Zhou Leming, Parmanto Bambang, Alfikri Zakiy, Bao Jie
Department of Health Information Management, University of Pittsburgh, Pittsburgh, PA, United States.
JMIR Mhealth Uhealth. 2018 Dec 11;6(12):e11210. doi: 10.2196/11210.
On many websites and mobile apps for personal health data collection and management, there are security features and privacy policies available for users. Users sometimes are given an opportunity to make selections in a security setting page; however, it is challenging to make informed selections in these settings for users who do not have much education in information security as they may not precisely know the meaning of certain terms mentioned in the privacy policy or understand the consequences of their selections in the security and privacy settings.
The aim of this study was to demonstrate several commonly used security features such as encryption, user authentication, and access control in a mobile app and to determine whether this brief security education is effective in encouraging users to choose stronger security measures to protect their personal health data.
A mobile app named SecSim (Security Simulator) was created to demonstrate the consequences of choosing different options in security settings. A group of study participants was recruited to conduct the study. These participants were asked to make selections in the security settings before and after they viewed the consequences of security features. At the end of the study, a brief interview was conducted to determine the reason for their selections in the security settings. Their selections before and after the security education were compared in order to determine the effectiveness of the security education. The usability of the app was also evaluated.
In total, 66 participants finished the study and provided their answers in the app and during a brief interview. The comparison between the pre- and postsecurity education selection in security settings indicated that 21% (14/66) to 32% (21/66) participants chose a stronger security measure in text encryption, access control, and image encryption; 0% (0/66) to 2% (1/66) participants chose a weaker measure in these 3 security features; and the remainder kept their original selections. Several demographic characteristics such as marital status, years of experience using mobile devices, income, employment, and health status showed an impact on the setting changes. The usability of the app was good.
The study results indicate that a significant percentage of users (21%-32%) need guidance to make informed selection in security settings. If websites and mobile apps can provide embedded security education for users to understand the consequences of their security feature selection and the meaning of commonly used security features, it may help users to make the best choices in terms of security settings. Our mobile app, SecSim, offers a unique approach for mobile app users to understand commonly used security features. This app may be incorporated into other apps or be used before users make selections in their security settings.
在许多用于个人健康数据收集和管理的网站及移动应用程序中,都为用户提供了安全功能和隐私政策。用户有时会有机会在安全设置页面进行选择;然而,对于那些在信息安全方面没有太多知识的用户来说,在这些设置中做出明智的选择具有挑战性,因为他们可能并不确切知道隐私政策中某些术语的含义,也不理解他们在安全和隐私设置中所做选择的后果。
本研究的目的是在一款移动应用程序中展示几种常用的安全功能,如加密、用户认证和访问控制,并确定这种简短的安全教育是否能有效鼓励用户选择更强有力的安全措施来保护他们的个人健康数据。
创建了一款名为SecSim(安全模拟器)的移动应用程序,以展示在安全设置中选择不同选项的后果。招募了一组研究参与者来进行这项研究。要求这些参与者在查看安全功能的后果之前和之后在安全设置中进行选择。在研究结束时,进行了一次简短的访谈,以确定他们在安全设置中做出选择的原因。比较他们在安全教育前后的选择,以确定安全教育的有效性。还对该应用程序的可用性进行了评估。
共有66名参与者完成了研究,并在应用程序中和简短访谈中提供了他们的答案。安全设置中安全教育前后选择的比较表明,21%(14/66)至32%(21/66)的参与者在文本加密、访问控制和图像加密方面选择了更强有力的安全措施;0%(0/66)至2%(1/66)的参与者在这3项安全功能中选择了较弱的措施;其余的人保持了他们原来的选择。婚姻状况、使用移动设备的年限、收入、就业和健康状况等几个人口统计学特征对设置变化有影响。该应用程序的可用性良好。
研究结果表明,相当一部分用户(21%-32%)在安全设置中做出明智选择需要指导。如果网站和移动应用程序能够为用户提供嵌入式安全教育,以理解他们选择安全功能的后果以及常用安全功能的含义,这可能有助于用户在安全设置方面做出最佳选择。我们的移动应用程序SecSim为移动应用程序用户提供了一种独特的方式来理解常用的安全功能。这个应用程序可以被整合到其他应用程序中,或者在用户在其安全设置中进行选择之前使用。
