Indiana University Bloomington

School of Informatics and Computing

Technical Report TR736:
Peeling the Lemons Problem with Risk Communication for Mobile Apps

Behnood Momenzadeh, School of Informatics and Computing, Indiana University Bloomington, Jean Camp, School of Informatics and Computing, Indiana University Bloomington
(Jun 2017), 9
[This is being posted for sharing with the FTC as a tech report only. It is Ph.D. work, but a first draft.]
Abstract:
Information asymmetry is a common challenge in information security. This information asymmetry arguably exists in app markets, where people do not understand permissions and have little information on the security of apps. It is not feasible to compare apps based on security and privacy in current app stores. Solving this lemons market problem requires the creation of signals that allow users to differentiate between otherwise indistinguishable goods: more or less secure. In the case of mobile app selection, effective signals should distinguish apps from with lower or higher quality in terms of information security and privacy. To function, such signals should be meaningful, available at or before a decisions is made, and easy to understand. We used the lock icon as a cue, due to its connection with security, and implemented a ratings scale based on We developed an extended Play Store that embedded information security signals. We recruited sixty participants to test the interaction using tablets running Jelly Bean with the cues, as well as the standard user ratings, download count, and permissions interface. The result was that participants chose apps with higher security ratings, and accepted apps with lower ratings or lessor download counts to obtain apps with higher security ratings. We conclude with comparing our results to the users’ behavior in Android Market and show how improving security in the Android ecosystem, can be an economic solution to a lemons market challenge.

Available as: