Faithful Abah has won the CIISec (Chartered Institute of Information Security) University of Kent Student of the Year Prize for 2023 as he achieved the highest overall academic final grade for the MSc Cyber Security degree course with Distinction and also achieved a high mark for his final project “Gathering Security and Privacy Expectations of Users from Mobile Apps” under the supervision of Dr Özgür Kafali.
Interview with Faithful Abah for the CIISec Prize
Could you tell us about your experiences studying at Kent?
My experience at the University of Kent has been remarkable. I had the opportunity to make new friends, participate in societies, and engage in academic work. The campus facilities, such as the Templeman Library and The Senate, provided me with an enabling environment where I could learn and grow without limits. In a short period, I learned many new things, and in the classroom, I was encouraged to ask questions, seek guidance and support, and go beyond the course material. I owe much of my academic success to the highly competent lecturers who facilitated my development and understanding of various topics, tools, and technologies employed by security professionals to safeguard and protect the cyberspace ecosystem.
Being a member of the Tennis Society was also a major highlight of my experience at the University. I looked forward to playing on Thursdays and Fridays with much excitement and made measurable improvements after each week, on average. I felt welcome and accepted, and I was encouraged to keep getting better. I went from being a complete beginner to an intermediate player, being able to play competitively!
I cherish my experiences studying at Kent and hope others can have a similar experience.
Could you tell us about your winning/final project?
My post-graduate dissertation involved analysing mobile app reviews to derive user requirements and expectations of mobile app features. Security-and-privacy-related feedback is usually less visible in mobile app reviews. However, extracting such feedback is of particular importance to developers as trust is heavily impacted by the security and privacy posture of mobile apps.
Our research employed the Weka machine learning software to analyse reviews from the Google Play Store. From our analysis of user reviews, we derived requirements and expectations of mobile app features and summarised our findings using word clouds and charts. Furthermore, we enhanced the efficiency of standard approaches to mobile app review classification by extending an iterative keyword-based method to label and classify reviews into the following categories: Bug Report, Feature Request, Security, and Privacy.
Our results indicate that prevailing concerns raised in user reviews, including credential theft, excessive data collection and permission requests, persist due to differences in expectations between users and developer stakeholders, where security and privacy are concerned. Thus, we proposed viable solutions to reconcile these differences, including consistent (and timely) communication of cyber incidents and responses across various channels and leveraging Privacy Enhancing Technologies (PETs) to preserve and protect user privacy.
Additionally, the performance of our approach to labelling reviews yielded comparable results to state-of-the-art methods when classified using renowned algorithms, including the Support Vector Machine (SVM), Random Forest (RF) and Naive Bayes Multinomials (NBM). We yielded our best performance using the SVM classifier, with an F1 score of 84% when applying data balancing techniques.
In the future, we intend to expand the project by analysing each app category and determining whether there is any significant difference in classification performance between the app categories.
What are your plans for the future?
The desire to contribute to the safety, security, and reliability of the virtual ecosystem formed the basis of my decision to study cybersecurity at the postgraduate level. My long-term desire is to work alongside industry, academia, and governments to mitigate risks in cyberspace and ultimately provide assurances to participants and peace of mind in our new normal ecosystem.