Identifying ways to improve smartphone security
an associate professor of Computer Science at Purdue, who also led research on a paper with Li that analyzed app reviews.
“Users also look at average ratings, number of downloads and user comments,” Si says. “In our studies, we found that there exist correlations between the quality of an app and the average rating from users, as well as the ratio of negative comments about security and privacy.”
“This is a classic example of the links between humans and technology,” says Heng Xu, program director in the Secure and Trustworthy Cyberspace program in NSF’s Social, Behavioral and Economic Sciences Directorate. “The Android smartphones studied by this group of scientists reveals the great need to understand human perception as it relates to their own privacy and security.”
“The complexity of modern access control mechanisms in smartphones can confuse even security experts,” says Jeremy Epstein, lead program director for the Secure and Trustworthy Cyberspace program in NSF’s Directorate for Computer and Information Science and Engineering, which funded the research.
“Safeguards and protection mechanisms that protect privacy and personal security must be usable by all smartphone users, to avoid the syndrome of just clicking ‘yes’ to get the job done. The SaTC program encourages research like Dr. Li’s and colleagues that helps address security usability challenges.”
Numbers speak to the amount of unsecured personal data
According to Google, the current developer of the Android operating system, more than 400 million Android devices were activated in 2012. As of July 2013, users had downloaded more than fifty billion apps from Google Play, Android’s official app store.
The numbers speak to the amount of unsecured personal data now available for offsite storage and use by third parties.
In an effort to make it easier for users to understand what information an app can access, the online Google Play store arranged app permissions into categories available for review before an app is purchased.
One category, “Contacts/Calendar,” warns that when users are faced with giving permission for this group, the app may use the device’s contacts and/or calendar information to “read your contacts, modify your contacts, read your calendar events plus confidential information, add or modify calendar events and send email to guests without owners’ knowledge.”
Another category, “Cellular data settings” warns the app “can use settings that control your mobile data connection and potentially the data you receive.
Smartphone security researchers identify these requests as “dangerous permissions,” because they come with associated risks. Furthermore, Li and
