What makes Web sites credible?: a report on a large quantitative study
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
User-Centered Security: Stepping Up to the Grand Challenge
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Proceedings of the 17th ACM conference on Computer and communications security
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
A survey of mobile malware in the wild
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
Attacks on WebView in the Android system
Proceedings of the 27th Annual Computer Security Applications Conference
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
One of the most popular and powerful tools to develop Android apps is WebView, through which app developers can implement a functionally limited but versatile browser inside an app. However, unlike the traditional web browsers that support various visual security cues and alerts such as a padlock to inform users of the security status of current communications, Android apps using WebView do not support any of these. Hence, it is very unlikely that users are able to perceive imminent threats or to find out if they are accessing a legitimate website or submitting their login credentials on a secure channel such as SSL. In this paper we discuss an empirical study that analyzed 212 most popular Android apps to investigate their SSL support for authentication, visual security cue usage, and vulnerability to the man-in-the-middle (MITM) attack, especially the SSLstripping attack. Visual security cues for enabling better user perception and understanding of current security situations are proposed and a user study to test their effectiveness is discussed.