We are happy to announce that a new paper was recently published at Behaviour & Information Technology. You can read the complete paper here.  The paper is a collaborative work headed by Hadas Chassidim and Christos Perentis and with Bruno Lepri, head of the Mobile and Social Computing Lab (MobS Lab) at Fondazione Bruno Kessler (Trento, Italy).

Would users trust mobile anti-virus applications? The paper looks at a pretty straightforward settings: security apps installed on phones and computers can access pretty sensitive information, so they present a tradeoff to users: protection from third party adversaries versus privacy risks from the security companies themselves. How do users make decisions given this tradeoff? So our objective was to examine factors affecting the willingness to install mobile security applications by taking into account the invasion levels and security features of cyber-security applications

To answer this question, we have developed a visual language that depicts the coverage of different security features as well as privacy intrusiveness levels. We have used it in a vignette study with 300 participants. The results show that users perceive that a low privacy invasion might signal that the security application provides less security.

The paper is part of the project Privacy-Aware Cyber-Security, funded by the Israel Ministry of Science-Italy Cooperation, with other PIs, Erez Shmueli (TAU), Claudio Bettini (Milan) and Bruno Lepri (FBK).

Here is the abstract:

Installing security applications is a common way to protect against malicious apps, phishing emails, and other threats in mobile operating systems. While these applications can provide essential security protections, they also tend to access large amounts of people’s sensitive information. Therefore, individuals need to evaluate the trade-off between the security features and the privacy invasion when deciding on which protection mechanisms to use. In this paper, we examine factors affecting the willingness to install mobile security applications by taking into account the invasion levels and security features of cyber-security applications. To this end, we propose a visual language that depicts the coverage of different security features as well as privacy intrusiveness levels. Our user study (n=300) shows that users assessing security applications find their trade-off balance in highly secure apps with a medium level of privacy invasion. The results indicate that a low privacy invasion might signal that the security application provides less security. We discuss these findings in the context of understanding the trade-off between privacy and security.