Think again before tapping the install button for that app
Before installing a new app on a mobile device, people need to be mindful of the security risks. One poor decision can bypass the most secure encryption, and a malicious app can gain access to confidential information or even lock the user's device. A presentation at the upcoming HFES 2015 International Annual Meeting in Los Angeles notes that human factors/ergonomics research could guide designers in creating a just-in-time warning system that considers the decision-making abilities of the user while alerting him or her that the current conditions - especially while multitasking - are conducive to errors.
The study by HF/E researchers Qian Liu and coauthors from North Carolina State University examined the conditions under which mobile device users are most likely to make security errors. In their Annual Meeting paper, "Multitasking Increases Stress and Insecure Behavior on Mobile Devices," the researchers asked 65 students age 19 to 46 who were enrolled in psychology and computer science courses to install 24 apps on a Samsung Nexus S mobile phone.
Participants chose apps from a fake store that offered apps in eight categories: chat, music, banking, sports, food, maps, podcasts, and shopping. The store described permissions, star ratings, reviews, and number of reviews for each app. Permissions and number of reviews were the same among the apps; the content of the reviews contained security cues indicating which apps were malicious.
After examining information about the apps, the students were asked to identify the only safe app while navigating through the store interface and performing two secondary tasks during multitasking trials. Finally, they rated their stress level and explained why they chose the app as safe.
The students in this study were highly educated and likely had experience detecting computer security threats. However, they were still susceptible to the effects of multitasking, evidenced by the fact that they chose a safe app only about half the time. The results showed that multitasking with mobile devices creates stress and increases nonsecure mobile behavior.
Qian Liu said, "We chose multitasking to focus on because when mobile phone users are doing other things, such as talking with a friend, driving while using apps, or using two or more apps at once, they experience more stress and are more likely to choose unsafe apps."
According to a recent study, 277 new malware families were discovered in 2014 alone (Hypponen, 2014). HF/E researchers can help mobile users manage this risk. Mobile devices may offer a partial solution, as they are equipped with a range of sensors that could vary guards and warning with context, making them more effective. But when mobile users are multitasking, designers might create another level of warnings and guard against error.