26th Annual SIGCHI Conference on Human Factors
in Computing Systems, pages 1065–1074, 2008.
[6] A. Egners, B. Marschollek, and U. Meyer. Messing
with Android’s Permission Model. In Proceedings of
the IEEE TrustCom, pages 1–22, 2012.
[7] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung,
P. McDaniel, and A. N. Sheth. TaintDroid: An
Information-flow Tracking System For Realtime
Privacy Monitoring on Smartphones. In Proceedings of
the 9th USENIX Conference on Operating Systems
Design and Implementation, pages 393–407, 2010.
[8] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri.
A Study of Android Application Security. In
Proceedings of the 20th USENIX Conference on
Security, 2011.
[9] W. Enck, M. Ongtang, and P. McDaniel. On
Lightweight Mobile Phone Application Certification.
In Proceedings of the 16th ACM Conference on
Computer and Communications Security, pages
235–245, 2009.
[10] W. Enck, M. Ongtang, and P. McDaniel.
Understanding Android Security. In Proceedings of the
IEEE International Conference on Security & Privacy,
pages 50–57, 2009.
[11] C. Jackson and A. Barth. ForceHTTPS: Protecting
High-security Web Sites From Network Attacks. In
Proceeding of the 17th International Conference on
World Wide Web, pages 525–534, 2008.
[12] M. Marlinspike. More Tricks For Defeating SSL In
Practice. In Black Hat USA, 2009.
[13] M. Marlinspike. New Tricks for Defeating SSL in
Practice. In Black Hat Europe, 2009.
[14] P. McDaniel and W. Enck. Not So Great
Expectations: Why Application Markets Haven’t
Failed Security. IEEE Security & Privacy, 8(5):76–78,
2010.
[15] M. Nauman, S. Khan, and X. Zhang. Apex: Extending
Android Permission Model And Enforcement With
User-defined Runtime Constraints. In Proceedings of
the 5th ACM Symposium on Information, Computer
and Communications Security, pages 328–332, 2010.
[16] A. Porter Felt, E. Chin, S. Hanna, D. Song, and
D. Wagner. Android Permissions Demystified. In
Proceedings of the 18th ACM Conference on Computer
and Communications Security, pages 627–638, 2011.
[17] A. Porter Felt, E. Ha, S. Egelman, A. Haney, E. Chin,
and D. Wagner. Android Permissions: User Attention,
Comprehension, and Behavior. In Proceedings of the
8th Symposium on Usable Privacy and Security, 2012.
[18] G. Portokalidis, P. Homburg, K. Anagnostakis, and
H. Bos. Paranoid Android: Versatile Protection for
Smartphones. In Proceedings of the 26th Annual
Computer Security Applications Conference, pages
347–356, 2010.
[19] A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici,
S. Dolev, and C. Glezer. Google Android: A
Comprehensive Security Assessment. Security &
Privacy, IEEE, 8(2):35–44, 2010.
[20] D. Shin and R. Lopes. An Empirical Study of Visual
Security Cues to Prevent The SSLstripping Attack. In
Proceedings of the 27th Annual Computer Security
Applications Conference, pages 287–296, 2011.
[21] Y. Song, C. Yang, and G. Gu. Who is Peeping at Your
Passwords at Starbucks? – To Catch An Evil Twin
Access Point. In IEEE/IFIP International Conference
on Dependable Systems and Networks, pages 323–332,
2010.
[22] A. Sotirakopoulos and K. Hawkey. ”I Did it Because I
Trusted You”: Challenges With The Study
Environment Biasing Participant Behaviours. In
Proceedings of the 6th Symposium on Usable Privacy
and Security, 2010.
[23] A. Sotirakopoulos, K. Hawkey, and K. Beznosov. On
the Challenges in Usable Security Lab Studies:
Lessons Learned From Replicating a Study on SSL
Warnings. In Proceedings of the 7th Symposium on
Usable Privacy and Security, 2011.
[24] J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and
L. Cranor. Crying Wolf: An Empirical Study of SSL
Warning Effectiveness. In Proceedings of the 18th
USENIX Security Symposium, pages 399–416, 2009.
[25] T. Vidas, D. Votipka, and N. Christin. All Your Droid
Are Belong To Us: A Survey Of Current Android
Attacks. In Proceedings of the 5th USENIX Workshop
on Offensive Technologies, pages 10–10, 2011.
[26] Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, You,
Get Off of My Market: Detecting Malicious Apps in
Official and Alternative Android Markets. In
Proceedings of the 19th Annual Network and
Distributed System Security Symposium, 2012.
APPENDIX
A. ONLINE SURVEY
We based the questions of our online survey on previous
surveys [23], [22] and [17], adapting them to our scenario
and optimizing the survey for mobile delivery. For this pur-
pose, we removed most of the free text answers and replaced
them by multiple choice or radio button answers to make the
online survey easier to handle on an Android smartphone.
As described in Section 7.1, after clicking a link on the
landing page to begin the study, participants were redirected
to a non-university domain with a page designed to look
like Android’s 4.0 default browser warning message. The
warning message was interactive, hence users could click on
”Certificate Details” for more information. The page thus
replicated the user experience of a real SSL warning message
in Android’s default browser.
We presented two different SSL warnings, although, just
as with the real Android SSL warnings, the difference only
became visible if the user clicked on ”Certificate Details”.
One warning stated that the certificate was signed by an
untrusted CA and the other warning stated that the host-
name did not match the certificate’s common name.
We tracked whether the participants clicked ”Continue”
or ”Cancel”. In both cases, participants were directed to
the first page of the questionnaire that explained that the
message just shown was part of the study. For half of the
participants, the study was served via HTTPS, and for the
other half, it was served via plain HTTP. Hence, we had four
different groups: untrustedCA+HTTP, untrustedCA+HTTPS,
wronghostname+HTTP and wronghostname+HTTPS. The sur-
vey was also hosted on a domain that did not obviously
belong to our universities, in order to avoid the implicit