Opinions or Algorithms: An Investigation of Trust in People Versus Automation in App Store Security

  • David SchusterEmail author
  • Mary L. Still
  • Jeremiah D. Still
  • Ji Jung Lim
  • Cary S. Feria
  • Christian P. Rohrer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


Mobile application (app) stores are a critical source of information about risk in an uncertain environment. App stores ought to assess and communicate the risk associated with an installation so that users are discouraged from installing risky or harmful apps in app stores. However, only a limited number of studies offer designers information about how to communicate risk effectively. We focused on the user’s trust associated with security information stemming from crowd-sourced evaluations compared to those generated from an automated system. Both of these sources of security information are pervasively used to indicate possible risk associated with an app. We investigated whether biases exist for a particular source of information given similar amount of security information being available. We found that participants preferred to install apps rated by automation to those rated by humans despite equivalence in stated risk. Further, we found evidence of a gender difference in trust in automation.


Mobile device security App stores Trust in automation Interpersonal trust 



The authors gratefully acknowledge the work of Dorian Berthoud, Jarad Bell, Ashley Cain, Cherrylyn Cawit, Michelle Gomez, Jeremy Koss, Kaitlyn Kuhach, Peter McEvoy, Ashley Palma, Felicia Santiago, and Khoa Tran who assisted with stimuli development, data collection, and data coding.


  1. 1.
    Statista: Number of apps available in leading app stores as of July 2014 (2014).
  2. 2.
    Cramer, H., Rost, M. Bentley, F., Shamma, D.A.: 2nd workshop on research in the large. using app stores, wide distribution channels and big data in UbiComp research. In: UbiComp, pp. 619–620. ACM, New York (2012)Google Scholar
  3. 3.
    Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM, New York (2011)Google Scholar
  4. 4.
    Zhou, Y., Wang, Z., Zhou W., Jiang, X.: Hey, you, get off of my market: detecting malicious apps in official and alternative Android markets. In: Proceedings of the 19th Network and Distributed System Security Symposium (2012)Google Scholar
  5. 5.
    Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)CrossRefGoogle Scholar
  6. 6.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Symposium on Usable Privacy and Security, pp. 3–16. ACM, New York (2012)Google Scholar
  7. 7.
    Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pp. 501–510. ACM, New York (2012)Google Scholar
  8. 8.
    Chia, P.H., Yamamoto, Y., Asokan, N.: Is this app safe? a large scale study on application permissions and risk signals. In: Proceedings of the 21st International Conference on World Wide Web, pp. 311–320 (2012)Google Scholar
  9. 9.
  10. 10.
    Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: 10th International Workshop on Multiple Classifier Systems, pp. 21–26. ACM, New York (2011)Google Scholar
  11. 11.
    Kuehnhausen, M., Frost, V.S.: Trusting smartphone apps? to install or not to install, that is the question. In: IEEE International Multi‐Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support, pp. 30‐37. IEEE (2013) doi: 10.1109/CogSIMA.2013.6523820
  12. 12.
    Sarma, B., Li, N., Gates, C., Potharaju, R., Nita-Rotaru, C., Molloy, I.: Android permissions: a perspective combining risks and benefits. In: Symposium on Access control Models and Technologies, pp. 13–22. ACM, New York (2012)Google Scholar
  13. 13.
    Eling, N., Krasnova, H., Widjaja, T., Buxmann, P.: Will you accept an app? empirical investigation of the decisional calculus behind the adoption of applications on Facebook. In: The 34th International Conference on Information Systems. Association for Information Systems (2013)Google Scholar
  14. 14.
    Lee, J.D., See, K.A.: Trust in automation: designing for appropriate reliance. In: Human Factors, vol. 46, pp. 50–80. HFES, Santa Monica (2004)Google Scholar
  15. 15.
    Patrick, A.: Privacy, trust, agents & users: a review of human-factors issues associated with building trustworthy software agents. Technical report, National Research Council Canada (2002)Google Scholar
  16. 16.
    Rotter, J.B.: A new scale for the measurement of interpersonal trust. J. Pers. 35, 651–665 (1967)CrossRefGoogle Scholar
  17. 17.
    Hancock, P.A., Billings, D.R., Schaefer, K.E., Chen, J.Y., De Visser, E.J., Parasuraman, R.: A meta-analysis of factors affecting trust in human-robot interaction. Hum. Factors: J. Hum. Factors Ergon. Soc. 53, 517–527 (2011)CrossRefGoogle Scholar
  18. 18.
    Muir, B.M., Moray, A.N.: Experimental studies of trust and human intervention in a process control simulation. Ergonomics 39, 429–460 (1996)CrossRefGoogle Scholar
  19. 19.
    Johnson, R.C., Saboe, K.N., Prewett, M.S., Coovert, M.D., Elliott, L.R.: Autonomy and automation reliability in human-robot interaction: a qualitative review. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 53, pp. 1398–1402. Human Factors and Ergonomics Society, Santa Monica, CA (2009)Google Scholar
  20. 20.
    Madhavan, P., Wiegmann, D.A.: Similarities and differences between human–human and human–automation trust: an integrative review. Theor. Issues Ergon. Sci. 8, 277–301 (2007)CrossRefGoogle Scholar
  21. 21.
    Dzindolet, M.T., Peterson, S.A., Pomranky, R.A., Pierce, L.G., Beck, H.P.: The role of trust in automation reliance. Int. J. Hum Comput Stud. 58, 697–718 (2003)CrossRefzbMATHGoogle Scholar
  22. 22.
    Hoffman, R.R., Bradshaw, J. M., Ford, K.M., Underbrink, A.: Trust in automation. In: IEEE Intelligent Systems (2013)Google Scholar
  23. 23.
    Lewandowsky, S., Mundy, M., Tan, G.: The dynamics of trust: comparing humans to automation. J. Exp. Psychol. Appl. 6, 104 (2000)CrossRefzbMATHGoogle Scholar
  24. 24.
    Singh, I.L., Molloy, R., Parasuraman, R.: Development and validation of a scale of automation-induced “Complacency”. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 36, pp. 22–25. SAGE Publications (1992)Google Scholar
  25. 25.
    Gefen, D., Straub, D.: Gender difference in the perception and use of e-mail: an extension to the technology acceptance model. MIS Q. 21, 389–400 (1997)CrossRefGoogle Scholar
  26. 26.
    Jian, J.-Y., Bisantz, A.M., Drury, C.G.: Foundations for an empirically determined scale of trust in automated systems. J. Cogn. Ergon. 4, 53–71 (2000)CrossRefGoogle Scholar
  27. 27.
    Tam, J., Reeder, R.W., Schechter, S.: I’m allowing what? disclosing the authority applications demand of users as a condition of installation. Technical Report, Microsoft Research (2010).
  28. 28.
    Parasuraman, R., Riley, V.: Humans and automation: use, misuse, disuse, abuse. Hum. Factors 39, 230–253 (1997)CrossRefGoogle Scholar
  29. 29.
    Hu, N., Pavlou, P.A., Zhang, J.: Can online reviews reveal a product’s true quality?: empirical findings and analytical modeling of online word-of-mouth communication. In: Proceedings of the 7th ACM Conference On Electronic Commerce, pp. 324–330. ACM, New York (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • David Schuster
    • 1
    Email author
  • Mary L. Still
    • 1
  • Jeremiah D. Still
    • 1
  • Ji Jung Lim
    • 2
  • Cary S. Feria
    • 1
  • Christian P. Rohrer
    • 2
  1. 1.San José State UniversitySan JoseUSA
  2. 2.Intel SecuritySanta ClaraUSA

Personalised recommendations