A Socio-Technical Investigation into Smartphone Security

  • Melanie Volkamer
  • Karen RenaudEmail author
  • Oksana Kulyk
  • Sinem Emeröz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9331)


Many people do not deliberately act to protect the data on their Smartphones. The most obvious explanation for a failure to behave securely is that the appropriate mechanisms are unusable. Does this mean usable mechanisms will automatically be adopted? Probably not! Poor usability certainly plays a role, but other factors also contribute to non-adoption of precautionary mechanisms and behaviours. We carried out a series of interviews to determine justifications for non-adoption of security precautions, specifically in the smartphone context, and developed a model of Smartphone precaution non-adoption. We propose that future work should investigate the use of media campaigns in raising awareness of these issues.


Precautionary Measure Interpretative Phenomenological Analysis Specific Threat Poor Usability Antivirus Software 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This paper has been developed within the project ‘ZertApps’, which is funded by the German Federal Ministry of Education and Research (BMBF) under grant no. 16KIS0073. The authors assume responsibility for the content.


  1. 1.
    Botha, R.A., Furnell, S.M., Clarke, N.L.: From desktop to mobile: examining the security experience. Comput. Secur. 28(3), 130–137 (2009)CrossRefGoogle Scholar
  2. 2.
    Campbell, M.: Phone invaders. New Sci. 223(2977), 32–35 (2014)CrossRefGoogle Scholar
  3. 3.
    Canova, G., Volkamer, M., Bergmann, C., Borza, R.: NoPhish: an anti-phishing education app. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 188–192. Springer, Heidelberg (2014) Google Scholar
  4. 4.
    Clark, S., Goodspeed, T., Metzger, P., Wasserman, Z., Xu, K., Blaze, M.: Why (special agent) johnny (still) can’t encrypt: a security analysis of the APCO project 25 two-way radio system. In: USENIX Security Symposium (2011)Google Scholar
  5. 5.
    Debatin, B., Lovejoy, J.P., Horn, A.K., Hughes, B.N.: Facebook and online privacy: attitudes, behaviors, and unintended consequences. J. Comput. Mediat. Commun. 15(1), 83–108 (2009)CrossRefGoogle Scholar
  6. 6.
    Bursztein, E.: Survey: most people don’t lock their android phones - but should (2014).
  7. 7.
    Felt, A.P., Egelman, S., Wagner, D.: I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns. In: 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 33–44. ACM (2012)Google Scholar
  8. 8.
    Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G.: Socio-technical security analysis of wireless hotspots. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 306–317. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Furnell, S., Evangelatos, K.: Public awareness and perceptions of biometrics. Comput. Fraud Secur. 2007(1), 8–13 (2007)CrossRefGoogle Scholar
  10. 10.
    Gaw, S., Felten, E.W., Fernandez-Kelly, P.: Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In: SIGCHI Conference on Human Factors in Computing Systems, CHI 2006, pp. 591–600 (2006)Google Scholar
  11. 11.
    Harbach, M., Fahl, S., Rieger, M., Smith, M.: On the acceptance of privacy-preserving authentication technology: the curious case of national identity cards. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 245–264. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  12. 12.
    Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security & privacy decisions. In: 32nd Annual ACM Conference on Human Factors in Computing Systems, CHI 2014, pp. 2647–2656. ACM (2014).
  13. 13.
    Harbach, M., von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M.: It’s a hard lock life: a field study of smartphone (un) locking behavior and risk perception. In: Symposium on Usable Privacy and Security (SOUPS) (2014)Google Scholar
  14. 14.
    Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47(2), 154–165 (2009)CrossRefGoogle Scholar
  15. 15.
    Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  16. 16.
    Lazou, A., Weir, G.R.: Perceived risk and sensitive data on mobile devices. In: Cyberforensics, pp. 183–196. University of Strathclyde (2011)Google Scholar
  17. 17.
    Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: ACM Conference on Ubiquitous Computing, UbiComp 2012, pp. 501–510. ACM (2012).
  18. 18.
    Liu, S., Silverman, M.: A practical guide to biometric security technology. IT Prof. 3(1), 27–32 (2001)CrossRefGoogle Scholar
  19. 19.
    Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., Beznosov, K.: Understanding users’ requirements for data protection in smartphones. In: Data Engineering Workshops (ICDEW), pp. 228–235. IEEE (2012)Google Scholar
  20. 20.
    Mylonas, A.: Security and privacy in the smartphones ecosystem. Technical report. AUEB-CIS/REV-0313, Athens University of Economics and Business (2013)Google Scholar
  21. 21.
    Ophoff, J., Robinson, M.: Exploring end-user smartphone security awareness within a South African context. In: Information Security for South Africa (ISSA 2014), pp. 1–7. IEEE (2014)Google Scholar
  22. 22.
    Pramod, D., Raman, R.: A study on the user perception and awareness of smartphone security. Int. J. Appl. Eng. Res. ISSN 9(23), 19133–19144 (2014)Google Scholar
  23. 23.
    Renaud, K., Volkamer, M., Renkema-Padmos, A.: Why doesn’t jane protect her privacy? In: De Cristofaro, E., Murdoch, S.J. (eds.) PETS 2014. LNCS, vol. 8555, pp. 244–262. Springer, Heidelberg (2014) Google Scholar
  24. 24.
    Sasse, M.A., Flechais, I.: Usable security: what is it? how do we get it?. In: Security and usability: designing secure systems that people can use. pp. 13–30. O’Reilly Books (2005)Google Scholar
  25. 25.
    Smith, S.W.: Humans in the loop: human-computer interaction and security. IEEE Secur. Priv. 1(3), 75–79 (2003)CrossRefGoogle Scholar
  26. 26.
    Solove, D.J.: “I’ve got nothing to hide” and other misunderstandings of privacy. San Diego law Rev. 44, 745 (2007)Google Scholar
  27. 27.
    Wash, R.: Folk models of home computer security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 11. ACM, Redmond, WA (2010)Google Scholar
  28. 28.
    Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: 8th USENIX Security Symposium, SSYM 1999, vol. 8, pp. 169–184 (1999)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Melanie Volkamer
    • 1
    • 3
  • Karen Renaud
    • 2
    Email author
  • Oksana Kulyk
    • 1
  • Sinem Emeröz
    • 1
  1. 1.Technische Universität DarmstadtDarmstadtGermany
  2. 2.University of GlasgowGlasgowScotland
  3. 3.Karlstad UniversityKarlstadSweden

Personalised recommendations