Skip to main content
Springer Nature Link
Log in

Empowering User Security Awareness and Risk Assessment Within Gamified Smartphone Environment

  • Conference paper
  • First Online:
Entertainment Computing – ICEC 2024 (ICEC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 15192))

Included in the following conference series:

  • 254 Accesses

Abstract

Smartphones facilitate human needs such as communication, entertainment, and knowledge. These instruments simultaneously process and store user data, including email, messages, passwords, financial accounts, and health records. Mobile apps aggregate this data and may transmit it to clouds or third parties. Smartphone operating systems provide security settings and permission mechanisms, empowering users with control over personal data. However, users frequently overlook these, which often leads to data leaks. To prioritize users’ attention, we have developed a User Data Access Profile (UDAP) interface to raise awareness and prompt them to evaluate the potential risks of the apps they are considering. We implemented a gamified environment and conducted a between-subjects design study, comparing the UDAP and Android App-Info screens. The findings show that participants were more adept at assessing the privacy risks associated with Android apps when provided with categorized information post-application setup. Additionally, this approach raised user awareness regarding permission grants and configured new apps with personal data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abras, C., Maloney-Krichmar, D., Preece, J., et al.: User-centered design. In: Bainbridge, W. (ed.) Encyclopedia of Human-Computer Interaction, vol. 37, no. 4, pp. 445–456. Sage Publications, Thousand Oaks (2004)

    Google Scholar 

  2. Alsoubai, A., Ghaiumy Anaraky, R., Li, Y., Page, X., Knijnenburg, B., Wisniewski, P.J.: Permission vs. app limiters: profiling smartphone users to understand differing strategies for mobile privacy management. In: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI 2022). Association for Computing Machinery, New York (2022). https://doi.org/10.1145/3491102.3517652

  3. Appfigures. Statista: Google play most popular app categories 2022 (2022). https://www.statista.com/statistics/279286/google-play-android-app-categories/. Accessed 27 Mar 2024

  4. Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014). https://doi.org/10.1016/j.chb.2014.05.046

    Article  Google Scholar 

  5. Bahrini, M., Volkmar, G., Schmutte, J., Wenig, N., Sohr, K., Malaka, R.: Make my phone secure! using gamification for mobile security settings. In: Proceedings of Mensch Und Computer 2019 (MuC 2019), pp. 299–308. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3340764.3340775

  6. Bahrini, M., Wenig, N., Meissner, M., Sohr, K., Malaka, R.: Happypermi: presenting critical data flows in mobile application to raise user security awareness. In: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems (CHI EA 2019), pp. 1–6. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3290607.3312914

  7. Bandura, A.: Self-efficacy: toward a unifying theory of behavioral change. Psychol. Rev. 84(2), 191 (1977)

    Article  Google Scholar 

  8. Barata, G., Gama, S., Jorge, J., Gonçalves, D.: Studying student differentiation in gamified education: a long-term study. Comput. Hum. Behav. 71, 550–585 (2017). https://doi.org/10.1016/j.chb.2016.08.049

    Article  Google Scholar 

  9. Barth, S., de Jong, M.D., Junger, M., Hartel, P.H., Roppelt, J.C.: Putting the privacy paradox to the test: online privacy and security behaviors among users with technical knowledge, privacy awareness, and financial resources. Telematics Inform. 41, 55–69 (2019). https://doi.org/10.1016/j.tele.2019.03.003

    Article  Google Scholar 

  10. Boyle, E.A., Connolly, T.M., Hainey, T., Boyle, J.M.: Engagement in digital entertainment games: a systematic review. Comput. Hum. Behav. 28(3), 771–780 (2012). https://doi.org/10.1016/j.chb.2011.11.020

    Article  Google Scholar 

  11. Chitkara, S., Gothoskar, N., Harish, S., Hong, J.I., Agarwal, Y.: Does this app really need my location? context-aware privacy management for smartphones. Proc. ACM Interact. Mob. Wearable Ubiquit. Technol. 1(3), 1–22 (2017). https://doi.org/10.1145/3132029

  12. Das, A., Khan, H.U.: Security behaviors of smartphone users. Inf. Comput. Secur. 24(1), 116–134 (2016)

    Article  Google Scholar 

  13. Di Geronimo, L., Braz, L., Fregnan, E., Palomba, F., Bacchelli, A.: UI Dark Patterns and Where to Find Them: A Study on Mobile Applications and User Perception, pp. 1–14. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3313831.3376600

  14. Ebert, N., Alexander Ackermann, K., Scheppler, B.: Bolder is better: raising user awareness through salient and concise privacy notices. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI 2021). Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411764.3445516

  15. Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: User attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS 2012). Association for Computing Machinery, New York (2012). https://doi.org/10.1145/2335356.2335360

  16. Frik, A., Kim, J., Sanchez, J.R., Ma, J.: Users’ expectations about and use of smartphone privacy and security settings. In: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI 2022). Association for Computing Machinery, New York (2022). https://doi.org/10.1145/3491102.3517504

  17. Hamari, J., Koivisto, J.: Social motivations to use gamification: an empirical study of gamifying exercise. In: Proceedings of the 21st European Conference on Information Systems (ECIS 2013). Association for Information Systems (2013). European Conference on Information Systems, ECIS; Conference date: 06-06-2013 Through 08-06-2013

    Google Scholar 

  18. Harbach, M., Hettig, M., Weber, S., Smith, M.: Using personal examples to improve risk communication for security and privacy decisions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI 2014), pp. 2647–2656. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2556288.2556978

  19. Hendrix, M., Al-Sherbaz, A., Victoria, B.: Game based cyber security training: are serious games suitable for cyber security training? Int. J. Ser. Games 3(1), 53–61 (2016). https://doi.org/10.17083/ijsg.v3i1.107

  20. Hiebert, J., Lefevre, P.: Conceptual and procedural knowledge in mathematics: an introductory analysis. Concept. Proced. Knowl.: Case Math. 2, 1–27 (1986)

    Google Scholar 

  21. Iosup, A., Epema, D.: An experience report on using gamification in technical higher education. In: Proceedings of the 45th ACM Technical Symposium on Computer Science Education (SIGCSE 2014). pp. 27–32. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2538862.2538899

  22. Karthick, S., Binu, S.: Android security issues and solutions. In: 2017 International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), pp. 686–689 (2017). https://doi.org/10.1109/ICIMIA.2017.7975551

  23. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Blyth, J., Dietrich, S., Camp, L.J. (eds.) FC 2012. LNCS, vol. 7398, pp. 68–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34638-5_6

    Chapter  Google Scholar 

  24. Krath, J., Schürmann, L., von Korflesch, H.F.: Revealing the theoretical basis of gamification: a systematic review and analysis of theory in research on gamification, serious games and game-based learning. Comput. Hum. Behav. 125, 106963 (2021). https://doi.org/10.1016/j.chb.2021.106963

    Article  Google Scholar 

  25. Li, K., Cheng, L., Teng, C.I.: Voluntary sharing and mandatory provision: private information disclosure on social networking sites. Inf. Process. Manag. 57(1), 102128 (2020). https://doi.org/10.1016/j.ipm.2019.102128

    Article  Google Scholar 

  26. Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences: Restoring usability in a sea of permission settings. In: 10th Symposium On Usable Privacy and Security (SOUPS 2014), pp. 199–212. USENIX Association, Menlo Park (2014). https://www.usenix.org/conference/soups2014/proceedings/presentation/lin

  27. Liu, B., et al.: Follow my recommendations: a personalized privacy assistant for mobile app permissions. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pp. 27–41. USENIX Association, Denver (2016). https://www.usenix.org/conference/soups2016/technical-sessions/presentation/liu

  28. McCormick, R.: Conceptual and procedural knowledge. Int. J. Technol. Des. Educ. 7, 141–159 (1997)

    Article  Google Scholar 

  29. Michel, M.C.K., King, M.C.: Cyber influence of human behavior: personal and national security, privacy, and fraud awareness to prevent harm. In: 2019 IEEE International Symposium on Technology and Society (ISTAS), pp. 1–7 (2019). https://doi.org/10.1109/ISTAS48451.2019.8938009

  30. Peruma, A., Palmerino, J., Krutz, D.E.: Investigating user perception and comprehension of android permission models. In: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft 2018), pp. 56–66. Association for Computing Machinery, New York(2018). https://doi.org/10.1145/3197231.3197246

  31. Rittle-Johnson, B., Siegler, R.S., Alibali, M.W.: Developing conceptual understanding and procedural skill in mathematics: an iterative process. J. Educ. Psychol. 93(2), 346 (2001)

    Article  Google Scholar 

  32. Sheng, S., et al.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS 2007), pp. 88–99. Association for Computing Machinery, New York (2007). https://doi.org/10.1145/1280680.1280692

  33. Stevens, R., Ganz, J., Filkov, V., Devanbu, P., Chen, H.: Asking for (and about) permissions used by android apps. In: 2013 10th Working Conference on Mining Software Repositories (MSR), pp. 31–40. IEEE (2013)

    Google Scholar 

  34. Student. The probable error of a mean. Biometrika 6(1), 1–25 (1908)

    Google Scholar 

  35. Taha, N., Dahabiyeh, L.: College students information security awareness: a comparison between smartphones and computers. Educ. Inf. Technol. 26(2), 1721–1736 (2021). https://doi.org/10.1007/s10639-020-10330-0

  36. Tsai, Y.L., Tsai, C.C.: A meta-analysis of research on digital game-based science learning. J. Comput. Assist. Learn. 36(3), 280–294 (2020). https://doi.org/10.1111/jcal.12430

    Article  Google Scholar 

  37. Turner, A.P., Martinek, T.J.: An investigation into teaching games for understanding: effects on skill, knowledge, and game play. Res. Q. Exerc. Sport 70(3), 286–296 (1999). https://doi.org/10.1080/02701367.1999.10608047. pMID: 10522286

  38. Wang, H., Li, H., Li, L., Guo, Y., Xu, G.: Why are android apps removed from google play? a large-scale empirical study. In: Proceedings of the 15th International Conference on Mining Software Repositories (MSR 2018), pp. 231–242. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3196398.3196412

  39. Willingham, D.B., Nissen, M.J., Bullemer, P.: On the development of procedural knowledge. J. Exp. Psychol. Learn. Mem. Cogn. 15(6), 1047 (1989)

    Article  Google Scholar 

  40. Wottrich, V.M., van Reijmersdal, E.A., Smit, E.G.: The privacy trade-off for mobile app downloads: the roles of app value, intrusiveness, and privacy concerns. Decis. Supp. Syst. 106, 44–52 (2018). https://doi.org/10.1016/j.dss.2017.12.003

    Article  Google Scholar 

  41. Zhang-Kennedy, L., Chiasson, S.: A systematic review of multimedia tools for cybersecurity awareness and education. ACM Comput. Surv. 54(1), 1–39 (2021). https://doi.org/10.1145/3427920

  42. Zichermann, G., Cunningham, C.: Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps. O’Reilly Media, Inc. (2011)

    Google Scholar 

Download references

Acknowledgments

This work was funded by the Klaus Tschira Foundation.

Author information

Authors and Affiliations

  1. Digital Media Lab, TZI, University of Bremen, Bremen, Germany

    Mehrdad Bahrini, Joffrey Weglewski, Karsten Sohr & Rainer Malaka

Authors
  1. Mehrdad Bahrini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joffrey Weglewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Karsten Sohr
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rainer Malaka
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehrdad Bahrini .

Editor information

Editors and Affiliations

  1. Universidad de Los Andes, Bogotá, Colombia

    Pablo Figueroa

  2. University of Bologna, Bologna, Italy

    Angelo Di Iorio

  3. Universidade do Estado do Amazonas, Manaus, Brazil

    Daniel Guzman del Rio

  4. Universidade Federal Fluminense, Niterói, Rio de Janeiro, Brazil

    Esteban Walter Gonzalez Clua

  5. Universidade do Estado do Amazonas, Manaus, Brazil

    Luis Cuevas Rodriguez

Appendices

Appendix A: Questionnaires

1.1 A.1. Android Awareness Questions

  • How do you usually install an app on your smartphone?

  • What information do you look for before installing an app?

  • Based on the previous question, how do you find this information?

  • Do you pay attention to the permissions of a new app?

  • Are you comfortable determining whether or not requested permissions are required?

  • Do permissions affect your decision to download or use an app?

  • How concerned are you about your privacy when installing a new app?

  • Can you comfortably determine if an app violates your privacy?

1.2 A.2. Post-exposure Questions: Overall Risk Assessment

  • How do you assess the risk of the installed Flashlight app violating your privacy?

  • How do you assess the risk of the installed Game app violating your privacy?

  • How do you assess the risk of the installed Health & Fitness app violating your privacy?

  • How do you assess the risk of the installed Social Media app violating your privacy?

1.3 A.3. Post-exposure Questions: Categories Risk Assessment

  • Which of the queries in the Flashlight app pose a risk to your privacy, and to what extent?

  • Which of the queries in the Game app pose a risk to your privacy, and to what extent?

  • Which of the queries in the Health & Fitness app pose a risk to your privacy, and to what extent?

  • Which of the queries in the Social Media app pose a risk to your privacy, and to what extent?

1.4 A.4. Post-exposure Questions: Feedback (App-Info Group)

  • The App-Info page displays information about installed apps in the Android settings. Do you use this page on your smartphone?

  • How satisfied are you that the App-Info page contains enough security and privacy information about the specific app?

  • On Android, you can manage permissions through settings. However, some settings in the apps can affect your privacy. Do you think Android needs a mechanism to indicate security and privacy concerns about an app?

  • If you have an idea about such a mechanism based on the last question, please share how the Android settings or the Google Play Store should inform users about app privacy and security.

1.5 A.5. Post-exposure Questions: Feedback (UDAP Group)

  • The UDAP page displays information about installed apps in the Android settings. Do you want to see and use it on your smartphone?

  • How satisfied are you that the UDAP page contains enough security and privacy information about the specific app?

  • On Android, you can manage permissions through settings. However, some settings in the apps can affect your privacy. Do you think Android needs the UDAP mechanism to indicate security and privacy concerns about an app?

  • The UDAP mechanism can be implemented either in the Google Play Store or in the Android operating system. In which environment would you prefer this mechanism?

  • Based on the last question, please indicate to what extent the UDAP should inform users about app privacy and security in Android settings or the Google Play Store.

Appendix B: The Screenshots of the Simulator

The following screenshots show the flashlight app’s configuration post-installation and initial use. Players are tasked with identifying the essential information needed for this app.

Fig. 3.
figure 3

During this step, a player installs the desired app, in this case, a flashlight, and launches it for the first time. To utilize the app, the player needs to configure its settings. On the left, the player can create an account; in the middle, provide demographic information; and on the right, specify Simon’s job occupation. The player must decide for each step whether this information is required when using this app.

Full size image
Fig. 4.
figure 4

The three screenshots offer the player various choices: granting permissions on the left, inputting financial information in the middle, and providing health information on the right. The player has the option to either configure or skip each of these choices.

Full size image

Appendix C: The Screenshots of the UDAP Interface

Fig. 5.
figure 5

The two screenshots guide the player regarding the “About Me” category in UDAP, showing insights into possible data leakage from actions and app features. These insights are accessible through tapping and accompanying privacy and security statements.

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2025 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bahrini, M., Weglewski, J., Sohr, K., Malaka, R. (2025). Empowering User Security Awareness and Risk Assessment Within Gamified Smartphone Environment. In: Figueroa, P., Di Iorio, A., Guzman del Rio, D., Gonzalez Clua, E.W., Cuevas Rodriguez, L. (eds) Entertainment Computing – ICEC 2024. ICEC 2024. Lecture Notes in Computer Science, vol 15192. Springer, Cham. https://doi.org/10.1007/978-3-031-74353-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-74353-5_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-74352-8

  • Online ISBN: 978-3-031-74353-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics