14:00 - 14:18
Adoption, Use and Diffusion of Crisis Apps in Germany: A Representative Survey
1Technische Universität Darmstadt, Science and Technology for Peace and Security (PEASEC) Deutschland; 2Universität Siegen, Institute for Information Systems, Deutschland
The research field of crisis informatics examines the potentials and limitations of information and communication technology in crises, disasters, and emergencies. Although ICT plays an increasingly large role in crisis response and management, in-depth studies on crisis apps and similar technology in the context of an emergency have been missing. Based on responses by 1024 participants in Germany, we examine the diffusion, usage, perception and adoption of mobile crisis apps as well as required functions and improvements. We conclude that crisis apps are still a little-known form of disaster ICT, but have potential for enhancing communication, keeping users up to date and providing a more effective crisis management as supplement to other media channels dependent on different underlying infrastructures. However, they should be adaptable to user characteristics, consider privacy, allow communication and offer valuable information to raise awareness of potential disasters without creating an overload. Also, the familiarity with and trust in crisis apps should be addressed to maximize their beneficial impact on crisis communication and management. We discuss further implications as well as directions for future research with larger target groups and specific usage scenarios.
14:18 - 14:36
Heuristics and Models for Evaluating the Usability of Security Measures
Fraunhofer IESE, Deutschland
Security mechanisms are nowadays part of almost every software. At the same time, they are typically sociotechnical and require involvement of end users to be effective. The usability of security measures is thus an essential factor. Despite this importance, this aspect often does not receive the necessary attention, for example due to short resources like time, budget, or usability experts. In the worst-case, users reject or circumvent even strong security measures and technically secure systems become insecure. To tackle the problem of unusable security measures, we developed a heuristics-based usability evaluation and optimization approach for security measures. In order to make heuristics applicable also for non-usability experts, we enrich them with information from a joint model for usability and security. In particular, this approach allows developers and administrators to perform usability evaluations and thus enables an early tailoring to the user, complementary to expert or user reviews. In this paper, we present our approach, including an initial set of heuristics, a joint model for usability and security and a set of mapping rules that combine heuristics and model. We evaluated the applicability of our approach, which we present in this paper.
14:36 - 14:54
Between Effort and Security: User Assessment of the Adequacy of Security Mechanisms for App Categories
Technische Universität Darmstadt, Science and Technology for Peace and Security (PEASEC), Germany
With the increasing popularity of the smartphone, the number of people using it for financial transactions such as online shopping, online banking or mobile payment is also growing. Apps used in these contexts store sensitive and valuable data, creating a need for security measures. It has not yet been researched to what extent certain authentication mechanisms, which can be information-, biometric- as well as token-based, are suitable for individual apps and the respective data. The goal of this work is to assess how perceived security and estimated effort of using such mechanisms, as well as the degree to which app data is considered worth protecting, influence users’ choices of appropriate measures to protect app categories. Therefore, we conducted a representative study (n=1024). On the one hand, our results show that a positive correlation between perceived security and effort exists for all investigated non-biometric authentication methods. On the other hand, the study sheds light on the differences between the investigated app categories and the users’ choice of the appropriate security mechanisms for the particular category. In contrast to perceived security having a positive influence on a user’s preference of mechanism, a relation can hardly be identified for effort. Moreover, app data sensitivity does not seem relevant for the users’ choice of security mechanism.
14:54 - 15:12
Make my Phone Secure! Using Gamification for Mobile Security Settings
Digital Media Lab, University of Bremen, Germany
Granting permissions in different contexts to applications on mobile devices might pose a direct threat to the users' security and privacy by granting access to sensitive information. Although, Android permission dialogues already provide information about possible dangerous permissions, users might still not be aware of the consequences. Therefore, appropriate solutions for empowering users and raising awareness should be examined. As gamified applications can motivate players to learn more about rather uninteresting areas, we investigate the potential in the context of mobile security. We developed the gameful application Make my phone secure! for learning how to grant and change permissions. The game presents the Android menu in a playful and explanatory environment. To analyze possible learning effects of the application, we conducted an empirical study, comparing the game and two more basic variants (one with a simple Android menu and one menu enriched with hints concerning the permissions). The lab study (n=18) showed that all three variants could increase the participants' awareness significantly. However, the game was perceived as the most fun variant and provided more informative content than the common menu structures.
15:12 - 15:30
Webtracking im neuen Datenschutzrecht - Gestaltungspotentiale an der Schnittstelle von Rechtswissenschaften und HCI
Uni Siegen, Deutschland
Die DSGVO regelt derzeit den Umgang mit personenbezogenen Daten grundlegend neu und eröffnet dadurch neue Spielräume. Gleichzeitig erzeugt sie große Unsicherheit unter den Betroffenen. Ein Beispiel hierfür sind Webtracker, die Gestaltern auf Basis zum Teil umfangreicher (personenbezogener) Datenerhebung helfen, die Utility und Usability ihrer Webseiten zu verbessern, oder Betreiber deren Finanzierung ermöglichen. Vor diesem Hintergrund zeigen wir in diesem Beitrag zunächst die praktische Relevanz von Webtracking durch die Sammlung der Webtracker der jeweils 100 populärsten Seiten der 28 EU-Mitglieder. Darauf aufbauend zeigen wir, welche Daten diese Tracker sammeln und analysieren Rechtsgrundlagen. Schließlich diskutieren wir mögliche gestalterische und architektonische Konsequenzen zur Erfüllung der rechtlich skizzierten Anforderungen unter Berücksichtigung der Benutzerperspektive.