Smartphone usage and security maturity: A south african student evaluation

Smartphones have become such an indispensable part of the modern day individual’s life that it has become almost impossible to escape their use on a daily basis. The less obtrusive, yet more invasive role that these devices play in various aspects of everyday life is further amplified by the introduction of wearable devices that act as complementary extensions of functionality and sensing. Despite the various advantages that smartphones may offer, it is important to note that technology is still subordinate to the motives and morality of those who choose to make use of it (Casey, 2011:286). As such, cyber criminals may now write and distribute smartphone applications (apps) that are able to harness the full capabilities of these smart devices and access the information stored on them – possibly without a user’s knowledge or consent. With purely technical countermeasures having been found to possibly overwhelm and intimidate end users of a non-technical nature (Felt et al., 2012), these approaches are often rendered useless, leaving the end user equally exposed to smartphone threats that may be exploited by cyber criminals. In this paper, we aim to address this problem by determining the specific level of device usage competency of an individual smartphone user, thereby making it possible to provide them with level-appropriate training and awareness content that does not intimidate or overwhelm them. To assist in this endeavour, we make use of the Smartphone Application User Security Competency Evolution (SAUSCE) model to evaluate the levels of device specialisation of two separate groups of university students enrolled for software engineering degrees in Johannesburg, South Africa – those in their first year of study, and those in their fourth year of study. The main findings from the study pointed out that the vast majority of both junior and senior students possess a smartphone which is indicative of the proliferating nature of these devices, while the most popular operating system choice for senior students is Android. Moreover, the majority of senior students were found to be developer active users that write and deploy their own apps on their devices, while the majority of junior students were found to be regular active users that install regular third party apps on their devices. Furthermore, it is noted that the SAUSCE model can be used to gauge how many individuals possess a smartphone and how many don’t, in addition to pointing out what the overall technical proficiency/maturity is of those who are in possession of a smartphone on both an individual and group basis. Finally, despite the perceived technological capability of an audience, assumptions should not be made about their ability to implicitly understand all technical terms during security training/awareness campaigns and explicitly defining or explaining technical terms beforehand assists with completing the task at hand. Overall, this research aims to contribute to the enhancement of user-centred security pertaining specifically to smartphones, by delivering usable, initial results of such an endeavour.