A University of Maryland professor helped create an app to determine when people are most vulnerable to cybercrimes involving their smartphones.

The app, called MADCAP, securely tracks users' locations and the apps they're using — while protecting user privacy — to determine when and where people's phones are most susceptible to cybercrime.

David Maimon, an associate professor in this university's criminology and criminal justice department, teamed up with Lucas Layman, a research scientist at Fraunhofer Center for Experimental Software Engineering — an affiliate of the computer science department — to create the app, which is scheduled to launch alongside the data collection experiment in mid-March. The app is designed to only work for participants who were selected for the experiment.

The team wants to reduce cybercrime vulnerability on cell phones because there isn't much research done in that field, Maimon said. With this experiment, they hope to address two types of security vulnerabilities: physical security — such as threats from a stolen phone or a criminal looking over your shoulder to view your online banking login information — and cyber threats.

"The goal of this project is essentially to understand how folks apply security on their smartphone devices, as well as try to understand if we can nudge them to behave more securely on their phones," Maimon said.

The researchers plan to have 200 adult participants, who must be Android users, take part in the three-month experiment, during which they will monitor participants' locations and app usage to determine risks in cell phone security. For example, if people use apps with sensitive data while on public transportation, they have a higher risk of getting their information stolen.

The National Science Foundation's Secure and Trustworthy Cyberspace program, which backs projects and experiments dedicated to cybersecurity, is funding the project, and this university's Institutional Review Board has approved all steps to the process, Layman said.

"On the computer side [of cybersecurity], we usually focus … on technical things [like encryption], but that doesn't protect you from unsafe human behavior," Layman said. "Everybody has a smartphone, and there have been some very high-profile breeches, losses of information [and] stolen identities, that have occurred through smartphones."

Mads Woodworth, a junior criminology and criminal justice and psychology major, said she has joined Wi-Fi networks belonging to people she doesn't know, which could pose security risks. Public Wi-Fi networks can make devices easier to breach by malware — malicious software — or criminals.

"No one has ever really told me what would be necessary to prevent those types of things from happening, so I wouldn't really know what to do [for security]," she added.

People don't seem to realize that cell phones are just as insecure as laptops, Maimon said, because many individuals don't use any type of virus protection on their cell phones.

Even with an encrypted phone that has a fingerprint password and anti-virus software, logging into an app that stores personal information — such as an online bank account — in public places like a UM Shuttle bus can make it easy for someone to look over your shoulder and capture your data, Maimon said. That's why the researchers plan to look into both the physical dangers as well as the cyber threats.

"I haven't really taken any extra steps to prevent [cybercrimes] from happening, so I guess I'm just as susceptible as anyone," Woodworth said. "I would say mine isn't as safe as it could be."

One of the first steps to security, Maimon said, is by being vigilant with your phone. For example, don't put your phone down and walk away, or walk alone through suspicious neighborhoods with your phone out. To increase cybersecurity, don't go to suspicious websites or log into apps that contain sensitive information on public Wi-Fi, such as campus buses or the Metro, he said.

"We know that you are vulnerable to cybercrime; you are using your smartphone to log into the internet, and log into your email account, bank account, so on and so forth," Maimon said. "By engaging in that behavior, we know folks are vulnerable."