Article Preview
TopIntroduction
The smartphone has gone beyond its fundamental communications role and graduated as an extension of a user's personality. People use smartphones not only to keep in touch with others, but also to express their attitude and interests. The growing number of mobile applications (apps) attracts new smartphone users to app stores, which motivates app developers to offer higher-quality apps (Barnett, Vasa, & Grundy, 2015). In the first quarter of 2019, Android users could choose from 2.6 million apps, while Apple users could download from 2.2 million apps (Business of apps, 2019). Mobile apps enable users to use Internet services available on desktop or computers, as well as offering mobile device functionality. Mobile apps offer consumers a vast range of services, including e-mail, surfing the Internet, conducting global searches, playing games, shopping online, using location-based services such as GPS (Ngai & Gunasekaran, 2007) and automotive applications (Le, den Hartog, & Zannone, 2018). Apps also enable consumers to use health services (Hussain et al., 2018; Deng, Mo, & Liu, 2014), engage in mobile banking (Gu, Lee, & Suh, 2009), and make social contact with others across a broad spectrum of social media platforms (Ferrag & Korba, 2019). However, with the random proliferation of apps across cyberspace, finding secure apps to download can be difficult for users (Song, Kima, Jones, Baker, & Chin, 2014).
Mobile devices have weaker defense capabilities than PCs because their design has focused on portability, low power consumption, and easy access rather than security (Miller, Voas, & Hurlburt, 2012). This fact and the increasing popularity of smartphones have raised many security concerns (Leavitt, 2011; McAfee Report, 2011). A major concern is that smartphones are becoming easy targets for hackers. Compared to personal computers (PCs), smartphones are more vulnerable as more people are using smartphones to do several personal tasks including financial transactions, which are especially attractive for cyber attackers (Yao, Chuang, & Hsu, 2018). Over one million smartphone users were hit in the first half of 2011 by Android malware while downloading apps. Between 2015 and 2016, there were 8.5 million malware attacks on smartphones (TechRepublic, 2017). Some of these attacks were specifically designed to destroy users’ private data or disclose them to a third party. In 2019, Positive Technologies’ yearly report on vulnerabilities in mobile apps have stated that critical vulnerabilities are more common in Android apps compared to Apple apps (43% vs. 38%) (Help Net Security, 2019).
Apps often require more permissions for downloading than they actually need, while users cannot understand the risks posed by granting these permissions (Jorgensen, Chen, Gates, Li, Proctor &Yu, 2015). Moreover, most app developers are not experts in the area of app security and privacy and rarely notice any potential security risks included in the process of software development. Recent studies have shown that smartphone users have a poor understanding of app permissions (Felt, Ha, Egelman, Haney, Chin, & Wagner, 2012). The majority of mobile users don’t pay attention to permissions needed when they install an app on their mobile phones (Felt et al., 2012). In a study by the Wall Street Journal regarding applications available for Android and the iPhone platforms, it has found that the majority of mobile apps collect personal information such age, gender and location and then they provide them to other companies without user consent (Angwin, McGinty, 2010). This is important because unsecured apps are growing extremely faster than secured ones. While there were 2,605,835 Android apps in 2017, 12% of them are considered low quality (AppBrain, 2019).