Trust it or not? An empirical study of rating mechanism and its impact on Smartphone malware propagation

Wenjuan Li, Lijun Jiang, Weizhi Meng, Lam For Kwok

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

1 Citation (Scopus)

Abstract

Malicious applications (malware) have attracted much attention from both academia and industry. Thanks to this, common users start to install anti-malware tools to help protect their phones. However, we notice that attackers can still take advantage of some existing mechanisms to induce users to download malware and bypass anti-malware software. In this paper, we focus on the app rating mechanism on smartphones and aim to evaluate its impact on malware propagation. More specifically, we investigate how this mechanism can be maliciously used to leverage the trust levels of users and achieve particular goals (i.e., inducing users to download malware). In the evaluation, we develop a malicious rating system and conduct a study with over 400 participants. Our results indicate that such rating mechanism can affect users’ trust on app download and can be utilized to propagate malware.

Original languageEnglish
Title of host publicationTrust Management X - 10th IFIP WG 11.11 International Conference, IFIPTM 2016, Proceedings
EditorsSheikh Mahbub Habib, Max Muhlhauser, Julita Vassileva, Sjouke Mauw
PublisherSpringer New York LLC
Pages146-153
Number of pages8
ISBN (Print)9783319413532
DOIs
Publication statusPublished - 2016
Externally publishedYes
Event10th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2016 - Darmstadt, Germany
Duration: 18 Jul 201622 Jul 2016

Publication series

NameIFIP Advances in Information and Communication Technology
Volume473
ISSN (Print)1868-4238

Conference

Conference10th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2016
Country/TerritoryGermany
CityDarmstadt
Period18/07/1622/07/16

Keywords

  • Anti-malware software
  • Malicious applications
  • Rating mechanism
  • Smartphone security
  • User trust and awareness

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Cite this