Display of major risk categories for android apps.

Communicating cybersecurity risks to mobile-device users is essential. However, existing means of conveying the risks through detailed permission lists are ineffective. Risk indexes that convey overall risk are effective at influencing app-selection decisions, but many users want more information. We examined how users assess the risks associated with downloading applications on the Android platform by comparing various graphical formats of intermediate-level risk displays containing three risk categories: personal privacy; monetary loss; device stability. Bar-graph and table formats were compared, as were vertical and horizontal displays. Participants performed app risk-rating (Experiment 1) and app-selection (Experiments 2 and 3) tasks for hypothetical apps with risk scores on each of the categories. They also specified which risk category was of most concern to them. Increased risk scores in each category led to higher rated risk and lower app-selection rate which matched with self-reported risk concerns. Bar-graphs were more time-efficient and yielded higher risk-ratings than tables, although the two formats did not differ in the app-selection task. Moreover, horizontal bar-graphs yielded faster responses than vertical bar-graphs. The results indicate that the intermediate-level risk display was effective in conveying risk-category information, especially with horizontal bar-graphs, and personalized design of this display based on users’ risk concerns is potentially useful. (PsycINFO Database Record (c) 2018 APA, all rights reserved)