Skip to main content
SpringerLink
Log in

Smartphone Security and Privacy – A Gamified Persuasive Approach with Protection Motivation Theory

  • Conference paper
  • First Online:
Book cover Persuasive Technology (PERSUASIVE 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13213))

Included in the following conference series:

Abstract

Mobile phones have evolved from feature phones to smartphones with comparable power as modern desktops. On the other hand, security and privacy have taken a toll and, users are having a hard time keeping up with this evolution. Over the years, popular smartphone operating systems have constantly been working to improve privacy and security features. Yet, there is always a weak link in this chain – Humans. Research has shown that smartphone users are unaware of safe smartphone security practices and users lack the motivation to follow these practices. Persuasive games have been targeted towards cybersecurity issues concerning desktop, however, games for smartphone security are sparse. We designed and developed a 2D persuasive game to improve users’ smartphone security behaviour informed by the Protection Motivation Theory. We conducted a 2 × 2 between mixed-method study (survey and interview), where we compared our game with a common smartphone security educational material published by the National Security Agency. Users found the game to be nostalgic and humorous and had the opportunity to reflect about their decision. They were able to remember and use the knowledge from the game when confronted by security issues in their daily life.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Koyuncu, M., Pusatli, T.: Security awareness level of smartphone users: an exploratory case study. Mob. Inf. Syst. 2019 (2019). https://doi.org/10.1155/2019/2786913

  2. Renaud, K.: 60 smartphone owners need security advice. how can we ensure they get it ? In: CONF-IRM 2016 Proceedings (2016)

    Google Scholar 

  3. Calderwood, F., Popova, I.: Smartphone cyber security awareness in developing countries: a case of Thailand. In: Zitouni, R., Agueh, M. (eds.) AFRICATEK 2018. LNICSSITE, vol. 260, pp. 79–86. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-05198-3_7

    Chapter  Google Scholar 

  4. Breitinger, F., Tully-Doyle, R., Hassenfeldt, C.: A survey on smartphone user’s security choices, awareness and education. Comput. Secur. 88 (2020). https://doi.org/10.1016/j.cose.2019.101647

  5. Zhang, X.J., Li, Z., Deng, H.: Information security behaviors of smartphone users in China: an empirical analysis. Electron. Libr. 35, 1177–1190 (2017). https://doi.org/10.1108/EL-09-2016-0183

    Article  Google Scholar 

  6. Shah, P., Agarwal, A.: Cybersecurity behaviour of smartphone users in India: an empirical analysis. Inf. Comput. Secur. 28, 293–318 (2020). https://doi.org/10.1108/ICS-04-2019-0041

    Article  Google Scholar 

  7. Nowrin, S., Bawden, D.: Information security behaviour of smartphone users: an empirical study on the students of university of Dhaka. Bangladesh. Inf. Learn. Sci. 119, 444–455 (2018). https://doi.org/10.1108/ILS-04-2018-0029

    Article  Google Scholar 

  8. Google: Permissions on Android|Android Developers. https://developer.android.com/guide/topics/permissions/overview. Accessed 5 Nov 2021

  9. Permissions updates in Android 11|Android Developers. https://developer.android.com/about/versions/11/privacy/permissions. Accessed 2 Jan 2021

  10. Android 12 Privacy & Security. https://www.android.com/android-12/#a12-safe. Accessed 5 Nov 2021

  11. Behavior changes: all apps|Android12|Android Developers. https://developer.android.com/about/versions/12/behavior-changes-all#mic-camera-toggles. Accessed 5 Nov 2021

  12. Bitton, R., Finkelshtein, A., Sidi, L., Puzis, R., Rokach, L., Shabtai, A.: Taxonomy of mobile users’ security awareness. Comput. Secur. 73, 266–293 (2018). https://doi.org/10.1016/j.cose.2017.10.015

    Article  Google Scholar 

  13. Bitton, R., Boymgold, K., Puzis, R., Shabtai, A.: Evaluating the information security awareness of smartphone users. In: Conference on Human Factors in Computing Systems - Proceedings (2020). pp. 1–13 (2020). https://doi.org/10.1145/3313831.3376385

  14. Google: App permissions best practices | Android Developers. https://developer.android.com/training/permissions/usage-notes. Accessed 29 Nov 2020

  15. Balebako, R., Marsh, A., Lin, J., Hong, J., Faith Cranor, L.: The privacy and security behaviors of smartphone App Dev. (2014). https://doi.org/10.14722/usec.2014.23006

  16. Barrera, D., Kayacik, H.G., Van Oorschot, P.C., Somayaji, A.: A methodology for empirical analysis of permission-based security models and its application to Android. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 73–84 (2010). https://doi.org/10.1145/1866307.1866317

  17. Ndulue, C., Oyebode, O., Orji, R.: PHISHER CRUSH: a mobile persuasive game for promoting online security. In: Gram-Hansen S., Jonasen T., Midden C. (eds.) PERSUASIVE 2020. LNCS 12064, pp. 223–233. Springer Cham (2020). https://doi.org/10.1007/978-3-030-45712-9_17

  18. Gokul, C.J., Pandit, S., Vaddepalli, S., Tupsamudre, H., Banahatti, V., Lodha, S.: Phishy - a serious game to train enterprise users on phishing awareness. In: CHI PLAY 2018 - Proceedings of the 2018 Annual Symposium on Computer-Human Interaction in Play Companion Extended Abstracts. pp. 169–181 (2018). https://doi.org/10.1145/3270316.3273042

  19. Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What.Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: Proceedings of the Conference on Human Factors in Computing Systems, pp. 1–12 (2019). https://doi.org/10.1145/3290605.3300338

  20. Weanquoi, P., Johnson, J., Zhang, J.: Using a game to teach about phishing. In: SIGITE 2017 - Proceedings of the 18th Annual Conference on Information Technology Education, vol. 75 (2017). https://doi.org/10.1145/3125659.3125669

  21. Raptis, G.E., Katsini, C.: Beter, funner, stronger: A gameful approach to nudge people into making less predictable graphical password choices. In: Conference on Human Factors in Computing Systems - Proceedings. p. 17. ACM, New York(2021). https://doi.org/10.1145/3411764.3445658

  22. Chen, T., Dabbish, L., Hammer, J.: Self-efficacy-based game design to encourage security behavior online. In: Conference on Human Factors in Computing Systems – Proceedings, pp. 1–6. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290607.3312935

  23. Scholefield, S., Shepherd, L.A.: Gamification techniques for raising cyber security awareness. In: Moallem, A. (ed.) HCII 2019. LNCS, vol. 11594, pp. 191–203. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-22351-9_13

    Chapter  Google Scholar 

  24. Yerby, J.: Development of serious games for teaching digital forensics. Issues Inf. Syst. 13, 112–122 (2014)

    Google Scholar 

  25. Thomps, M., Irvine, C.: Active learning with the CyberCIEGE video game. In: 4th Workshop on Cyber Security Experimentation and Test, CSET 2011, pp. 1–8 (2011)

    Google Scholar 

  26. Zargham, N., Bahrini, M., Volkmar, G., Sohr, K., Wenig, D., Malaka, R.: What could go wrong? Raising mobile privacy and security awareness through a decision-making game. In: CHI Play 2019 - Extended Abstracts of the 2020 Annual Symposium on Computer-Human Interaction in Play, pp. 805–812 (2019). https://doi.org/10.1145/3341215.3356273

  27. Bahrini, M., Meissner, M., Malaka, R., Wenig, N., Sohr, K.: HappyPerMi: presenting critical data flows in mobile application to raise user security awareness. In: Proceedings of the Conference on Human Factors in Computing Systems (2019). https://doi.org/10.1145/3290607.3312914

  28. Bahrini, M., Volkmar, G., Schmutte, J., Wenig, N., Sohr, K., Malaka, R.: Make my phone secure! Using gamification for mobile security settings. ACM's International Conference Proceeding Series, pp. 299–308 (2019). https://doi.org/10.1145/3340764.3340775

  29. Ganesh, A., Ndulue, C., Orji, R.: The design and development of mobile game to promote secure smartphone behaviour. In: CEUR Workshop Proceedings, pp. 73–87 (2021)

    Google Scholar 

  30. Ganesh, A., Ndulue, C., Orji, R.: PERMARUN- a persuasive game to improve user awareness and self-efficacy towards secure smartphone behaviour. In: Proceedings of the Conference on Human Factors in Computing Systems (2021). https://doi.org/10.1145/3411763.3451781

  31. Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. J. Exp. Soc. Psychol. 19, 469–479 (1983). https://doi.org/10.1016/0022-1031(83)90023-9

    Article  Google Scholar 

  32. NSA Mobile Device Best Practices (2020). https://doi.org/10.4324/9780429269110-11

  33. Oinas-Kukkonen, H., Harjumaa, M.: Persuasive systems design: key issues, process model, and system features. Commun. Assoc. Inf. Syst. 24, 485–500 (2009). https://doi.org/10.17705/1cais.02428

  34. Khalifa, A., De Mesentier Silva, F., Togelius, J.: Level design patterns in 2D games. In: IEEE Conference on Computational Intelligence and Games CIG. 2019-August (2019). https://doi.org/10.1109/CIG.2019.8847953

  35. Fogg, B.J.: Creating persuasive technologies: an eight-step design process. ACM International Conference Proceeding Series 350 (2009). https://doi.org/10.1145/1541948.1542005

  36. Proto.IO: Proto.io - Prototypes that feel real. https://proto.io/. Accessed 04 Apr 2020

  37. Draw Freely|Inkscape. https://inkscape.org/. Accessed 6 Nov 2021

  38. Unity: Unity Real-Time Development Platform|3D, 2D VR & AR Engine. https://unity.com/. Accessed 4 Apr 2021

  39. The official home of Super MarioTM – Home. https://mario.nintendo.com/. Accessed 11 Jan 2021

  40. Mega Man – Wikipedia. https://en.wikipedia.org/wiki/Mega_Man. Accessed 6 Nov 2021

  41. Dangerous Dave – Wikipedia. https://en.wikipedia.org/wiki/Dangerous_Dave. Accessed 6 Nov 2021

  42. Claw (video game) – Wikipedia. https://en.wikipedia.org/wiki/Claw_(video_game). Accessed 6 Nov 2021

  43. Huang, H.Y., Tuncay, G.S., Demetriou, S., Gunter, C.A., Banerjee, R., Bashir, M.: Smartphone security behavioral scale: a new psychometric measurement for smartphone security (2020)

    Google Scholar 

  44. Rogers W.R.: Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation. Soc. Psychophysiol. A Sourceb. 153–177 (1983)

    Google Scholar 

  45. Chambers, R., Tingey, L., Mullany, B., Parker, S., Lee, A., Barlow, A.: Exploring sexual risk taking among American Indian adolescents through protection motivation theory. AIDS Care 28, 1089–1096 (2016). https://doi.org/10.1080/09540121.2016.1164289

  46. Plotnikoff, R.C., Trinh, L.: Protection motivation theory: is this a worthwhile theory for physical activity promotion? Exerc. Sport Sci. Rev. 38, 91–98 (2010). https://doi.org/10.1097/JES.0b013e3181d49612

    Article  Google Scholar 

  47. Meier, Y., Schäwel, J., Kyewski, E., Krämer, N.C.: Applying protection motivation theory to predict facebook users’ withdrawal and disclosure intentions. In: ACM International Conference Proceeding Series, pp. 21–29 (2020). https://doi.org/10.1145/3400806.3400810

  48. Mwagwabi, F.M.: A Protection Motivation Theory Approach to Improving Compliance with Password Guidelines (2015)

    Google Scholar 

  49. Shih-Chieh Hsu, J., Shih, S.-P.: When does one weight threats more? An integration of regulatory focus theory and protection motivation theory. In: Proceedings of the 10th Pre-ICIS Workshop on Information Security and Privacy, pp. 12–13 (2015)

    Google Scholar 

  50. Giwah, A.D., Wang, L., Levy, Y., Hur, I.: Empirical assessment of mobile device users’ information security behavior towards data breach: leveraging protection motivation theory. J. Intellect. Cap. 21, 215–233 (2019). https://doi.org/10.1108/JIC-03-2019-0063

    Article  Google Scholar 

  51. van Bavel, R., Rodríguez-Priego, N., Vila, J., Briggs, P.: Using protection motivation theory in the design of nudges to improve online security behavior. Int. J. Hum. Comput. Stud. 123, 29–39 (2019). https://doi.org/10.1016/j.ijhcs.2018.11.003

    Article  Google Scholar 

  52. Crossler, R., Bélanger, F.: An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (USP) instrument. Data Base Adv. Inf. Syst. 45, 51–71 (2014). https://doi.org/10.1145/2691517.2691521

    Article  Google Scholar 

  53. Verkijika, S.F.: Understanding smartphone security behaviors: an extension of the protection motivation theory with anticipated regret. Comput. Secur. 77, 860–870 (2018). https://doi.org/10.1016/j.cose.2018.03.008

    Article  Google Scholar 

  54. Reynolds, J.L.: Measuring intrinsic motivations. In: Handbook of Research on Electronic Survey Measurements, pp. 170–173 (2006). https://doi.org/10.4018/978-1-59140-792-8.ch018

  55. Quantitative Research for new user researchers - How to be a Games User Researcher. https://gamesuserresearch.com/2021/07/19/quantitative-research-for-new-user-researchers/. Accessed 28 Nov 2021

  56. Wulf, T., Bowman, N.D., Velez, J.A., Breuer, J.: Once upon a game: exploring video game nostalgia and its impact on well-being. Psychol. Pop. Media Cult. (2018). https://doi.org/10.1037/ppm0000208

    Article  Google Scholar 

  57. Perrotta, C., Featherstone, G., Aston, H., Houghton, E.: Game-Based Learning: LateSloughst Evidence And Future Directions. National Foundation for Educational Research, Slough (2013)

    Google Scholar 

  58. To, A., Ali, S., Kaufman, G., Hammer, J.: Integrating Curiosity and Uncertainty in Game Design. In: Proceedings of the 1st International Joint Conference of DiGRA-FDG, pp. 1–16 (2016)

    Google Scholar 

  59. Srivastava, E., Maheswarappa, S.S., Sivakumaran, B.: Nostalgic advertising in India: a content analysis of Indian TV advertisements. Asia Pacific J. Mark. Logist. 29, 47–69 (2017). https://doi.org/10.1108/APJML-10-2015-0152

    Article  Google Scholar 

  60. Orji, R., Vassileva, J., Mandryk, R.L.: Modeling the efficacy of persuasive strategies for different gamer types in serious games for health. User Model. User-Adap. Inter. 24(5), 453–498 (2014). https://doi.org/10.1007/s11257-014-9149-8

    Article  Google Scholar 

  61. Orji, R., Mandryk, R.L., Vassileva, J.: Improving the efficacy of games for change using personalization models. ACM Trans. Comput. Interact. 24 (2017). https://doi.org/10.1145/3119929

  62. Cesario, J., Higgins, E.T., Scholer, A.A.: Regulatory fit and persuasion: basic principles and remaining questions. Soc. Personal. Psychol. Compass. 2, 444–463 (2008). https://doi.org/10.1111/j.1751-9004.2007.00055.x

    Article  Google Scholar 

Download references

Acknowledgement

This research was undertaken, in part, thanks to funding from the Canada Research Chairs Program. We acknowledge the support of the Natural Sciences and Engineering Research Council of Canada (NSERC) through the Discovery Grant.

Author information

Authors and Affiliations

  1. Faculty of Computer Science, Dalhousie University, Halifax, Canada

    Anirudh Ganesh, Chinenye Ndulue & Rita Orji

Authors
  1. Anirudh Ganesh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chinenye Ndulue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rita Orji
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anirudh Ganesh .

Editor information

Editors and Affiliations

  1. Massey University, Auckland, New Zealand

    Nilufar Baghaei

  2. University of Saskatchewan, Saskatoon, SK, Canada

    Julita Vassileva

  3. Hamad Bin Khalifa University, Doha, Qatar

    Raian Ali

  4. University of Waterloo, Waterloo, ON, Canada

    Kiemute Oyibo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ganesh, A., Ndulue, C., Orji, R. (2022). Smartphone Security and Privacy – A Gamified Persuasive Approach with Protection Motivation Theory. In: Baghaei, N., Vassileva, J., Ali, R., Oyibo, K. (eds) Persuasive Technology. PERSUASIVE 2022. Lecture Notes in Computer Science, vol 13213. Springer, Cham. https://doi.org/10.1007/978-3-030-98438-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-98438-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-98437-3

  • Online ISBN: 978-3-030-98438-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation