{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:26:34Z","timestamp":1756383994281,"version":"3.40.3"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030954833"},{"type":"electronic","value":"9783030954840"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,2,8]],"date-time":"2022-02-08T00:00:00Z","timestamp":1644278400000},"content-version":"vor","delay-in-days":38,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Automatic updates are becoming increasingly common, which minimizes the amount of update decisions that users have to make. Rapidly deployed important updates have a major impact on security. However, automatic updates also reduce the users\u2019 opportunities to build useful mental models which makes decision-making harder on other consumer devices without automatic updates. Users generally transfer their understanding from domains that they know well (i.e. smartphones) to others. We investigate how well this transfer process works with respect to updates and if users with automatic updates fare worse than those with manual updates.<\/jats:p><jats:p>We conducted a formative field study (<jats:inline-formula><jats:alternatives><jats:tex-math>$$N = 52$$<\/jats:tex-math><mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n                    <mml:mrow>\n                      <mml:mi>N<\/mml:mi>\n                      <mml:mo>=<\/mml:mo>\n                      <mml:mn>52<\/mml:mn>\n                    <\/mml:mrow>\n                  <\/mml:math><\/jats:alternatives><\/jats:inline-formula>) to observe users\u2019 update settings on smartphones and examine reasons for their (de-)activation. Based on the results, we conducted an online survey (<jats:inline-formula><jats:alternatives><jats:tex-math>$$N = 91$$<\/jats:tex-math><mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n                    <mml:mrow>\n                      <mml:mi>N<\/mml:mi>\n                      <mml:mo>=<\/mml:mo>\n                      <mml:mn>91<\/mml:mn>\n                    <\/mml:mrow>\n                  <\/mml:math><\/jats:alternatives><\/jats:inline-formula>) to compare how users perceive update notifications for smartphones and smart consumer devices. One of our main findings is that update decisions based on <jats:italic>expected changes<\/jats:italic> do not apply well to these devices since participants do not expect meaningful and visual changes. We suggest naming updates for such devices \u2018maintenance\u2019 to move users\u2019 expectations from \u2018new features\u2019 to \u2018ensuring future functionality\u2019.<\/jats:p>","DOI":"10.1007\/978-3-030-95484-0_21","type":"book-chapter","created":{"date-parts":[[2022,2,7]],"date-time":"2022-02-07T10:05:46Z","timestamp":1644228346000},"page":"357-383","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Transferring Update Behavior from Smartphones to Smart Consumer Devices"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2894-3751","authenticated-orcid":false,"given":"Matthias","family":"Fassl","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michaela","family":"Neumayr","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Oliver","family":"Schedler","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2425-3013","authenticated-orcid":false,"given":"Katharina","family":"Krombholz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,2,8]]},"reference":[{"key":"21_CR1","unstructured":"Bellissimo, A., Burgess, J., Fu, K.: Secure software updates: disappointments and new challenges. In: 1st USENIX Workshop on Hot Topics in Security, pp. 37\u201343 (2006)"},{"issue":"2","key":"21_CR2","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1191\/1478088706qp063oa","volume":"3","author":"V Braun","year":"2006","unstructured":"Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77\u2013101 (2006)","journal-title":"Qual. Res. Psychol."},{"key":"21_CR3","unstructured":"Duebendorfer, T., Frei, S.: Why silent updates boost security. TIK 302, ETH Z\u00fcrich (2009)"},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Edwards, W.K., Poole, E.S., Stoll, J.: Security automation considered harmful? In: Proceedings of the 2007 Workshop on New Security Paradigms - NSPW 2007, p. 33 (2008)","DOI":"10.1145\/1600176.1600182"},{"key":"21_CR5","doi-asserted-by":"publisher","first-page":"504","DOI":"10.1016\/j.chb.2015.04.075","volume":"51","author":"M Fagan","year":"2015","unstructured":"Fagan, M., Khan, M.M.H., Buck, R.: A study of users\u2019 experiences and beliefs about software update messages. Comput. Hum. Behav. 51, 504\u2013519 (2015). https:\/\/doi.org\/10.1016\/j.chb.2015.04.075","journal-title":"Comput. Hum. Behav."},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), May 2016","DOI":"10.1109\/SP.2016.44"},{"key":"21_CR7","unstructured":"Forget, A., et al.: Do or do not, there is no try: user engagement may not improve security outcomes. In: Proceedings of the Twelfth Symposium on Usable Privacy and Security (2016)"},{"issue":"6","key":"21_CR8","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1080\/10447318.2018.1456150","volume":"35","author":"T Franke","year":"2019","unstructured":"Franke, T., Attig, C., Wessel, D.: A personal resource for technology interaction: development and validation of the affinity for technology interaction (ATI) scale. Int. J. Hum.-Comput. Interact. 35(6), 456\u2013467 (2019). https:\/\/doi.org\/10.1080\/10447318.2018.1456150","journal-title":"Int. J. Hum.-Comput. Interact."},{"key":"21_CR9","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1016\/j.cose.2017.11.015","volume":"73","author":"M Gratian","year":"2018","unstructured":"Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345\u2013358 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.015","journal-title":"Comput. Secur."},{"key":"21_CR10","doi-asserted-by":"publisher","DOI":"10.1177\/0013164496056001014","author":"SM Hong","year":"1996","unstructured":"Hong, S.M., Faedda, S.: Refinement of the Hong psychological reactance scale. Educ. Psychol. Measur. (1996). https:\/\/doi.org\/10.1177\/0013164496056001014","journal-title":"Educ. Psychol. Measur."},{"key":"21_CR11","unstructured":"Ion, I., Reeder, R., Consolvo, S.: \u201c... No one can hack my mind\u201d: comparing expert and non-expert security practices. In: Proceedings of the Eleventh Symposium on Usable Privacy and Security (2015)"},{"key":"21_CR12","unstructured":"Li, F., Rogers, L., Mathur, A., Malkin, N., Chetty, M.: Keepers of the machines: examining how system administrators manage software updates. In: Proceedings of the Fifteenth Symposium on Usable Privacy and Security (2019)"},{"key":"21_CR13","unstructured":"Mathur, A., Chetty, M.: Impact of user characteristics on attitudes towards automatic mobile application updates. In: Proceedings of the Thirteenth Symposium on Usable Privacy and Security (2017)"},{"key":"21_CR14","unstructured":"Mathur, A., Engel, J., Sobti, S., Chang, V., Chetty, M.: \u201cThey keep coming back like Zombies\u201d: improving software updating interfaces. In: Proceedings of the Twelfth Symposium on Usable Privacy and Security (2016)"},{"key":"21_CR15","doi-asserted-by":"publisher","unstructured":"Mathur, A., Malkin, N., Harbach, M., Peer, E., Egelman, S.: Quantifying users\u2019 beliefs about software updates. arXiv (2018). https:\/\/doi.org\/10.14722\/usec.2018.23036","DOI":"10.14722\/usec.2018.23036"},{"key":"21_CR16","unstructured":"van der Meulen, R.: Gartner Says 6.4 Billion Connected \u201cThings\u201d Will Be in Use in 2016, Up 30 Percent From 2015. https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2015-11-10-gartner-says-6-billion-connected-things-will-be-in-use-in-2016-up-30-percent-from-2015"},{"key":"21_CR17","unstructured":"Ponticello, A., Fassl, M., Krombholz, K.: Exploring authentication for security-sensitive tasks on smart home voice assistants. In: Proceedings of the Seventeenth Symposium on Usable Privacy and Security (2021)"},{"key":"21_CR18","doi-asserted-by":"publisher","unstructured":"Rammstedt, B., John, O.P.: Kurzversion des big five inventory (BFI-K): Diagnostica 51(4), 195\u2013206 (2005). https:\/\/doi.org\/10.1026\/0012-1924.51.4.195","DOI":"10.1026\/0012-1924.51.4.195"},{"key":"21_CR19","doi-asserted-by":"crossref","unstructured":"Redmiles, E.M., Kross, S., Mazurek, M.L.: How well do my results generalize? Comparing security and privacy survey results from MTurk, web, and telephone samples. In: 2019 IEEE Symposium on Security and Privacy (SP) (2019)","DOI":"10.1109\/SP.2019.00014"},{"issue":"5","key":"21_CR20","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1109\/msp.2017.3681050","volume":"15","author":"RW Reeder","year":"2017","unstructured":"Reeder, R.W., Ion, I., Consolvo, S.: 152 simple steps to stay safe online: security advice for non-tech-savvy users. IEEE Secur. Priv. 15(5), 55\u201364 (2017). https:\/\/doi.org\/10.1109\/msp.2017.3681050","journal-title":"IEEE Secur. Priv."},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"Simpson, A.K., Roesner, F., Kohno, T.: Securing vulnerable home IoT devices with an in-hub security manager. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (2017)","DOI":"10.1109\/PERCOMW.2017.7917622"},{"key":"21_CR22","doi-asserted-by":"publisher","unstructured":"Son, J.Y., Doumas, L.A.A., Goldstone, R.L.: When do words promote analogical transfer? J. Probl. Solving 3(1) (2010). https:\/\/doi.org\/10.7771\/1932-6246.1079","DOI":"10.7771\/1932-6246.1079"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Tian, Y., Liu, B., Dai, W., Ur, B., Tague, P., Cranor, L.F.: Supporting privacy-conscious app update decisions with user reviews. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (2015)","DOI":"10.1145\/2808117.2808124"},{"key":"21_CR24","unstructured":"Tiefenau, C., H\u00e4ring, M., Krombholz, K.: Security, availability, and multiple information sources: exploring update behavior of system administrators. In: Proceedings of the Sixteenth Symposium on Usable Privacy and Security (2020)"},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Vaniea, K., Rashidi, Y.: Tales of Software Updates: the process of updating software. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (2016)","DOI":"10.1145\/2858036.2858303"},{"key":"21_CR26","doi-asserted-by":"crossref","unstructured":"Vaniea, K.E., Rader, E., Wash, R.: Betrayed by updates: how negative experiences affect future security. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2014)","DOI":"10.1145\/2556288.2557275"},{"key":"21_CR27","unstructured":"Wash, R., Rader, E., Vaniea, K., Rizor, M.: Out of the loop: how automated software updates cause unintended security consequences. In: Symposium on Usable Privacy and Security, pp. 89\u2013104 (2014)"},{"key":"21_CR28","unstructured":"Zeng, E., R\u00f6sner, F.: Understanding and improving security and privacy in multi-user smart homes: a design exploration and in-home user study. In: Proceedings of the 28th USENIX Security Symposium (2019)"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2021 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-95484-0_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,7]],"date-time":"2022-02-07T10:10:32Z","timestamp":1644228632000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-95484-0_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030954833","9783030954840"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-95484-0_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"8 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Darmstadt","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2021.athene-center.de\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"351","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.07","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6.06","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}