McDaniel P, Chaudhuri S. A study of android application security. In: Proc. of the 20th USENIX conference on security. USA: USENIX Association; 2011.
22. Felt A, Chin E, Hanna S, Song D, Wagner D. Android permissions demystified. In: Proc. of the 18th ACM conference on computer and communications security (CCS '11). USA: ACM; 2011a. p. 627-38.
23. Felt A, Finifter M, Chin E, Hanna S, Wagner D. A survey of mobile malware in the wild. In: Proc. of the 1st ACM workshop on security and privacy in smartphones and mobile devices (SPSM '11). ACM; 2011b. p. 3-14.
24. Felt A, Wang H, Moshchuk A, Hanna S, Chin E, Greenwood K, Wagner D, et al. Permissionre-delegation: attacksanddefenses. In: Proc. of the 20th USENIX security symposium, USA; 2011c.
25. Felt A, Ha E, Egelman S, Haney A, Chin E, Wagner D. Android permissions: user attention, comprehension, and behavior. Technical Report UCB/EECS-2012-26; UC Berkeley; 2012.
26. Flick U. An introduction to qualitative research. Sage Publications; 1998.
27. Furnell S. Why users cannot use security. Computers & Security 2005;24(4):274-9.
28. Furnell S. Making security usable: are things improving? Computers & Security 2007;26(6):434-43.
29. Furnell S, Jusoh A, Katsabas D. The challenges of understanding and using security: a survey of end-users. Computers & Security 2006;25(1):27-35.
30. Gilbert P, Chun BG, Cox LP, Jung J. Vision: automated security validation of mobile apps at app market. In: Proc. of the 2nd international workshop on mobile cloud computing and services (MCS '11). USA: ACM; 2011. p. 21-6.
31. Grace M, Zhou Y, Wang Z, Jiang X. Detecting capability leaks in android-based smartphones. Technical Report. North Carolina State University; 2011.
32. Harrell F, Lee K, Califf R, Pryor D, Rosati R. Regression modeling strategies for improved prognostic prediction. Statistics in Medicine 1984;3(2):143-52.
33. Hornyack P, Han S, Jung J, Schechter S, Wetherall D. These aren't the droids you're looking for: retrofitting android to protect data from imperious applications. In: Proc. of the 18th ACM conference on computer and communications security (CCS '11). USA: ACM; 2011. p. 639-52.
34. Hosmer D, Lemeshow S. Applied logistic regression, vol. 354. Wiley-Interscience; 2000.
35. Howell J, Schechter S. What you see is what they get. In: Proc. of the IEEE workshop on web 2.0 security and privacy; 2010.
36. Kelley P, Consolvo S, Cranor L, Jung J, Sadeh N, Wetherall D. A conundrum of permissions: installing applications on an android smartphone. In: Workshop on usable security (USEC-2012); 2012.
37. Lookout. Security alert: droiddream malware found in official android market, http://blog.mylookout.com/blog/2011/03/01/security-alert-malware-found- in-official-android-marketdroiddream/; [accessed April 2012].
38. Marmol F, Perez G. Security threats scenarios in trust and reputation models for distributed systems. Computers & Security 2009;28(7):545-56.
39. McDaniel P, Enck W. Not so great expectations: why application markets haven't failed security. IEEE Security and Privacy (SP) 2010;8(5):76-8.
40. McKnight DH, Chervany NL. The meanings of trust. Technical Report WP9604. University of Minnesota Information Systems Research Center; 1996.
41. Motiee S, Hawkey K, Beznosov K. Do windows users follow the principle of least privilege?: investigating user account control practices. In: Proc. of the 6th symposium on usable privacy and Security (SOUPS '10). USA: ACM; 2010. p. 1-13.
42. Mylonas A, Dritsas S, Tsoumas B, Gritzalis D. Smartphone security evaluation - the malware attack case. In: Samarati P, Lopez J, editors. Proc. of the international conference on security and cryptography (SECRYPT'11). Spain: SciTePress; 2011a. p. 25-36.
43. Mylonas A, Tsoumas B, Dritsas S, Gritzalis D. A secure smartphone applications roll-out scheme. In: Proc. of the 8th international conference on trust, privacy & security in digital business (TRUST-2011). France: Springer; 2011b. p. 49-61. LNCS-6863.
44. Nadji Y, Giffn J, Traynor P. Automated remote repair for mobile malware. In: Proc. of the 27th annual computer security applications conference (ACSAC'11). USA:ACM; 2011. p. 413-22.
45. Nagelkerke N. A note on a general definition of the coefficient of determination. Biometrika 1991;78(3):691-2.
46. Nauman M, Khan S, Zhang X. Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proc. of the 5th ACM symposium on information, computer and communications security (CCS'10). USA: ACM; 2010. p.328-32.
47. Niemela J. Just because it's signed doesn't mean it isn't spying on you, http://www.f-secure.com/weblog/archives/00001190.html; [accessed April 2012].
48. Quirolgico S, Voas J, Kuhn R. Vetting mobile apps. IT Professional 2011;13:9-11.
49. Redman P, Girard J, Wallin L. Magic quadrant for mobile device management software. Technical Report G00211101. Gartner; 2011.
50. Shekhar S, Dietz M, Wallach D. AdSplit: separating smartphone advertising from applications. Technical Report; 2012.
51. Sunshine J, Egelman S, Almuhimedi H, Atri N, Cranor LF. Crying wolf: an empirical study of ssl warning effectiveness. In: Proc. of the 18th USENIX security symposium (SSYM '09). USA: USE Association; 2009. p. 399-416.
52. Theoharidou M, Gritzalis D. A Common Body of Knowledge for Information Security. IEEE Security & Privacy 2007;5(2):64-7.
53. Theoharidou M, Mylonas A, Gritzalis D. A risk assessment method forsmartphones (AICT376). In: Proc. of the 27th IFIP information security and privacy conference. Springer; 2012. p. 443-56.
54. Thomson M, von Solms R. Information security awareness: educating your users effectively. Information Management & Computer Security 1998;6(4):167-73.
55. Whitten A, Tygar J. Why johnny can't encrypt: a usability evaluation of PGP 5.0. In: Proc. of the 8th USENIX security symposium. USA; 1999.
56. Zhou W, Zhou Y, Jiang X, Ning P. Detecting repackaged smartphone applications in third-party android marketplaces. In: Proc. of 2nd ACM conference on data and application security and privacy (CODASPY-2012). ACM; 2012a. p. 317-26.
57. Zhou Y, Jiang X. Dissecting android malware: characterization and evolution. In: Proc. of the IEEE symposium on security and privacy (SP). IEEE; 2012. p. 95-109.
58. Zhou Y, Wang Z, Zhou W, Jiang X. Hey, you, get off of my market: detecting malicious apps in official and alternative android markets. In: Proc. of the 19th network and distributed system security symposium (NDSS '12). USA; 2012b;.