Use of ratings from personalized communities for trustworthy application installation

  • Authors:

  • Pern Hui Chia;Andreas P. Heiner;N. Asokan

  • Affiliations:

  • Q2S NTNU, Trondheim, Norway;Nokia Research Centre, Helsinki, Finland;Nokia Research Centre, Helsinki, Finland

  • Venue:
  • NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

The problem of identifying inappropriate software is a daunting one for ordinary users. The two currently prevalent methods are intrinsically centralized: certification of "good" software by platform vendors and flagging of "bad" software by antivirus vendors or other global entities. However, because appropriateness has cultural and social dimensions, centralized means of signaling appropriateness is ineffective and can lead to habituation (user clicking-through warnings) or disputes (users discovering that certified software is inappropriate). In this work, we look at the possibility of relying on inputs from personalized communities (consisting of friends and experts whom individual users trust) to avoid installing inappropriate software. Drawing from theories, we developed a set of design guidelines for a trustworthy application installation process. We had an initial validation of the guidelines through an online survey; we verified the high relevance of information from a personalized community and found strong user motivation to protect friends and family members when know of digital risks. We designed and implemented a prototype system on the Nokia N810 tablet. In addition to showing risk signals from personalized community prominently, our prototype installer deters unsafe actions by slowing the user down with habituation-breaking mechanisms. We conducted also a hands-on evaluation and verified the strength of opinion communicated through friends over opinion by online community members.