Reflections on U-PriSM 2

The Second Usable Privacy and Security for Mobile Devices Workshop (U-PriSM 2) was co-located with MobileHCI'13 in Munich, Germany. The U-PriSM 2 was an opportunity for researchers and practitioners to discuss research challenges and experiences around the usable privacy and security of mobile devices (smartphones and tablets). Security and privacy often involve having non-security experts, or even novice users, regularly making important decisions while their main focus is on other primary tasks. This is especially true for mobile devices where users can quickly and easily install apps, where user interfaces are minimal due to space constraints, and where users are often distracted by their environment. Likewise, mobile devices present unique privacy and security risks because they allow third-party applications access to personal information and sensor data. The amount and sensitivity of such personally identifying information is likely to increase as device functionality increases. The convergence of these factors means that improvements to security and privacy provisions on mobile devices are becoming increasingly important. Workshop participants had a chance to explore mobile device usage and the unique usable security and privacy challenges that arise, discuss proposed systems and ideas that address these needs, and work towards the development of design principles to inform future development in the area.

Download Full-text

Security and Privacy of Online Social Network Applications

Social Network Engineering for Secure Web Data and Services ◽

10.4018/978-1-4666-3926-3.ch010 ◽

2013 ◽

pp. 206-221

Author(s):

Willem De Groef ◽

Dominique Devriese ◽

Tom Reynaert ◽

Frank Piessens

Keyword(s):

Social Network ◽

Social Networking Sites ◽

Online Social Network ◽

Third Party ◽

Security And Privacy ◽

Security Risks ◽

Privacy And Security ◽

Network Applications ◽

Recent Innovation ◽

Social Applications

An important recent innovation on social networking sites is the support for plugging in third-party social applications. Together with the ever-growing number of social network users, social applications come with privacy and security risks for those users. While basic mechanisms for isolating applications are well understood, these mechanisms fall short for social-enabled applications. It is an interesting challenge to design and develop application platforms for social networks that enable the necessary functionality of social applications without compromising both users’ security and privacy. This chapter will identify and discuss the current security and privacy problems related to social applications and their platforms. Next, it will zoom in on proposals on how to address those problems.

Download Full-text

Privacy and Security in the Age of Electronic Customer Relationship Management

Electronic Commerce ◽

10.4018/978-1-59904-943-4.ch105 ◽

2011 ◽

pp. 1279-1301

Author(s):

Nicholas C. Romano Jr. ◽

Jerry Fjermestad

Keyword(s):

Customer Relationship Management ◽

Personal Information ◽

Relationship Management ◽

Unintended Consequences ◽

Customer Relationship ◽

Security And Privacy ◽

Exchange Relationship ◽

Privacy And Security ◽

Goods And Services ◽

A Value

This article presents a value exchange model of privacy and security for electronic customer relationship management within an electronic commerce environment. Enterprises and customers must carefully manage these new virtual relationships in order to ensure that they both derive value from them and minimize unintended consequences that result from the concomitant exchange of personal information that occurs in e-commerce. Based upon a customer’s requirements of privacy and an enterprise requirement to establish markets and sell goods and services, there is a value exchange relationship. The model is an integration of the customer sphere of privacy, sphere of security, and privacy/security sphere of implementation.

Download Full-text

Bring your own device to work: How serious is the risk?

Journal of Business Strategy ◽

10.1108/jbs-04-2020-0069 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Fenio Annansingh

Keyword(s):

Organizational Performance ◽

Mobile Devices ◽

Regulatory Compliance ◽

Cyber Attacks ◽

Security And Privacy ◽

Bring Your Own Device ◽

Security Risks ◽

Content Type ◽

Knowledge Leakage ◽

Policies And Practices

Purpose Currently, one of the most significant challenges organizations face is that corporate data is being delivered to mobile devices that are not managed by the information technology department. This has security implications regarding knowledge leakage, data theft, and regulatory compliance. With these unmanaged devices, companies have less control and visibility, and fewer mitigation options when protecting against the risks of cyber-attacks. Therefore, the purpose of this study is to investigate how millennials' use of personal mobile devices for work contributes to increased exposure to cyber-attacks and, consequently, security and knowledge leakage risks. Design/methodology/approach This research used a mixed-method approach by using survey questionnaires to elicit the views of millennials regarding the cybersecurity risks associated with bring your own device policies and practices. Interviews were done with security personnel. Data analysis consisted of descriptive analysis and open coding. Findings The results indicate that millennials expect to have ready access to technology and social media at all times, irrespective of security and privacy concerns. Companies also need to improve and enforce bring your own device policies and practices to mitigate against knowledge leakage and security risks. Millennials increasingly see the use of personal devices as a right and not a convenience. They are expecting security measures to be more seamless within the full user experience. Originality/value This paper can help organizations and millennials to understand the security risks entering the workforce if the threats of using privately owned devices on the job are ignored and to improve organizational performance.

Download Full-text

Locking it down

Canadian Pharmacists Journal / Revue des Pharmaciens du Canada ◽

10.1177/1715163516680226 ◽

2016 ◽

Vol 150 (1) ◽

pp. 60-66 ◽

Cited By ~ 8

Author(s):

Kelly Grindrod ◽

Jonathan Boersema ◽

Khrystine Waked ◽

Vivian Smith ◽

Jilan Yang ◽

...

Keyword(s):

Health Information ◽

Personal Information ◽

Medication Management ◽

Kappa Statistic ◽

Personal Health Information ◽

Third Party ◽

Personal Health ◽

Privacy And Security ◽

Standard Data ◽

Android Apps

Objective: To explore the privacy and security of free medication applications (apps) available to Canadian consumers. Methods: The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen’s Kappa statistic was used to measure interrater agreement. Results: Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Conclusion: Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

Download Full-text

User-Friendly Security Patterns for Designing Social Network Websites

International Journal of Technology and Human Interaction ◽

10.4018/ijthi.2017010103 ◽

2017 ◽

Vol 13 (1) ◽

pp. 39-60 ◽

Cited By ~ 1

Author(s):

Khalid Alemerien

Keyword(s):

Social Network ◽

Social Networking ◽

User Interfaces ◽

Social Networking Sites ◽

Development Process ◽

Graphical User Interfaces ◽

Security And Privacy ◽

Privacy And Security ◽

Security Patterns ◽

User Friendly

The number of users in Social Networking Sites (SNSs) is increasing exponentially. As a result, several security and privacy problems in SNSs have appeared. Part of these problems is caused by insecure Graphical User Interfaces (GUIs). Therefore, the developers of SNSs should take into account the balance between security and usability aspects during the development process. This paper proposes a set of user-friendly security patterns to help SNS developers to design interactive environments which protect the privacy and security of individuals while being highly user friendly. The authors proposed four patterns and evaluated them against the Facebook interfaces. The authors found that participants accepted the interfaces constructed through the proposed patterns more willingly than the Facebook interfaces.

Download Full-text

Study on Location Based Services Driven Mobile E-Commerce System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.734-737.3214 ◽

2013 ◽

Vol 734-737 ◽

pp. 3214-3219

Author(s):

Hai Dong Zhong ◽

Ping Li ◽

Shao Zhong Zhang ◽

Wen Ting Yuan ◽

Xu Dong Zhao ◽

...

Keyword(s):

Mobile Devices ◽

Mobile Device ◽

Location Based Services ◽

Prototype System ◽

Security Risks ◽

Privacy And Security ◽

Positioning Accuracy ◽

Business Markets ◽

Key Issues ◽

Novel Concept

With the tremendous advances in mobile computing and communication capabilities, rapid proliferation of mobile devices, increasing powerful functions, and decreasing device costs, we are seeing a explosively growth in mobile e-commerce in various consumer and business markets. On the basis of analyzing demands of both buyers and seller in mobile e-commerce, the paper put forward a novel concept and technological framework of Location Based Services (LBS) driven mobile e-commerce. Some LBS related functions, in mobile device terminal, of the prototype system based on the architecture put forward are implemented. Also, some key issues of LBS based mobile e-commerce, such as positioning accuracy and new privacy and security risks, are discussed in detail.

Download Full-text

Alexa, Who Am I Speaking To?: Understanding Users’ Ability to Identify Third-Party Apps on Amazon Alexa

ACM Transactions on Internet Technology ◽

10.1145/3446389 ◽

2022 ◽

Vol 22 (1) ◽

pp. 1-22

Author(s):

David Major ◽

Danny Yuxing Huang ◽

Marshini Chetty ◽

Nick Feamster

Keyword(s):

Internet Of Things ◽

User Interfaces ◽

Third Parties ◽

Third Party ◽

Security And Privacy ◽

Design Recommendations ◽

Design Standard ◽

Voice User ◽

Privacy Risks

Many Internet of Things devices have voice user interfaces. One of the most popular voice user interfaces is Amazon’s Alexa, which supports more than 50,000 third-party applications (“skills”). We study how Alexa’s integration of these skills may confuse users. Our survey of 237 participants found that users do not understand that skills are often operated by third parties, that they often confuse third-party skills with native Alexa functions, and that they are unaware of the functions that the native Alexa system supports. Surprisingly, users who interact with Alexa more frequently are more likely to conclude that a third-party skill is a native Alexa function. The potential for misunderstanding creates new security and privacy risks: attackers can develop third-party skills that operate without users’ knowledge or masquerade as native Alexa functions. To mitigate this threat, we make design recommendations to help users better distinguish native functionality and third-party skills, including audio and visual indicators of native and third-party contexts, as well as a consistent design standard to help users learn what functions are and are not possible on Alexa.

Download Full-text

Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

Mobile Information Systems ◽

10.1155/2021/3452700 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Ming Di ◽

Shah Nazir ◽

Fucheng Deng

Keyword(s):

User Behavior ◽

Third Party ◽

Security And Privacy ◽

Sensitive Data ◽

Privacy And Security ◽

Android Apps ◽

Search Results ◽

Privacy Risks ◽

Work Done

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

Download Full-text

Privacy and Security in the Age of Electronic Customer Relationship Management

Selected Readings on Electronic Commerce Technologies ◽

10.4018/978-1-60566-096-7.ch022 ◽

2009 ◽

pp. 310-332

Author(s):

Nicholas C. Romano Jr. ◽

Jerry Fjermestad

Keyword(s):

Customer Relationship Management ◽

Personal Information ◽

Relationship Management ◽

Unintended Consequences ◽

Customer Relationship ◽

Security And Privacy ◽

Exchange Relationship ◽

Privacy And Security ◽

Goods And Services ◽

A Value

Download Full-text

Identity, Credibility, and Trust in Social Networking Sites

Social Network Engineering for Secure Web Data and Services ◽

10.4018/978-1-4666-3926-3.ch002 ◽

2013 ◽

pp. 5-31 ◽

Cited By ~ 2

Author(s):

Stefania Manca ◽

Maria Ranieri

Keyword(s):

Social Studies ◽

Social Networking ◽

Social Networking Sites ◽

Personal Information ◽

Personal Data ◽

Security And Privacy ◽

Privacy And Security ◽

Privacy Threats ◽

Digital Environments

Over recent years, the notions of identity, credibility and trust in digital contexts have been gaining renewed interest from scholars in different fields (from social studies to engineering and computer science), especially for their consequences for privacy and security. Emerging and urgent questions are: What does the management of online personal data entail? How much personal information are we entitled to share with others? What measures do people usually adopt to protect their identity and privacy? Are they always aware of the risks they may run? What consequences may emerge in the long term if cautions are ignored? These are some of the questions that should be addressed by users, experts and scholars engaged with digital environments, especially social networking sites. This chapter focuses on these issues trying to provide a wide overview of the current literature on identity, credibility and trust, and their implications for privacy and security, from the perspective of social and behavioral sciences. Some measures provided by experts on how to protect against the most common security and privacy threats are also outlined.

Download Full-text