skip to main content
10.1145/2815782.2815802acmotherconferencesArticle/Chapter ViewAbstractPublication PageshtConference Proceedingsconference-collections
research-article

Towards a Smartphone User Competency Evolution Model

Published: 28 September 2015 Publication History

Abstract

Over the past few years smartphones have evolved from being basic devices that support stock-standard, static Operating Systems (OSs) to powerful devices that are capable of running dynamic, customizable OSs. In turn, these OSs also support the installation of additional, mobile applications (apps) on the fly. With an increase in the number of apps that users may choose to install on their smartphones, the vulnerability of the information stored on the device potentially also increases as a result. This is due to the fact that cyber criminals are able to write apps that can often gain access to not only personal user information, but also sensitive organizational information stored on these smartphone devices.
In this paper we have a look at smartphone OS trends over the past 5 years on both a global and a local scale. We subsequently identify Android as the top grossing OS in both scenarios making it the most popular OS in the world. We proceed with an investigation of various aspects relating to smartphone apps including a discussion on some of the official app distribution platforms (referred to as marketplaces), the problems experienced by marketplaces due to malicious apps being distributed and also the current techniques being employed in an attempt to minimize the publication of malicious apps. We continue our discussion on apps by looking at the typical process followed for downloading and also updating an app -- these are in turn used to form a complete user journey map of a generic app marketplace.
Finally, we focus our attention to the smartphone user. By introducing the Smartphone User Competency Evolution (SUCE) model as well as the Smartphone Application User Security Competency Evolution (SAUSCE) model, we discuss the significance of determining an individual user's level of understanding and competence relating to the usage of their smartphone and the apps installed on it.
We conclude by noting that the SAUSCE model could potentially aid individual users and/or their organizations at providing level appropriate training and awareness to aid smartphone users in their ongoing battle against smartphone abusers. The efficacy that such a model may have when used in conjunction with other best practices however, relies greatly on the successful implementation of `if the shoe fits, put it on' understanding, regulation and enforcement. As a result, it will no longer be a question of if the shoe fits, put it on, but rather, if the smartphone security level fits, put (switch) it on.

References

[1]
StatCounter GlobalStats. Top 8 Mobile Operating Systems from 2010 to 2015. Retrieved June 1, 2015 from http://gs.statcounter.com/#mobile_os-ww-yearly-2010-2015.
[2]
StatCounter GlobalStats. Top 8 Mobile Operating Systems in South Africa from 2010 to 2015. Retrieved June 1, 2015 from http://gs.statcounter.com/#mobile_os-ZA-yearly-2010-2015.
[3]
Wu, L., Grace, M., Zhou, Y., Wu, C., and Jiang, X. 2013. The Impact of Vendor Customizations on Android Security. In CSS'13 (November 4-8, 2013, Berlin, Germany). DOI= http://dx.doi.org/10.1145/2508859.2516728.
[4]
Google. 2015. Google play. Retrieved June1, 2015 from https://play.google.com/store?hl=en.
[5]
Apple. 2015. iTunes. Retrieved June 1, 2015 from https://www.apple.com/itunes/charts/free-apps/.
[6]
Microsoft. 2015. Windows Phone. Retrieved June 1, 2015 from http://www.windowsphone.com/en-za/store.
[7]
Hypponen, M. 2006. Malware goes Mobile. In Scientific American, 295, pp70--77. DOI= 10.1038/scientificamerican1106-70.
[8]
Viennot, N., Garcia, E., and Nieh, J. 2014. A Measurement Study of Google Play. In Proceeding of SIGMETRICS'14, June 16-20, 2014, Austin, Texas, USA. DOI= http://doi.acm.org/10.1145/2591971.2592003.
[9]
Zhou, Y. and Jiang, X. 2012. Dissecting Android Malware: Characterization and Evolution. In 2012 IEEE Symposium on Security and Privacy (SP), 20--23 May 2012, San Francisco, CA, 95--109. DOI= http://doi.acm.org/10.1109/SP.2012.16.
[10]
Zhou, W., Zhou, Y., Jiang, X., and Ning, P. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In CODASPY'12, February 7--9, San Antonio, Texas, USA.
[11]
Zhang, Y., Yang, M., Xu, B., Yang, Z., Gu, G., Ning, P., Wang, X. S., and Zang, B. 2013. Vetting Undesirable Behaviors in Android Apps with permission Use Analysis. In Proceeding of CCS'13, November 4-8, 2013, Berlin, Germany. DOI= http://doi.acm.org/10.1145/2508859.2516689.
[12]
Zhou, Y., Wang, Z., Zhou, W., and Jiang, X. 2012. Hey, You, Get Off of My Market: Detecting Malicious Apps in Official and Alternative Android Markets. In NDSS, The Internet Society, 2012.
[13]
Xu, Z. and Zhu, S. 2012. Abusing Notification Services on Smartphones for Phishing and Spamming. In USENIX Workshop on Offensive Technologies (WOOT), 2012.
[14]
Wu, L., Grace, M., Zhou, Y., Wu, C., and Jiang, X. 2013. The Impact of Vendor Customization on Android Security. In CCS'13, November 4-8, 2013, Berlin, Germany. DOI= 10.1145/2508859.2516728.
[15]
Davi, L., Dmitrienko, A., Sadeghi, A., and Winandy, M. 2011. Privilege Escalation Attacks on Android. In Proceedings of the 13th international conference on Information security (ISC'10), Springer-Verlag, Berlin, Heidelberg, 346--360.
[16]
Peng, H., Gates, C., Sarma, B., Li, N., Qi, Y., Potharaju, R., Nita-Rotaru, C., and Molloy, I. 2012. Using Probabilistic Generative Models for Ranking Risks of Android Apps. In CCS'12, October 16--18, 2012, Raleigh, North Carolina, USA.
[17]
Felt, A. P., Ha, E. Egelman, S., Haney, A., Chin, E., and Wagner, D. 2012. In Symposium on Usable Privacy and Security (SOUPS) 2012, July 11--13, Washington, DC. USA.
[18]
Nauman, M., Khan, S., and Zhang, X. 2010. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In ASIACCS'10, April 13--16, 2010, Beijing, China.
[19]
MalwareTips. Remove virus from Android phone (Pop-up Ads and Adware). Retrieved June 4, 2015 from http://malwaretips.com/blogs/remove-android-virus/.
[20]
Amazon.com. Getting Started with the Amazon Appstore for Android. Retrieved June 4, 2015 from https://www.amazon.com/gp/feature.html?ie=UTF8&docId=1000626391.
[21]
Chang, R. 2014. 10 Alternative Android App Stores. Retrieved June 4, 2015 from http://code.tutsplus.com/articles/10-alternative-android-app-stores--cms-20999.
[22]
Donovan, J. 2015. How to root your Android phone or tablet in 2015(and unroot it). Retrieved June 8, 2015 from http://www.digitaltrends.com/mobile/how-to-root-android/.
[23]
Allam, S. and Flowerday, S. 2010. A Model to Measure the Maturity of Smartphone Security at Software Consultancies. In Proceedings of the South African Information Security Multi-Conference (SAISMC 2010).

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SAICSIT '15: Proceedings of the 2015 Annual Research Conference on South African Institute of Computer Scientists and Information Technologists
September 2015
423 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 September 2015

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Android
  2. BYOD
  3. Bring Your Own Device
  4. Smartphone applications
  5. application lifecycle
  6. application marketplace
  7. smartphone application permissions

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

SAICSIT '15

Acceptance Rates

SAICSIT '15 Paper Acceptance Rate 43 of 119 submissions, 36%;
Overall Acceptance Rate 187 of 439 submissions, 43%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 168
    Total Downloads
  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media