Design and evaluation of security multimedia warnings for children's smartphones

This article describes primarily the development and empiric validation of a design for security warning messages on smartphones for primary school children (7-10 years old). Our design approach for security warnings for children uses a specific character and is based on recommendations of a paediatrician expert. The design criteria are adapted to children's skills, e.g. their visual, acoustic, and haptic perception and their literacy. The developed security warnings are prototypically implemented in an iOS application (on the iPhone 3G/4G) where children are warned by a simulated anti-malware background service, while they are busy with another task. For the evaluation we select methods for empiric validation of the design approach from the field of usability testing ("think aloud" test, questionnaires, log-files, etc.). Our security warnings prototype is evaluated in an empiric user study with 13 primary school children, aged between 8 and 9 years and of different gender (5 girls, 8 boys). The evaluation analysis shows, that nearly all children liked the design of our security warnings. Surprisingly, on several security warning messages most of the children react in the right way after reading the warning, although the meaning couldn't be interpreted in the right way. Another interesting result is, that several children relate specific information, e.g. update, to a specific character. Furthermore, it could be seen that most of the primary school test candidates have little awareness of security threats on smartphones. It is a very strong argument to develop e.g. tutorials or websites in order to raise awareness and teach children how to recognize security threats and how to react to them. Our design approach of security warnings for children's smartphones can be a basis for warning on other systems or applications like tutorials, which are used by children. In a second investigation, we focus on webpages, designed for children since smartphones and webpages (the services behind) are more and more interconnected. From this point of view those services should continue the securityapproaches for children's smartphones. The webservices were evaluated among different criteria, e.g. data protection. The results of a first investigation are reported in this paper.