Users’ Acceptance Study of OAuth Manager Module for Social Login in Mobile Environment

Authors

  • Lee Kah Ho School of Computing, Universiti Utara Malaysia 06010 UUM Sintok, Kedah, Malaysia
  • Norliza Katuk School of Computing, Universiti Utara Malaysia 06010 UUM Sintok, Kedah, Malaysia

Keywords:

Mobile Applications, Single Sign-On, Authentication Protocols, Usable Security,

Abstract

Social login is a way that allows social network users to use their credential to log in to other applications. Currently, many developers make use of Open Authorization (OAuth) protocol to implement social login (SL). The design of OAuth protocol works well on workstations and desktops as they uniformly use web browsers to access web applications. However, it is exposed to security issues when it is moved to the mobile environment. Although native mobile applications are installed on the mobile devices, this protocol will call system browsers to complete the task; hence, exposing users to token redirection attacks. In overcoming the issue, this study attempts to evaluate a method called OAuth Manager Module (OMM) that aims to improve the security of this protocol in a mobile environment. It provides client isolation to prevent malicious actions during the social login process. A controlled experiment was conducted to evaluate user acceptance towards OMM. A within-subject design was conducted on thirty participants who participated in this study on a voluntary basis. The results show that users perceived OMM useful and easy-to-use compared to social login with system browser. However, in overall, users are still worried about the security of using social logins on mobile devices. This study can further serve as a foundation for various research on the security aspect of social login.

References

N. J. Yuan, Y. Zhong, F. Zhang, X. Xie, C.-Y. Lin, and Y. Rui, "Who will reply to/retweet this tweet?: The dynamics of intimacy from online social interactions," in Proc. of the 9th ACM Int. Conf. on Web Search and Data Mining, 2016, pp. 3-12.

D. L. King, "How to Connect with and Communicate with Customers," Library Technology Reports, vol. 51, pp. 16-21, 2015.

R. Gafni and D. Nissim, "To social login or not login? Exploring factors affecting the decision," Issues in Informing Science and Information Technology, vol. 11, pp. 57-72, 2014.

L. K. Ho and N. Katuk, "Social login with OAuth for mobile applications: User's view," in Proc. of the 2016 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), 2016, pp. 89-94.

G. Kontaxis, M. Polychronakis, and E. P. Markatos, "Minimizing information disclosure to third parties in social login platforms," Int. Journal of Information Security, pp. 1-12, 2012.

L. K. Moey, N. Katuk, and M. H. Omar, "Social login privacy alert: Does it improve privacy awareness of Facebook users?," in Proc. of the 2016 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), 2016, pp. 95-100.

S.-T. Sun, Y. Boshmaf, K. Hawkey, and K. Beznosov, "A billion keys, but few locks: the crisis of web single sign-on," in Proc. of the 2010 Workshop on New Security Paradigms, 2010, pp. 61-72.

F. Yang and S. Manoharan, "A security analysis of the OAuth protocol," in Proc. of the 2013 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), 2013, pp. 271-276.

M. Shehab and F. Mohsen, "Towards Enhancing the Security of OAuth Implementations in Smart Phones," in Proc. of the 2014 IEEE International Conference on Mobile Services (MS), 2014, pp. 39-46.

A. Hussain, N. L. Hashim, N. Nordin, and H. M. Tahir, "A metricbased evaluation model for applications on mobile phones," Journal of ICT, vol. 12, pp. 55-71, 2013.

H. Ibrahim and T. A. Al-Rawashdeh, "Acceptance of web-based training system among public sector employees," Journal of Information & Communication Technology, vol. 13, pp. 87-107, 2014.

A. Pashalidis and C. J. Mitchell, "A taxonomy of single sign-on systems," in Proc. of the Australasian Conf. on Information Security and Privacy, 2003, pp. 249-264.

M. N. Ko, G. P. Cheek, M. Shehab, and R. Sandhu, "Social-networks connect services," Computer, vol. 43, pp. 37-43, 2010.

A. Vapen, N. Carlsson, A. Mahanti, and N. Shahmehri, "A look at the third-party identity management landscape," IEEE Internet Computing, vol. 20, pp. 18-25, 2016.

E. Y. Chen, Y. Pei, S. Chen, Y. Tian, R. Kotcher, and P. Tague, "Oauth demystified for mobile application developers," in Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security, 2014, pp. 892-903.

D. Hardt, "The OAuth 2.0 authorization framework," 2012.

B. Leiba, "Oauth web authorization protocol," IEEE Internet Computing, vol. 16, pp. 74-77, 2012.

F. D. Davis, "Perceived usefulness, perceived ease of use, and user acceptance of information technology," MIS Quarterly, pp. 319-340, 1989.

Downloads

Published

2018-07-03

How to Cite

Ho, L. K., & Katuk, N. (2018). Users’ Acceptance Study of OAuth Manager Module for Social Login in Mobile Environment. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(2-4), 41–45. Retrieved from https://jtec.utem.edu.my/jtec/article/view/4314