隨著科技日新月異的進步，智慧型手機已深深融入了人們的生活，並扮演著不可或缺的角色。然而隨著智慧型手機的普及，針對智慧型手機的惡意程式也與日俱增。舉凡釣魚簡訊、資料竊取、後門木馬以及各式病毒等，均可能造成使用者個資或私人資料外洩並形成智慧型手機安全上之隱憂。若使用者不重視或沒有注意智慧型手機的安全，將造成非常嚴重的後果。智慧型手機的安全不僅僅影響到使用者個人的隱私，更擴及商業秘密甚至整體國家安全。
有別於大部分針對技術防護層面之智慧型手機安全研究，本研究主要在探討智慧型手機使用者心理層面之安全意識與其實際行為間之連貫性，即哪些因素會因使用者的安全意識的程度而確實採取相對應之防護措施。本研究探討並結合既有心理學行為模型：知識、態度及行為模型(KAB model)與Fogg行為模型(Fogg’s Behavior Model)，以及其他可能影響行為之因素，提出八項假說進行驗證，進而提出嶄新的行為理論模型以理解使用者安全意識與實際行為間的關聯性。
本研究對象為全台灣民眾，透過網路問卷回收樣本320份，其中有效樣本305份，相關數據分析採用IBM SPSS Windows 22.0以及SmartPLS 2.0等統計分析軟體。研究結果顯示智慧型手機使用者的行為，係受到使用者手機安全知識程度、使用者對於手機安全之心態、使用者對於隱私之關切程度、使用者加強手機安全之動機以及群眾效應等多項因素之影響，而非單一因素所造成。
本研究之貢獻可以作為民間企業、政府單位及相關資訊安全部門制定智慧型手機政策或資安相關法規時之參考，以提升政策與法規實行之成效，另本研究所提出之行為理論模型亦可作為未來研究資訊科技安全與使用者心態及行為領域之雛型。

As technology rapidly breaks new limitations, smartphone has become an indispensable device in our daily lives. However, as the popularity of smartphones increased, so did the number of smartphone malwares. SMS phishing, data leakage, Trojan, backdoor, and virus are only some of the malicious events that might occur on smartphones. Lack of security awareness or neglecting the risk might result in devastating consequence. The security of smartphones not only affects the user’s privacy, but also trade secrets of enterprises, or even national security matters.
Different from most smartphone security researches that focus on the defense mechanisms and techniques to safeguard smartphones, this study takes a different approach from the psychological perspective of smartphone users. This study explores how users’ awareness influences the users’ behavior and what other factors might be critical to fill the gap between awareness (Knowing) and behavior (Doing). We integrated the existing psychological knowledge-attitude-behavior model (KAB) with the Fogg’s behavior model, and additional constructs that might affect the users’ behavior. As a result, we developed a new behavior model for explaining the gap between smartphone users’ security knowledge and their actual behavior.
Questionnaires were distributed and received through an online platform targeting Taiwanese, with 320 samples received and 305 valid. Data analysis was conducted via implementing IBM SPSS Windows 22.0 and SmartPLS 2.0. Our study indicates that smartphone users’ behavior are influenced by a combination of multiple factors, such as the users’ smartphone security knowledge, users’ attitude towards smartphone security, users’ privacy concerns, users’ motivation in improving smartphone security, and the herding effect.
The contribution of this research lies in the development of an innovative behavior model, which could be used as a reference or guideline to enterprises, government agencies, or information security departments when drawing security policies regarding smartphones. This research model could also serve as a stepping stone for future academic research in the field of smartphone security or psychology.

Allport, G. W. (1954). Handbook of Social Psychology.
Alsaleh, M., Alomar, N., & Alarifi, A. (2017). Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods. PLoS One, 12(3), e0173284. doi:10.1371/journal.pone.0173284
Android. (2017, 2017/4/19). Android Open Source Project. Android Security Overview. Retrieved from https://source.android.com/security/
Awad, N. F., & Krishnan, M. S. (2006). The Personalization Privacy Paradox: An Empirical Evaluation of Information Transparency and the Willingness to be Profiled Online for Personalization. MIS Quarterly, 30(1), 13-28. doi:10.2307/25148715
Azar, K. M., Lesser, L. I., Laing, B. Y., Stephens, J., Aurora, M. S., Burke, L. E., & Palaniappan, L. P. (2013). Mobile applications for weight management: theory-based content analysis. Am J Prev Med, 45(5), 583-589. doi:10.1016/j.amepre.2013.07.005
Balebako, R., Jung, J., Lu, W., Cranor, L. F., & Nguyen, C. (2013). "Little brothers watching you". Proceedings of the Ninth Symposium on Usable Privacy and Security, 1. doi:10.1145/2501604.2501616
Bandura, A. (1986). Social Foundations of Thought and Action: A social cognitive theory. Englewood Cliffs, NJ, US: Prentice-Hall.
Baranowski, T., Cullen, K. W., Nicklas, T., Thompson, D., & Baranowski, J. (2003). Are current health behavioral change models helpful in guiding prevention of weight gain efforts? Obes Res, 11 Suppl, 23S-43S. doi:10.1038/oby.2003.222
Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., & Wolf, C. (2011). Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. Paper presented at the Security and Privacy (SP), 2011 IEEE Symposium, Berkeley, CA.
Ben-Asher, N., Kirschnick, N., Sieger, H., Meyer, J., Ben-Oved, A., & Möller, S. (2011, August 30 - September 02, 2011). On the need for different security methods on mobile phones. Paper presented at the 13th International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI), Stockholm, Sweden.
Bonnington, B. (2012). Apple Says Grabbing Address Book Data Is an iOS Policy Violation.
Boyles, J. L., Smith, A., & Madden, M. (2012). Privacy and Data Management on Mobile Devices. Retrieved from Pew Research Center: http://www.pewinternet.org/2012/09/05/privacy-and-data-management-on-mobile-devices/
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.
Chin, E., Felt, A. P., Sekar, V., & Wagner, D. (2012). Measuring user confidence in smartphone security and privacy. Proceedings of the Eighth Symposium on Usable Privacy and Security, 1. doi:10.1145/2335356.2335358
Compeau, D. R., & Higgins, C. A. (1995). Computer Self-Efficacy: Development of a Measure and Initial Test. MIS Quarterly, 19(2), 189. doi:10.2307/249688
Cronbach, L. J. (1951). Coefficient alpha and the internal structure of tests. Psychometrika, 16(3), 297-334. doi:10.1007/bf02310555
Dinev, T., & Hart, P. (2006). An Extended Privacy Calculus Model for E-Commerce Transactions. Information Systems Research, 17(1), 61-80. doi:10.1287/isre.1060.0080
DuPaul, N. (2012). Android Security: Guide to Android OS. Retrieved from https://www.veracode.com/security/android-security
Felt, A. P., Egelman, S., & Wagner, D. (2012). I've got 99 problems, but vibration ain't one. Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices, 33. doi:10.1145/2381934.2381943
Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011). A survey of mobile malware in the wild. Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, 3. doi:10.1145/2046614.2046618
Felt, A. P., Greenwood, K., & Wagner, D. (2011). The effectiveness of application permissions. Paper presented at the Proceedings of the 2nd USENIX conference on Web application development.
Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android permissions. Proceedings of the Eighth Symposium on Usable Privacy and Security, 1. doi:10.1145/2335356.2335360
Fisher, J. D., Fisher, W. A., Williams, S. S., & Malloy, T. E. (1994). Empirical tests of an information-motivation-behavioral skills model of AIDS-preventive behavior with gay men and heterosexual university students. Health Psychology, 13(3), 238-250. doi:10.1037/0278-6133.13.3.238
Flynn, L., & Klieber, W. (2015). Smartphone Security. IEEE Pervasive Computing, 14(4), 16-21. doi:10.1109/mprv.2015.67
Fogg, B. J. (2009). A behavior model for persuasive design. 1. doi:10.1145/1541948.1541999
Fornell, C., & Larcker, D. F. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, 18(1), 39. doi:10.2307/3151312
Grzonkowski, S., Mosquera, A., Aouad, L., & Morss, D. (2014). Smartphone Security: An overview of emerging threats. IEEE Consumer Electronics Magazine, 3(4), 40-44. doi:10.1109/mce.2014.2340211
Guay, F., Vallerand, R. J., & Blanchard, C. (2000). On the Assessment of Situational Intrinsic and Extrinsic Motivation: The Situational Motivation Scale (SIMS). Motivation and Emotion, 24(3), 175-213. doi:10.1023/a:1005614228250
Hair, J. F., & Hult, G. T. M. (2016). A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM): SAGE Publications.
IBM. (2016). Mobile Security White Paper. Retrieved from https://www-03.ibm.com/security/mobile/byod-security-whitepaper.html
Jones, B. H. (2012). Do Business Students Practice Smartphone Security? Journal of Computer Information Systems, 53(2), 22-30. doi:10.1080/08874417.2012.11645611
Jones, B. H., & Chin, A. G. (2015). On the efficacy of smartphone security: A critical analysis of modifications in business students’ practices over time. International Journal of Information Management, 35(5), 561-571. doi:10.1016/j.ijinfomgt.2015.06.003
Kan, S. (2016, 2016/9/14). Is Taiwan investing enough in its security? Taipei Times, p. 1. Retrieved from http://www.taipeitimes.com/News/feat/archives/2016/09/14/2003655105/3
Khan, B. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, 5(26). doi:10.5897/ajbm11.067
Kruger, H., Furnell, S. M., Drevin, L., & Steyn, T. (2010). A vocabulary test to assess information security awareness. Information Management & Computer Security, 18(5), 316-327. doi:10.1108/09685221011095236
Kruger, H. A., & Kearney, W. D. (2006). A prototype for assessing information security awareness. Computers & Security, 25(4), 289-296. doi:10.1016/j.cose.2006.02.008
Leavitt, N. (2005). Mobile phones: the next frontier for hackers? Computer, 38(4), 20-23. doi:10.1109/mc.2005.134
Lin, W., Yang, H. C., Hang, C. M., & Pan, W. H. (2007). Nutrition knowledge, attitude, and behavior of Taiwanese elementary school children. Aisa Pacific Journal of Clinical Nutrition, 16, 534-546.
MarketStrategies. (2012). Most Smartphone Users Browse, Shop Online With Their Phones.
McAfee. (2016). Mobile Threat Report: What’s on the Horizon for 2016. Retrieved from https://www.mcafee.com/us/resources/reports/rp-mobile-threat-report-2016.pdf
Mohr, D. C., Schueller, S. M., Montague, E., Burns, M. N., & Rashidi, P. (2014). The behavioral intervention technology model: an integrated conceptual and technological framework for eHealth and mHealth interventions. J Med Internet Res, 16(6), e146. doi:10.2196/jmir.3077
Muntean, C. I. (2011). Raising engagement in e-learning through gamification. Paper presented at the International Conference on Virtual Learning ICVL.
Myer, J. P., Becker, T. E., & Vandenberghe, C. (2004). Employee commitment and motivation: a conceptual analysis and integrative model. J Appl Psychol, 89(6), 991-1007. doi:10.1037/0021-9010.89.6.991
Mylonas, A., Kastania, A., & Gritzalis, D. (2013). Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security, 34, 47-66. doi:10.1016/j.cose.2012.11.004
Network, P. N. (2017, 3/15). US ANALYST ADVISES STRONG CYBER SECURITY FOR PUBLIC, PRIVATE SECTORS. PTS NEWS Network. Retrieved from http://news.pts.org.tw/article/352320
Nunnally, J. C. (1967). Psychometric theory. New York: McGraw-Hill.
Parker, F., Ophoff, J., Van Belle, J.-P., & Karia, R. (2015). Security awareness and adoption of security controls by smartphone users. 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), 99-104. doi:10.1109/InfoSec.2015.7435513
Peak, H. (1955). Attitude and motivation. Paper presented at the Nebraska symposium on motivation, Nebraska.
Pentasafe. (2002). Security Awareness Index Report: the state of security awareness among organisations worldwide. Retrieved from
Sarstedt, M., Ringle, C. M., & Hair, J. F. (2011). PLS-SEM: Indeed a Silver Bullet. The Journal of Marketing Theory and Practice, 19(2), 139-152. doi:10.2753/mtp1069-6679190202
Schlienger, T., & Teufel, S. (2003). Information security culture: From analysis to change. South African Computer Journal, 2003(31), 46-52.
Statista. (2016). Number of smartphone users worldwide from 2014 to 2020. Retrieved from https://www.statista.com/statistics/330695/number-of-smartphone-users-worldwide/
Sun, H. (2013). A Longitudinal study of herd behavior in the adoption and continued use of technology. MIS Quarterly, 37(4), 1013-1042.
Thomson, M. E., & Von Solms, R. (1998). Information security awareness: educating your users effectively. Information Management & Computer Security, 6(4), 167-173. doi:10.1108/09685229810227649
Tolvanen, M., Lahti, S., Miettunen, J., & Hausen, H. (2012). Relationship between oral health-related knowledge, attitudes and behavior among 15-16-year-old adolescents: a structural equation modeling approach. Acta Odontol Scand, 70(2), 169-176. doi:10.3109/00016357.2011.600722
Zang, J., Dummit, K., Graves, J., Lisker, P., & Sweeney, L. (2015). Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps. Technology Science, 30.