Figure - uploaded by Matthias Kranz
Content may be subject to copyright.
Percentage of all users who installed an update within 7 days after it was published. Only slightly more than half of all users installed a recent update within one week. Data was averaged based on five subse- quent updates published within 102 days. Standard deviation is related to the five individual updates we observed in our use case.
Source publication
Digital market places (e.g. Apple App Store, Google Play) have become the dominant platforms for the distribution of software for mobile phones. Thereby, developers can reach millions of users. However, neither of these market places today has mechanisms in place to enforce security critical updates of distributed apps. This paper investigates this...
Context in source publication
Context 1
... the following, we describe and visualize the quantitative results of our case study. Table 1 shows the installation percentages on the update pub- lishing day (day 0) and the six consecutive days (day 1 to day 6), averaged over all five updates that were considered in this study. The exact ratios are very similar for all updates, which is implied by the low standard deviations (see last column of the table). ...Citations
... It is widely accepted in the everyday users' community. Besides, although its main competitor, Apple Store (IOS), has larger earnings, Google Play (Android) leads in application downloads (Möller et al., 2012). In addition to the fact that Android is the operating system with the largest share of the smartphone market in the world, Android devices represented just over 84% of units sold in 2020, and Apple iOS almost the remaining 16% (IDC, 2020). ...
Mobile applications (apps) are becoming an essential tool when it comes to sightseeing. There is even a specific category for trips in the leading app stores. These are no strangers to the rise of the itinerant travel style, the caravans. The study aims to understand the situation of the main caravanning apps in Spain. We have carried out a web scraping methodology using a sample of 1,601 Spanish reviews of the main apps related to caravanning. The most interesting findings, among others, are that we are getting to know a sector that up to now was unknown and that even has not been affected by the pandemic crisis. Besides, the paper has demonstrated that developers do not follow the right strategies in caravanning apps. The paper also shows users' most crucial concerns about these apps. Therefore, managers of caravanning apps could improve their strategies by focusing their attention on users' concerns and, most important, reviews to respond.
... Para poder llevar a cabo este estudio, nos centramos en analizar las reseñas de los usuarios de las apps que componen la muestra utilizada, es decir, Blablacar y Amovens. Para su obtención, entre las tiendas de aplicaciones existentes, se utilizó Google Play como fuente de datos ya que a pesar de que Apple (IOS) tiene mejores ganancias (Möller et al., 2012), Google (Android) lidera en descargas de aplicaciones. ...
ScienCity es una actividad que viene siendo continuada desde 2018 con el objetivo de dar a conocer los conocimientos y tecnologías emergentes siendo investigados en las universidades, informar de experiencias, servicios e iniciativas puestas ya en marcha por instituciones y empresas, llegar hasta decisores políticos que podrían crear sinergias, incentivar la creación de ideas y posibilidades de desarrollo conjuntas, implicar y provocar la participación ciudadana, así como gestar una red internacional multidisciplinar de investigadores que garantice la continuación de futuras ediciones. ScienCity ha servido para que universidades, ayuntamientos, organismos públicos y empresas privadas tomen contacto por primera vez en este ámbito. Durante 2021 han asistido 40 participantes de distintos rincones de España, Portugal, Méjico, Costa Rica, Italia y Polonia con 31 ponencias, 8 pósteres, 1 taller, 8 vehículos eléctricos e híbridos, así como 8 propuestas para el concurso de ideas.
... Although successive digital innovations typically make incremental changes to existing products and should thus be readily accepted by digital product owners, evidence suggests otherwise. For example, while there are more than two million apps in the Google Play app store, only 17% of available updates are installed on the day they are published (Möller, Michahelles, Diewald, Roalter, & Kranz, 2012). About one month after iOS12 ′ s launch in 2018, 50% of iOS users still had not adopted it (Krales, 2018). ...
Users of digital products (such as mobile apps or software) are frequently offered new versions in the form of updates. While updates can deliver benefits, they may also interfere with the ongoing use of digital products. We investigate why digital product users might delay implementing adoption intentions (which we term adoption procrastination) of updates. Three experimental studies show that while users may intend to adopt new versions, they deliberately delay adopting them under certain conditions. Specifically, we identify how perceived changes in the new version can trigger annoyance, leading to adoption procrastination. We further identify anticipated inaction regret as a counteracting mechanism, which reduces adoption procrastination. Our research makes theoretical and empirical contributions to consumer innovation adoption literature. First, we introduce the novel concept of adoption procrastination, expanding previously examined adoption-related decisions. Second, we propose and empirically test cognitive and affective mechanisms determining digital product users’ adoption procrastination.
... For example, Mylonas et al. (2013) found that 76% of users believe that apps downloaded from the app repository are safe, they tend to turn off smartphone security features and prefer to use pirated apps, while Alani (2017) indicated that only 35% of users would review the permissions required for the app. In a case study of update installation behavior, Moller et al. (2012) found that many users do not install updates in time to enhance the security of their smartphones, while Ameen et al. (2020) compared smartphone security behavioural intention among employees in the United Arab Emirates and the United States, and found that employees in both countries are insufficiently aware of the risks arising from smartphone use. Technical researchers and security developers have made various efforts to detect, judge, and block malware and attacks, and have developed mobile security apps to keep smartphones safe, but users are not buying it, and many question the effectiveness of security software (Fedler et al., 2013), and believe that installing the security app is unnecessary (Mylonas et al., 2013). ...
Smartphones are being used and relied on by people more than ever before. The open connectivity brings with it great convenience and leads to a variety of risks that cannot be overlooked. Smartphone vendors, security policy designers, and security application providers have put a variety of practical efforts to secure smartphones, and researchers have conducted extensive research on threat sources, security techniques, and user security behaviors. Regrettably, smartphone users do not pay enough attention to mobile security, making many efforts futile. This study identifies this gap between technology affordance and user requirements, and attempts to investigate the asymmetric perceptions toward security features between developers and users, between users and users, as well as between different security features. These asymmetric perceptions include perceptions of quality, perceptions of importance, and perceptions of satisfaction. After scoping the range of smartphone security features, this study conducts an improved Kano-based method and exhaustively analyzes the 245 collected samples using correspondence analysis and importance satisfaction analysis. The 14 security features of the smartphone are divided into four Kano quality types and the perceived quality differences between developers and users are compared. Correspondence analysis is utilized to capture the relationship between the perceived importance of security features across different groups of respondents, and results of importance-satisfaction analysis provide the basis for the developmental path and resource reallocation strategy of security features. This article offers new insights for researchers as well as practitioners of smartphone security.
... Still, they are motivated to engage in bad passwordmanagement behaviors because they do not see any immediate negative consequences to themselves and the general acceptance of the convenience/security trade off. Similarly, Moller et al. (2012) found that many Android app users did not immediately install updates, a behavior that may result in security vulnerabilities. Accordingly, the behavior of users should be adapted in consideration of the users' cognitive view of the dilemma in order to frame this need in the cyber security context. ...
The effectiveness of cyber security measures are often questioned in the wake of hard hitting security events. Despite much work being done in the field of cyber security, most of the focus seems to be concentrated on system usage. In this paper, we survey advancements made in the development and design of the human centric cyber security domain. We explore the increasing complexity of cyber security with a wider perspective, defining user, usage and usability (3U’s) as three essential components for cyber security consideration, and classify developmental efforts through existing research works based on the human centric security design, implementation and deployment of these components. Particularly, the focus is on studies that specifically illustrate the shift in paradigm from functional and usage centred cyber security, to user centred cyber security by considering the human aspects of users. The aim of this survey is to provide both users and system designers with insights into the workings and applications of human centric cyber security.
... This work conducted a survey with Android users and reveals that users who avoid auto-updates of apps are more likely to have had past negative experiences with software updating, tend to take fewer risks, and display greater proactive security awareness. Another work that worth mentioning analyzed how soon a user would update an app in Google Play [32]. They keep track of the installations of one app that they developed and published in Google Play over time, and find half of users of an old version did not update to a new version even 7 days after it is published. ...
The diffusion of innovations theory has been studied for years. Previous research efforts mainly focus on key elements, adopter categories, and the process of innovation diffusion. However, most of them only consider single innovations. With the development of modern technology, recurrent innovations gradually come into vogue. In order to reveal the characteristics of recurrent innovations, we present the first large-scale analysis of the adoption of recurrent innovations in the context of mobile app updates. Our analysis reveals the adoption behavior and new adopter categories of recurrent innovations as well as the features that have impact on the process of adoption.
... These gaps are often detected only by security incidents (Kofler et al. 2018). As a result, customers trust gets lost despite updates because they are not willing to install them (Möller et al. 2012). Gaps in the system performance can be analyzed from different perspectives. ...
Nowadays mobility companies have to deal with the digitization of analog products and services. A central scope of interest is the design of mobile access systems, intended to replace the physical key. However, these systems do not only involve new use cases but also risks that place safety and security issues in the foreground of the system design. To ensure protection against safety and security risks, a procedure that allows multilevel system evaluation is necessary. Practical experience in risk assessment (SRA) shows field-specific approaches widely used. In order to facilitate an embedded safe and secure system design, this paper introduces a generic assessment method, which considers different system configurations and multilevel safety and security risks. Within this procedure, previously identified technical requirements are mapped in a Morphological Box (MB) to describe the configuration space (CS) of the system. In order to evaluate the system, use cases and sequences as well as misuse cases are mapped using UML. Identified threats and attack paths are transferred into fault and attack trees. The results of the fault tree analysis (FTA) and attack tree analysis (ATA) allows the definition of security requirements. Additionally, the process reveals non-standard scenarios that demand further detailed analysis. The proposed approach is applied to the example of an automotive mobile access system.
... However, users may not follow this advice for reasons that are not related to security [54], and only a minority of non-experts actually considers software updates an important security measure [33,48]. It has been repeatedly shown that users often delay or even avoid updates [22,47,64]. ...
Experts agree that keeping systems up to date is a powerful security measure. Previous work found that users sometimes explicitly refrain from performing timely updates, e.g., due to bad experiences which has a negative impact on end-user security. Another important user group has been investigated less extensively: system administrators, who are responsible for keeping complex and heterogeneous system landscapes available and secure. In this paper, we sought to understand administrators' behavior, experiences, and attitudes regarding updates in a corporate environment. Based on the results of an interview study, we developed an online survey and quantified common practices and obstacles (e.g., downtime or lack of information about updates). The findings indicate that even experienced administrators struggle with update processes as the consequences of an update are sometimes hard to assess. Therefore, we argue that more usable monitoring and update processes are essential to guarantee IT security at scale.
... On the other hand, due to the dynamic distribution mechanism and constant market changes, mobile apps are continuously updated with a rapid pace, though such an update mechanism implementation is risky for potential user dissatisfaction [19]. Despite most users being happy with the apps with frequent updates but hesitate to install them, worrying about potential hazards [1]. ...
Mobile applications (apps) on IOS and Android devices are mostly maintained and updated via Apple Appstore and Google Play, respectively, where the users are allowed to provide reviews regarding their satisfaction towards particular apps. Despite the importance of user reviews towards mobile app maintenance and evolution, it is time-consuming and ineffective to dissect each individual negative review. In addition, due to the different app update strategies, it is uncertain that each update can be accepted well by the users. This study aims to provide an approach to detect the particular days during the mobile app maintenance phase when the negative reviews require developers’ attention. Furthermore, the method shall facilitate the mapping of the identified abnormal days towards the updates that result in such negativity in reviews. The method’s purpose is to enable app developers to respond swiftly to significant flaws reflected by user reviews in order to prevent user churns.
... These gaps are often detected only by security incidents (Kofler et al. 2018). As a result, customers trust gets lost despite updates because they are not willing to install them (Möller et al. 2012). Gaps in the system performance can be analyzed from different perspectives. ...
