Effects of the design of mobile security notifications and mobile app usability on users’ security perceptions and continued use intention

The explosive global adoption of mobile applications (i.e., apps) has been fraught with security and privacy issues. App users typically have a poor understanding of information security; worse, they routinely ignore security notifications designed to increase security on apps. By considering both mobile app interface usability and mobile security notification (MSN) design, we investigate how security perceptions of apps are formed and how these perceptions influence users’ intentions to continue using apps. Accordingly, we designed and conducted a set of controlled survey experiments with 317 participants in different MSN interface scenarios by manipulating the types of MSN interfaces (i.e., high vs. low disruption), the context (hedonic vs. utilitarian scenarios), and the degree of MSN intrusiveness (high vs. low intrusiveness). We found that both app interface usability and the design of MSNs significantly impacted users’ perceived security, which, in turn, has a positive influence on users’ intention to continue using the app. In addition, we identified an important conundrum: disruptive MSNs—a common approach to delivering MSNs—irritate users and negatively influence their perceptions of app security. Thus, our results directly challenge current practice. If these results hold, current practice should shift away from MSNs that interrupt task performance.     

A technique to circumvent SSL/TLS validations on iOS devices

SSL/TLS validations such as certificate and public key pinning can reinforce the security of encrypted communications between Internet-of-Things devices and remote servers, and ensure the privacy of users. However, such implementations complicate forensic analysis and detection of information disclosure; say, when a mobile app breaches user’s privacy by sending sensitive information to third parties. Therefore, it is crucial to develop the capacity to vet mobile apps augmenting the security of SSL/TLS traffic. In this paper, we propose a technique to bypass the system’s default certificate validation as well as built-in SSL/TLS validations performed in iOS apps. We then demonstrate its utility by analysing 40 popular iOS social networking, electronic payment, banking, and cloud computing apps.     

Understanding the impact of personality traits on mobile app adoption – Insights from a large-scale field study

The sheer amount of available apps allows users to customize smartphones to match their personality and interests. As one of the first large-scale studies, the impact of personality traits on mobile app adoption was examined through an empirical study involving 2043 Android users. A mobile app was developed to assess each smartphone user's personality traits based on a state-of-the-art Big Five questionnaire and to collect information about her installed apps. The contributions of this work are two-fold. First, it confirms that personality traits have significant impact on the adoption of different types of mobile apps. Second, a machine-learning model is developed to automatically determine a user's personality based on her installed apps. The predictive model is implemented in a prototype app and shows a 65% higher precision than a random guess. Additionally, the model can be deployed in a non-intrusive, low privacy-concern, and highly scalable manner as part of any mobile app.     

Android mobile VoIP apps: a survey and examination of their security and privacy

Voice over Internet Protocol (VoIP) has become increasingly popular among individuals and business organisations, with millions of users communicating using VoIP applications (apps) on their smart mobile devices. Since Android is one of the most popular mobile platforms, this research focuses on Android devices. In this paper we survey the research that examines the security and privacy of mVoIP published in English from January 2009 to January 2014. We also examine the ten most popular free mVoIP apps for Android devices, and analyse the communications to determine whether the voice and text communications using these mVoIP apps are encrypted. The results indicate that most of the apps encrypt text communications, but voice communications may not have been encrypted in Fring, ICQ, Tango, Viber, Vonage, WeChat and Yahoo. The findings described in this paper contribute to an in-depth understanding of the potential privacy risks inherent in the communications using these apps, a previously understudied app category. Six potential research topics are also outlined.     

Lifting inter-app data-flow analysis to large app sets

Mobile apps process increasing amounts of private data, giving rise to privacy concerns. Such concerns do not arise only from single apps, which might—accidentally or intentionally—leak private information to untrusted parties, but also from multiple apps communicating with each other. Certain combinations of apps can create critical data flows not detectable by analyzing single apps individually. While sophisticated tools exist to analyze data flows inside and across apps, none of these scale to large numbers of apps, given the combinatorial explosion of possible (inter-app) data flows. We present a scalable approach to analyze data flows across Android apps. At the heart of our approach is a graph-based data structure that represents inter-app flows efficiently. Following ideas from product-line analysis, the data structure exploits redundancies among flows and thereby tames the combinatorial explosion. Instead of focusing on specific installations of app sets on mobile devices, we lift traditional data-flow analysis approaches to analyze and represent data flows of all possible combinations of apps. We developed the tool Sifta and applied it to several existing app benchmarks and real-world app sets, demonstrating its scalability and accuracy.     

Detecting plagiarized mobile apps using API birthmarks

This paper addresses the problem of detecting plagiarized mobile apps. Plagiarism is the practice of building mobile apps by reusing code from other apps without the consent of the corresponding app developers. Recent studies on third-party app markets have suggested that plagiarized apps are an important vehicle for malware delivery on mobile phones. Malware authors repackage official versions of apps with malicious functionality, and distribute them for free via these third-party app markets. An effective technique to detect app plagiarism can therefore help identify malicious apps. Code plagiarism has long been a problem and a number of code similarity detectors have been developed over the years to detect plagiarism. In this paper we show that obfuscation techniques can be used to easily defeat similarity detectors that rely solely on statically scanning the code of an app. We propose a dynamic technique to detect plagiarized apps that works by observing the interaction of an app with the underlying mobile platform via its API invocations. We propose API birthmarks to characterize unique app behaviors, and develop a robust plagiarism detection tool using API birthmarks.     

A study of the relation of mobile device attributes with the user-perceived quality of Android apps

The number of mobile applications (apps) and mobile devices has increased considerably over the past few years. Online app markets, such as the Google Play Store, use a star-rating mechanism to quantify the user-perceived quality of mobile apps. Users may rate apps on a five point (star) scale where a five star-rating is the highest rating. Having considered the importance of a high star-rating to the success of an app, recent studies continue to explore the relationship between the app attributes, such as User Interface (UI) complexity, and the user-perceived quality. However, the user-perceived quality reflects the users’ experience using an app on a particular mobile device. Hence, the user-perceived quality of an app is not solely determined by app attributes. In this paper, we study the relation of both device attributes and app attributes with the user-perceived quality of Android apps from the Google Play Store. We study 20 device attributes, such as the CPU and the display size, and 13 app attributes, such as code size and UI complexity. Our study is based on data from 30 types of Android mobile devices and 280 Android apps. We use linear mixed effect models to identify the device attributes and app attributes with the strongest relationship with the user-perceived quality. We find that the code size has the strongest relationship with the user-perceived quality. However, some device attributes, such as the CPU, have stronger relationships with the user-perceived quality than some app attributes, such as the number of UI inputs and outputs of an app. Our work helps both device manufacturers and app developers. Manufacturers can focus on the attributes that have significant relationships with the user-perceived quality. Moreover, app developers should be careful about the devices for which they make their apps available because the device attributes have a strong relationship with the ratings that users give to apps.     

Examining the impacts of fitness app features on user well-being

Drawing on the self-regulation theory, the current paper explores the impacts of two types of fitness app feature sets (i.e., personal-oriented and social-oriented features) on users’ health behavior and well-being. The results from fitness app users show that both personal-oriented features and social-oriented features of fitness apps can significantly improve exercise adherence and social engagement of users. Users’ exercise proficiency level negatively moderates the relationship between social-oriented features and (a) exercise adherence and (b) social engagement. High levels of social engagement promote users’ physical adherence to exercises. Exercise adherence and social engagement both enhance users’ subjective well-being, but their impacts on different dimensions of well-being vary. Furthermore, regardless of specific features, sufficient use of fitness apps, in general, can significantly help users lead more positive and healthier lives by maintaining exercise adherence, reducing emotional exhaustion, and improving their satisfaction with the overall quality of life. Our findings offer important insights into the underlying mechanisms that help explain fitness app features on users’ well-being, and on a practical level, provide suggestions for mobile app developers in designing better fitness app products and for exercisers in optimizing the benefits of fitness technology adoption.     

Analyzing and automatically labelling the types of user issues that are raised in mobile app reviews

Mobile app reviews by users contain a wealth of information on the issues that users are experiencing. For example, a review might contain a feature request, a bug report, and/or a privacy complaint. Developers, users and app store owners (e.g. Apple, Blackberry, Google, Microsoft) can benefit from a better understanding of these issues – developers can better understand users’ concerns, app store owners can spot anomalous apps, and users can compare similar apps to decide which ones to download or purchase. However, user reviews are not labelled, e.g. we do not know which types of issues are raised in a review. Hence, one must sift through potentially thousands of reviews with slang and abbreviations to understand the various types of issues. Moreover, the unstructured and informal nature of reviews complicates the automated labelling of such reviews. In this paper, we study the multi-labelled nature of reviews from 20 mobile apps in the Google Play Store and Apple App Store. We find that up to 30 % of the reviews raise various types of issues in a single review (e.g. a review might contain a feature request and a bug report). We then propose an approach that can automatically assign multiple labels to reviews based on the raised issues with a precision of 66 % and recall of 65 %. Finally, we apply our approach to address three proof-of-concept analytics use case scenarios: (i) we compare competing apps to assist developers and users, (ii) we provide an overview of 601,221 reviews from 12,000 apps in the Google Play Store to assist app store owners and developers and (iii) we detect anomalous apps in the Google Play Store to assist app store owners and users.     

An Efficient Memory Management for Mobile Operating Systems Based on Prediction of Relaunch Distance

Recently, various mobile apps have included more features to improve user convenience. Mobile operating systems load as many apps into memory for faster app launching and execution. The least recently used (LRU)-based termination of cached apps is a widely adopted approach when free space of the main memory is running low. However, the LRU-based cached app termination does not distinguish between frequently or infrequently used apps. The app launch performance degrades if LRU terminates frequently used apps. Recent studies have suggested the potential of using users’ app usage patterns to predict the next app launch and address the limitations of the current least recently used (LRU) approach. However, existing methods only focus on predicting the probability of the next launch and do not consider how soon the app will launch again. In this paper, we present a new approach for predicting future app launches by utilizing the relaunch distance. We define the relaunch distance as the interval between two consecutive launches of an app and propose a memory management based on app relaunch prediction (M2ARP). M2ARP utilizes past app usage patterns to predict the relaunch distance. It uses the predicted relaunch distance to determine which apps are least likely to be launched soon and terminate them to improve the efficiency of the main memory.     

Effects of the aesthetic design of icons on app downloads: evidence from an android market

With the rapid development of the mobile app market, understanding the determinants of mobile app success has become vital to researchers and mobile app developers. Extant research on mobile applications primarily focused on the numerical and textual attributes of apps. Minimal attention has been provided to how the visual attributes of apps affect the download behavior of users. Among the features of app “appearance”, this study focuses on the effects of app icon on demand. With aesthetic product and interface design theories, we analyze icons from three aspects, namely, color, complexity, and symmetry, through image processing. Using a dataset collected from one of the largest Chinese Android websites, we find that icon appearance influences the download behavior of users. Particularly, apps with icons featuring higher colorfulness, proper complexity, and slight asymmetry lead to more downloads. These findings can help developers design their apps.     

Network-based detection of Android malicious apps

Users leverage mobile devices for their daily Internet needs by running various mobile applications (apps) such as social networking, e-mailing, news-reading, and video/audio streaming. Mobile device have become major targets for malicious apps due to their heavy network activity and is a research challenge in the current era. The majority of the research reported in the literature is focused on host-based systems rather than the network-based; unable to detect malicious activities occurring on mobile device through the Internet. This paper presents a detection app model for classification of apps. We investigate the accuracy of various machine learning models, in the context of known and unknown apps, benign and normal apps, with or without encrypted message-based app, and operating system version independence of classification. The best resulted machine learning(ML)-based model is embedded into the detection app for efficient and effective detection. We collect a dataset of network activities of 18 different malware families-based apps and 14 genuine apps and use it to develop ML-based detectors. We show that, it is possible to detect malicious app using network traces with the traditional ML techniques, and results revealed the accuracy (95–99.9 %) in detection of apps in different scenarios. The model proposed is proved efficient and suitable for mobile devices. Due to the widespread penetration of Android OS into the market, it has become the main target for the attackers. Hence, the proposed system is deployed on Android environment.     

App store mining is not enough for app improvement

The rise in popularity of mobile devices has led to a parallel growth in the size of the app store market, intriguing several research studies and commercial platforms on mining app stores. App store reviews are used to analyze different aspects of app development and evolution. However, app users’ feedback does not only exist on the app store. In fact, despite the large quantity of posts that are made daily on social media, the importance and value that these discussions provide remain mostly unused in the context of mobile app development. In this paper, we study how Twitter can provide complementary information to support mobile app development. By analyzing a total of 30,793 apps over a period of six weeks, we found strong correlations between the number of reviews and tweets for most apps. Moreover, through applying machine learning classifiers, topic modeling and subsequent crowd-sourcing, we successfully mined 22.4% additional feature requests and 12.89% additional bug reports from Twitter. We also found that 52.1% of all feature requests and bug reports were discussed on both tweets and reviews. In addition to finding common and unique information from Twitter and the app store, sentiment and content analysis were also performed for 70 randomly selected apps. From this, we found that tweets provided more critical and objective views on apps than reviews from the app store. These results show that app store review mining is indeed not enough; other information sources ultimately provide added value and information for app developers.     

Mobile app portfolio management and developers’ performance: An empirical study of the apple app store

We examine the impacts of mobile app category assortment of developers’ app portfolios on app performance in terms of quality and popularity. First, using data from the Apple App Store, we find a negative effect of portfolio diversity on developers’ app quality, which is negatively moderated by portfolio size. Second, we uncover spillover effects on app popularity, where existing (new) apps of a developer can influence the popularity of new (existing) apps both within and across app categories (only within the same app category). Importantly, our empirical analyses account for potential endogeneity biases using matching, selection, and simultaneous equations models.     

Forensic taxonomy of android productivity apps

Android productivity apps have provided the facility of having a constantly accessible and productive workforce to the information and work capabilities needed by the users. With hundreds of productivity apps available in the Android app market, it is necessary to develop a taxonomy for the forensic investigators and the end users to allow them to know what personal data remnants are available from the productivity apps. In this paper, 30 popular Android productivity apps were examined. A logical extraction of the Android phone was collected by using a well-known mobile forensic tool- XRY to extract various information of forensic interest such as user email ID and list of tasks. Based on the findings, a two-dimensional taxonomy of the forensic artefacts of the productivity apps is proposed with the app categories in one dimension and the classes of artefacts in the other dimension. The artefacts identified in the study of the apps are summarised using the taxonomy. In addition, a comparison with the existing forensic taxonomies of different categories of Android apps is provided to facilitate timely collection and analysis of evidentiary materials from mobile devices.     

数据驱动的移动应用用户接受度建模与预测

应用市场(appmarket)已经成为互联网环境下软件应用开发和交付的一种主流模式.相对于传统模式,应用市场模式下,软件的交付周期更短,用户的反馈更快,最终用户和开发者之间的联系更加紧密和直接.为应对激烈的竞争和动态演变的用户需求,移动应用开发者必须以快速迭代的方式不断更新应用,修复错误缺陷,完善应用质量,提升用户体验.因此,如何正确和综合理解用户对软件的接受程度(简称用户接受度),是应用市场模式下软件开发需考量的重要因素.近年来兴起的软件解析学(softwareanalytics)关注大数据分析技术在软件行业中的具体应用,对软件生命周期中大规模、多种类的相关数据进行挖掘和分析,被认为是帮助开发者提取有效信息、作出正确决策的有效途径.从软件解析学的角度,首先论证了为移动应用构建综合的用户接受度指标模型的必要性和可行性,并从用户评价数据、操作数据、交互行为数据这3个维度给出基本的用户接受度指标.在此基础上,使用大规模真实数据集,在目标用户群体预测、用户规模预测和更新效果预测等典型的用户接受度指标预测问题中,结合具体指标,提取移动应用生命周期不同阶段的重要特征,以协同过滤、回归融合、概率模...     

基于宿主权限的移动广告漏洞攻击技术

移动广告作为市场营销的一种重要手段,越来越受到应用开发者的青睐,其市场规模也日趋增大.但是,为了追求广告的精准投放和其他非法利益,移动广告给用户的隐私与财产安全也带来了很大威胁.目前,众多学者关注广告平台、广告主和移动应用的安全风险,还没有出现在广告网络中直接发起攻击的案例.本文提出一种基于宿主权限的移动广告漏洞攻击方法,能够在移动应用获取广告内容时在流量中植入攻击代码.通过对广告流量的拦截,提取出宿主应用的标识和客户端相关信息,间接得到宿主应用的权限列表和当前设备的WebView漏洞.另外,本文提出一种攻击者的能力描述语言,能够自动生成定制化的攻击载荷.实验表明,本文所提出的攻击方法能够影响到大量含有移动广告的应用,几个攻击实例的分析也证明了自动生成攻击载荷的可行性.最后,本文提出了几种防护方法和安全增强措施,包括应用标识混淆、完整性校验和中间人攻击防护技术等.     

Understanding the Intention of Using Mobile Social Networking Apps Across Cultures

Understanding the user acceptance of mobile social networking apps in different cultures can provide powerful insights for managers and marketers of social networking apps to develop effective globalized and localized strategies to attract users worldwide. Following the theory of planned behavior, this study develops a research model of privacy concern (PC), privacy risk (PR), and perceived enjoyment (PE) as attitudinal beliefs, subjective norm (SN) as normative belief, and smartphone self-efficacy (SE) as control belief to understand users’ intention to use mobile social networking apps. In particular, the impact of culture was investigated, considering the user base of mobile social networking apps is distributed globally and culturally diversified, and cultural values have direct impact on behavior. The research model was validated by survey data collected from 151 participants in the U.S. and 170 participants in South Korea. The data analysis results show that perceived enjoyment and subjective norm are the most important drivers behind users’ intention to use mobile social networking apps for both countries. No significant difference was found for the effects of privacy risk and subjective norm upon users’ intention to use mobile social networking apps across cultures. Implications of the findings upon theory and practice are discussed.     

Leveraging app usage contexts for app recommendation: a neural approach

The large volume and variety of apps pose a great challenge for people to choose appropriate apps. As a consequence, app recommendation is becoming increasingly important. Recently, app usage data which record the sequence of apps being used by a user have become increasingly available. Such data record the usage context of each instance of app use, i.e., the app instances being used together with this app (within a short time window). Our empirical data analysis shows that a user has a pattern of app usage contexts. More importantly, the similarity in the two users’ preferences over mobile apps is correlated with the similarity in their app usage context patterns. Inspired by these important observations, this paper tries to leverage the predictive power of app usage context patterns for effective app recommendation. To this end, we propose a novel neural approach which learns the embeddings of both users and apps and then predicts a user’s preference for a given app. Our neural network structure models both a user’s preference over apps and the user’s app usage context pattern in a unified way. To address the issue of unbalanced training data, we introduce several sampling methods to sample user-app interactions and app usage contexts effectively. We conduct extensive experiments using a large real app usage data. Comparative results demonstrate that our approach achieves higher precision and recall, compared with the state-of-the-art recommendation methods.

     

移动应用安全解析学:成果与挑战

随着移动应用(App)的广泛使用,移动应用的安全事件也频频发生。从数以亿计的移动应用中准确地识别出潜在的安全隐患成为了信息安全领域重要的难题之一。移动应用数量级增长的同时,也产生了海量的应用安全数据。这些数据使得移动应用的安全解析成为了可能。本文分别从用户界面解析、重打包应用检测、应用功能与安全行为一致性检测、基于上下文的恶意行为检测、终端用户应用管理和使用行为分析这五个方面介绍了移动应用安全解析学目前的成果。同时,基于以上的研究成果,对未来的研究方向进行了展望,并讨论了这些研究方向面临的挑战。