Users’ Acceptance Study of OAuth Manager Module for Social Login in Mobile Environment
Keywords:
Mobile Applications, Single Sign-On, Authentication Protocols, Usable Security,Abstract
Social login is a way that allows social network users to use their credential to log in to other applications. Currently, many developers make use of Open Authorization (OAuth) protocol to implement social login (SL). The design of OAuth protocol works well on workstations and desktops as they uniformly use web browsers to access web applications. However, it is exposed to security issues when it is moved to the mobile environment. Although native mobile applications are installed on the mobile devices, this protocol will call system browsers to complete the task; hence, exposing users to token redirection attacks. In overcoming the issue, this study attempts to evaluate a method called OAuth Manager Module (OMM) that aims to improve the security of this protocol in a mobile environment. It provides client isolation to prevent malicious actions during the social login process. A controlled experiment was conducted to evaluate user acceptance towards OMM. A within-subject design was conducted on thirty participants who participated in this study on a voluntary basis. The results show that users perceived OMM useful and easy-to-use compared to social login with system browser. However, in overall, users are still worried about the security of using social logins on mobile devices. This study can further serve as a foundation for various research on the security aspect of social login.Downloads
Published
How to Cite
Issue
Section
License
TRANSFER OF COPYRIGHT AGREEMENT
The manuscript is herewith submitted for publication in the Journal of Telecommunication, Electronic and Computer Engineering (JTEC). It has not been published before, and it is not under consideration for publication in any other journals. It contains no material that is scandalous, obscene, libelous or otherwise contrary to law. When the manuscript is accepted for publication, I, as the author, hereby agree to transfer to JTEC, all rights including those pertaining to electronic forms and transmissions, under existing copyright laws, except for the following, which the author(s) specifically retain(s):
- All proprietary right other than copyright, such as patent rights
- The right to make further copies of all or part of the published article for my use in classroom teaching
- The right to reuse all or part of this manuscript in a compilation of my own works or in a textbook of which I am the author; and
- The right to make copies of the published work for internal distribution within the institution that employs me
I agree that copies made under these circumstances will continue to carry the copyright notice that appears in the original published work. I agree to inform my co-authors, if any, of the above terms. I certify that I have obtained written permission for the use of text, tables, and/or illustrations from any copyrighted source(s), and I agree to supply such written permission(s) to JTEC upon request.