Beware of malicious apps, especially when multitasking

Even the most highly educated among us, which means those with experience at detecting computer security threats, are susceptible to malicious apps that bypass the most secure encryption and gain access to confidential data on a mobile device, warn researchers from North Carolina State University.

Before installing a new app on your mobile device, you need to be mindful of the security risks.

In a presentation at the upcoming HFES 2015 International Annual Meeting in Los Angeles (Oct 26-30), Qian Liu and co-authors, from North Carolina State University, note that human factors/ergonomics research could help designers in the creation of a just-in-time warning system that takes into account the decision-making abilities of the user while alerting him/her that the current conditions – especially while multitasking – may lead to errors.

Malicious appsWhen we are doing several different things at the same time (multitasking), we are more likely to download malicious apps.

Liu and colleagues examined which conditions are most likely to lead to security errors among mobile device users.

In their Annual Meeting paper, ‘Multitasking Increases Stress and Insecure Behavior on Mobile Devices,” they asked sixty-five people to install 24 apps on a Samsung Nexus S mobile phone. The volunteers were aged 19 to 46 and were enrolled in computer science and psychology courses.

Even tech savvy people vulnerable to malicious apps

The participants selected apps from a fake store that offered them in eight categories: shopping, podcasts, maps, food, sports, banking, music and chat.

The store described star ratings, reviews, permissions, and number of reviews for each app. The number of reviews and permissions were identical in each app; the content of the reviews contained security cues which indicated which apps were malicious.

After looking at information about the apps, the volunteers were asked to identify the only safe app while navigating through the store interface and performing two other tasks during multitasking trials.

They also had to rate their stress levels and explain why they selected the app as safe.

These were highly educated individuals who had much greater than average experience detecting computer security threats.

However, they were still vulnerable to the effects of multitasking. The study found that they chose a safe app only about half the time.

Multitasking increases susceptibility

The study showed that multitasking with a mobile device creates stress and encourages non-secure mobile behavior.

Liu said:

“We chose multitasking to focus on because when mobile phone users are doing other things, such as talking with a friend, driving while using apps, or using two or more apps at once, they experience more stress and are more likely to choose unsafe apps.”

A different, recent study discovered 277 malware families in 2014 alone (Hypponen, 2014).

HF/E researchers can help users of mobile devices manage this risk. Mobile devices may offer a partial solution – most of them are equipped with a range of sensors that could vary guards and warnings with context, making them more secure.

However, when mobile users are multitasking, designers could create another level of warnings and guard against error, the researchers said.

Video – Malicious apps

Computer security expert Graham Cluley discusses malicious apps. He says Android systems are currently under the greatest attack.