Content uploaded by Anirudh Ganesh
Author content
All content in this area was uploaded by Anirudh Ganesh on Mar 23, 2023
Content may be subject to copyright.
Tailoring a Persuasive Game to Promote Secure Smartphone
Behaviour
Anirudh Ganesh Chinenye Ndulue Rita Orji
Faculty of Computer Science, Faculty of Computer Science, Faculty of Computer Science,
Dalhousie University, Halifax, NS, Dalhousie University, Halifax, NS, Dalhousie University, Halifax, NS,
Canada Canada Canada
anirudh.ganesh@dal.ca cndulue@dal.ca rita.orji@dal.ca
ABSTRACT
The use of smartphones has become an integral part of everyone’s
lives. Due to the ubiquitous nature and multiple functionalities of
smartphones, the data handled by these devices are sensitive in
nature. Despite the measures companies take to protect users’ data,
research has shown that people do not take the necessary actions
to stay safe from security and privacy threats. Persuasive games
have been implemented across various domains to motivate peo-
ple towards a positive behaviour change. Even though persuasive
games could be eective, research has shown that the one-size-
ts-all approach to designing persuasive games might not be as
eective as the tailored versions of the game. This paper presents
the design and evaluation of a persuasive game to improve user
awareness about smartphone security and privacy tailored to the
user’s motivational orientation using Regulatory Focus Theory.
From the results of our mixed-methods in-the-wild study of 102
people followed by a one-on-one interview of 25 people, it is ev-
ident that the tailored version of the persuasive game performed
better than the non-tailored version of the game towards improving
users’ secure smartphone behaviour. We contribute to the broader
HCI community by oering design suggestions and the benets of
tailoring persuasive games.
CCS CONCEPTS
• Human-centered computing
→
Human computer interaction
(HCI); HCI design and evaluation methods; Field studies; • Security
and privacy
→
Human and societal aspects of security and privacy;
Social aspects of security and privacy.
KEYWORDS
Tailoring Persuasive Game, Secure Smartphone Behaviour, Protec-
tion Motivation Theory, Regulatory Focus Theory, Smartphone
Security Game
ACM Reference Format:
Anirudh Ganesh, Chinenye Ndulue, and Rita Orji. 2023. Tailoring a Per-
suasive Game to Promote Secure Smartphone Behaviour. In Proceedings of
the 2023 CHI Conference on Human Factors in Computing Systems (CHI ’23),
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
for prot or commercial advantage and that copies bear this notice and the full citation
on the rst page. Copyrights for components of this work owned by others than the
author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior specic permission
and/or a fee. Request permissions from permissions@acm.org.
CHI ’23, April 23–28, 2023, Hamburg, Germany
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM ISBN 978-1-4503-9421-5/23/04.. .$15.00
https://doi.org/10.1145/3544548.3581038
April 23–28, 2023, Hamburg, Germany. ACM, New York, NY, USA, 18 pages.
https://doi.org/10.1145/3544548.3581038
1 INTRODUCTION
Smartphones have become an integral part of users’ daily lives.
People always carry their mobile phones for performing their day-
to-day tasks, and most of the time, their personal data is involved
when they use it. Over the past two decades, mobile phones have
undergone several hardware and software changes. In recent times,
among other security and privacy issues, smartphone privacy and
security have come under the spotlight. For a long time, Google’s
Android smartphone Operating System has been regarded as less
secure compared to Apple’s iOS [1, 2, 58].
In this paper, we will be focusing on the security and privacy
issues of the Android Smartphone operating system. Android is
more prone to social engineering attacks compared to iOS due to its
design to give more control to the user [
1
,
58
]. Smartphone users’
personal information has been compromised without their knowl-
edge over the years through Android apps [
15
,
84
]. To improve
users’ awareness about cybersecurity and digital privacy, various
interventions like videos, documents, campaigns, and posters are
used but have not been eective in the past [
6
]. Recent research
shows that games are an eective medium to educate users and
bring forth a positive behaviour change. As a result, games cover-
ing several cybersecurity issues such as identifying phishing links,
spam emails, and setting strong passwords [
25
,
68
,
93
,
95
,
99
] have
been designed. However, from recent research, it is evident that
awareness about smartphone security and privacy is low and there
is a need for research targeted at this area [
17
,
51
,
81
,
88
]. Speci-
cally, there is a need for interventions to improve users’ awareness
about smartphone security and privacy. However, there are only a
few interventions focusing on only some of the smartphone security
and privacy issues [7, 8, 100, 114].
Persuasive games, which are designed to motivate users towards
positive behaviour and attitude change, have been used across
various domains including physical activity [
48
,
76
], nutrition [
13
,
24
,
74
], disease prevention [
61
,
65
,
66
], and Sustainable Environment
[
31
,
75
,
94
]. Persuasive games for cybersecurity issues motivate the
users towards positive behaviour change by educating them about
safe security and privacy practices in a fun and engaging way.
For example, Social Engineering is often used to trick users by
extracting sensitive information without the user’s knowledge [
18
].
Because users are unaware of the security threats, they might fail
to take preventive measures to protect themselves from malicious
cybersecurity attacks.
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
Persuasive games, by nature of their informed and conscious
design, contextual elements, and excellent capabilities for simu-
lating various real-world scenarios can be used to train users to
recognize cybersecurity risks such as social engineering attacks
[
68
,
95
]. In the area of cybersecurity, persuasive games have been
used in the area of phishing [
35
,
57
,
67
,
93
,
95
], password safety
and security [
26
,
83
,
87
], and games for cybersecurity training
[
36
,
89
,
99
]. Although persuasive games can be eective, recent
research has shown that the “one-size-ts-all” approach might not
be as eective for motivating users toward a positive behaviour
change [
4
,
38
,
47
,
60
,
73
,
78
], hence, persuasive games need to be
tailored for various user groups.
In this paper, we present the design and evaluation of two ver-
sions of a persuasive game tailored based on users’ motivational
orientation (prevention- versus promotion-focused) using the Reg-
ulatory Focus Theory (RFT) [
22
,
40
] to motivate players to adopt a
secure smartphone behaviour. Specically, we aim to answer the
following research questions:
RQ1: Does the persuasive game motivate users to
protect themselves from smartphone security threats
overall?
RQ2: What is the overall player experience for the
persuasive game?
RQ3: Is there any dierence in the comparative eec-
tiveness of the two versions of the persuasive game
for improving secure smartphone behaviour?
RQ4: Does tailoring the persuasive game according
to regulatory focus theory improve the eectiveness
of the game with respect to increasing players’ secure
smartphone behaviour and their play experience?
We conducted both quantitative and qualitative in-the-wild stud-
ies consisting of 102 and 25 participants respectively for a duration
of 10 days with a 2x2 between-subject design and pre and post study
for repeated measures. We used the Protection Motivation Theory
(PMT) [
55
,
92
] to measure players’ intention to protect themselves
from smartphone security and privacy threats. PMT is a popular
theory that has been widely used in the domain of usable security
and privacy [
9
,
34
,
56
,
92
,
97
]. It consists of ve basic constructs –
Self-Ecacy, Response Ecacy, Response Cost, Perceived Vulnerabil-
ity and Perceived Severity. These ve constructs contribute to the
intention to protect oneself from threats and this is considered as
a strong indicator of behaviour change [
55
,
86
]. We also assessed
the player experience of the game using the validated and widely
acceptable scale that has been used by many CHI research papers
[
10
,
37
,
46
,
72
], the Intrinsic Motivation Inventory (IMI) [
85
] for
measuring the player’s intrinsic motivation with respect to the
persuasive game.
We found strong evidence that the game was eective overall in
improving users’ secure smartphone behaviour intentions. More
importantly, we found evidence to support that players who played
the tailored version of the game preferred the tailored version and
showed signicant improvement in their secure smartphone be-
haviour intentions compared to those who played the non-tailored
version of the game. Furthermore, the qualitative results provide ten
interesting themes and insight into various aspects of the game’s
eectiveness and why the tailored version is more eective. Our
work shows how to tailor persuasive games according to the user’s
motivational orientation (using RFT) to motivate them to follow
secure smartphone behaviour. RFT is a goal-setting theory that
emphasizes how users go about achieving their goals (motivational
orientation). The theory suggests that people reach their goals us-
ing one of the two motivational orientations – Promotion Focus and
Prevention Focus. The theory also states that each person develops a
primary motivational orientation throughout their life. Promotion
focused users take an eager approach toward achieving their goals
and are motivated by the achievements and the positive aspects of
reaching their goals. Prevention focused users take a vigilant or
careful approach while trying to achieve their goals, and they try
to avoid the negative aspects or regress from their current state
while trying to achieve their goal. RFT has been used in the past to
tailor messages and successfully motivate users toward their goals
[20, 22, 30, 52].
To the best of our knowledge, our research is the rst to investi-
gate how to tailor persuasive games for smartphone privacy and
security using the RFT and the benecial eect of tailoring.
2 BACKGROUND
In this section, we discuss the background of this work, existing
persuasive games, Regulatory Focus Theory (RFT), Protection Mo-
tivation Theory (PMT) and usable smartphone security and privacy
issues.
2.1 Persuasive Games
Persuasive Technologies (PTs) are digital interventions that are de-
signed to promote positive behaviour change among users. Persua-
sive games are PTs delivered in the form of games. Over the years,
persuasive games employing various strategies have been used
across many dierent domains including physical activity [
48
,
76
],
security behaviour [
26
,
32
,
67
,
95
] and nutrition [
13
,
14
,
74
]. For
example, BunnyBolt [
48
] is a gamied mobile tness app designed
to motivate youth to stay physically active. The game rewards the
users for reaching milestones in the game and employs an interest-
ing story to attract a wide range of audiences. Similarly, PirateBri’s
Grocery Adventure [
13
,
14
] is a game to motivate users towards
buying healthy groceries. The game utilizes a situated learning
approach to educate the users about nutritional products during
grocery shopping. The game allows the users to create a character
based on information like age and gender to assess their nutritional
needs -Customization. The game uses a trac signal format to
inform the users about the product’s nutritional information – Self-
monitoring and Feedback. The game also has incremental weekly
challenges that the users can complete to stay healthy and earn
in-game rewards – Reward and Goal-Setting.
With respect to persuasive games for cybersecurity awareness,
Wen et al. [
95
] designed What.Hack, a Role-Playing Game (RPG)
that educates users to identify phishing links and dierent types
of phishing techniques in an email. The player takes the role of an
IT expert who works in a bank and must lter the phishing emails
from the benign ones without opening the email or the attachments
- Simulation. The game presents emails in an incremental diculty
and has a rule book that states the objectives for each level of dif-
culty – Goal-Setting and Feedback. In a dierent study, Chen et
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
al. [
26
] designed Hacked Time, an RPG that educates users about
password safety and security. The user takes the role of a detective
to help their college roommate whose social media account was
compromised. The player travels back in time and helps their room-
mate by pointing out the unsafe password practices they have been
following and they educate them about how to protect their social
media account in an eective manner - Simulation and Feedback.
Persuasive games for cybersecurity training have been used in
educational institutions to train future cybersecurity professionals
or for general awareness among the public. For example, Cyber-
CIEGE [
89
] is a persuasive game designed for training cybersecurity
students. The game can be tailored by the course instructor to train
the students on specic topics – Customization, and can simulate
real-world scenarios to educate the players. In another study, Yerby
et al. [
99
] designed a serious RPG to train digital forensic profes-
sionals. The player takes the role of a digital forensic investigator
and helps to investigate a cybersecurity incident for a company
-Simulation. The game walks the player through a narrative and
simulates various cases. Research has shown that games are bet-
ter at training students compared to traditional classroom-based
courses [82].
Persuasive games about smartphone security are sparse. Based
on our review of existing literature, we found only a handful of
games for improving user awareness about smartphone security. For
example, in one study, Bahrini et al. [
8
] designed an RPG, “Make-
MyPhoneSecure” which aims to improve user awareness about
smartphone permissions. The player takes the role of a security ex-
pert and must help the Non-Playable Characters (NPC’s) with their
security concerns. The player must deny permissions in the app
settings according to the scenario – Simulation. The same author
also designed “HappyPermi” [
7
], an android app that simulates the
data that is accessible with each run-time permission. The app pro-
vides toggle switches for each permission. Users can toggle on and
o to see the data retrieved from their phone for each permission
-Simulation. Zargham et al. [
100
] designed a humorous game to
educate users about how to set up an Android smartphone and use
it in a safe manner. The results of the evaluation showed that the
participants preferred the game over the humorous video.
Although informative, these existing interventions for smart-
phone security and privacy cover only a limited set of smartphone
security and privacy scenarios. In general, interventions for im-
proving user awareness about smartphone security and privacy are
still in their infancy and most existing interventions are untailored.
This research gap motivated the present research on designing and
evaluating a tailored persuasive game intervention that covers a
wide range of smartphone security and privacy issues to improve
users’ awareness of secure smartphone behaviour.
2.2 Current State of Android Smartphone
Security
Smartphone security is a sub-domain under the umbrella of cyberse-
curity. With the rise in usage of smartphones for various day-to-day
activities, smartphones have become a hotspot for personal data,
thus attracting malware. For a long time, Google’s Android has been
regarded as a less secure smartphone Operating System compared
to Apple’s iOS [
1
,
2
,
58
]. Apart from technical issues related to secu-
rity, which exist for both devices, Android is more prone to social
engineering attacks compared to iOS due to its design to allow users
more control [
1
,
58
]. Various studies have shown that user aware-
ness about smartphone security needs improvement, and interven-
tions are needed for this purpose [
11
,
12
,
17
,
19
,
51
,
70
,
88
,
101
].
However, based on our review of persuasive games for cybersecu-
rity, only a limited number of interventions exist for improving
user awareness about smartphone security and privacy [7, 8, 100].
Existing research shows that users are unaware of how to take
steps towards secure smartphone behaviour, hence, do not take the
necessary steps to protect themselves.
Google’s Android OS [
102
] enables the end-users to control the
data they want to share with apps using a mechanism called run-
time permissions [
103
,
104
]. Before the run-time permission model,
Android used the install time permission model which allows it
to request permissions at the point the app is being installed. The
user had only two choices, either to install the app and grant all the
permissions or deny installing the app. Android classies users’ per-
sonal data into ten categories (Permission Groups) namely: Activity
Recognition, Calendar, Camera, Contacts, Location, Microphone,
Phone, Sensors, SMS, and Storage.
With the recent release of Android 12, Google has introduced a
new runtime permission called Nearby Devices that gives the user
the ability to allow or deny other applications’ ability to access its
Bluetooth, to discover and connect with other devices. Google also
enables Call Log permission only to specic developers with An-
droid approval. Google also introduced permission rationale [
104
],
a way for developers to explain the reason for the required app per-
missions, although, they do not enforce this on developers. Apart
from this, with the recent release of Android 12, Google introduced
a one-time permission, permission auto-reset and camera, as well
as mic toggles [
104
,
105
]. Despite introducing run-time permissions,
apps might still misinform the user and misuse the permissions by
requesting unnecessary permissions without providing the reason
for the permission requirement. As a result, users might not pay
attention to them [
11
,
12
,
45
,
84
,
88
,
96
]. Recent research has shown
that users are unaware of various smartphone security and privacy
practices, and there is a need for interventions to overcome this
issue [11, 12, 17, 19, 51, 88].
As part of our design process, to uncover common smartphone
security, we conducted a thematic analysis on data gathered from
recent research [
11
,
12
,
17
,
19
,
51
,
88
] and uncovered 12 common
smartphone security and privacy issues (Table 1). We searched for
android smartphone security and privacy issues outlined in these
papers.
2.3 Tailoring Persuasive Applications
Across recent research, persuasive digital interventions have been
used for promoting a positive behaviour change among users. Be-
haviour theories are widely used in the domain of persuasive tech-
nology, to tailor digital interventions to users. Recent research has
shown that the tailored versions of the persuasive applications are
much more eective than the one-size-ts-all approach. Several
parameters like users’ stage of behaviour change, gamer type, per-
sonality, age and gender have been leveraged to tailor persuasive
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
Table 1: Common Smartphone Privacy and Security Issues
Twelve Common Smartphone Security and Privacy Issues
Allowing only necessary Permission for an App
Setting up a Lockscreen to avoid unauthorized physical access to phone
Downloading apps from 3rd party app store/marketplace
Background app process
Turning o WiFi, GPS, Bluetooth when not in use
Using third party security software (e.g., VPN, Antivirus)
Clicking on unknown links from unknown senders/sources
Following Safety Routine (e.g., Regular OS Updates, Factory Reset while disposing Phone, and Data Backup)
General Recommendations (e.g., Do not root device, Do not store sensitive information in plaintext)
Securing Data and Avoiding Breach (e.g., Avoid public USB Stations, Use original charging equipment)
General Safe Practices While using apps (e.g., Log out of apps, beware of popups)
Disaster Response (e.g., Remote lock and wipe)
interventions [
4
,
38
,
47
,
60
,
73
,
78
]. For example, Mulchandani et al.
[
60
] designed and tailored a persuasive game to promote awareness
about the COVID-19 virus. The authors tailored the game according
to the Transtheoretical model (TTM) and developed two versions to
support users’ in the early and later stages of their behaviour change
journey. Similarly, Alqahtani et al. [
4
] conducted a large-scale study
with a persuasive mental health app and found that participants’
personality traits had an eect on their perceived persuasiveness
of the app. For our persuasive game, we leveraged the Regulatory
Focus Theory (RFT) [
22
,
40
], a goal-setting theory that states that
people try to reach their goals according to their predominant mo-
tivational orientation. This motivational orientation is categorized
as Promotion Focus and Prevention Focus. Regulatory Focus The-
ory has often been used in the past to persuade users according
to their motivational orientation. It is a popular theory based on
the self-regulation theory and self-discrepancy theory [
41
]. When
users pursue their goals according to their motivational orientation,
they experience regulatory t which is an increased strength of
engagement in the task. As a consequence, the user experiences
persuasion and they are motivated to continue towards achieving
their goal while they process the task eciently, reducing the need
for cognitive restructuring [
106
]. To measure users’ intention to-
wards following secure smartphone behaviour, we leveraged the
Protection Motivation Theory (PMT) [
55
], which has been widely
used across the cybersecurity domain [
9
,
56
,
62
,
92
] to measure
users’ intention to protect themselves from security and privacy
threats. Both these theories are discussed in the upcoming sections
along with their implementation across various research domains.
2.4 Protection Motivation Theory
The Protection Motivation Theory (PMT) developed by Rogers et al.
[
55
,
86
] is a popular behaviour theory that has been used across var-
ious cybersecurity research for measuring users’ awareness levels
[
9
,
50
,
62
,
97
] and their level of intention to adopt a new behaviour.
PMT comprises ve core constructs: (1) Perceived Severity, (2) Per-
ceived Vulnerability, (3) Self-Ecacy, (4) Response Ecacy, and (5)
Response Cost. PMT proposes that these constructs determine an
individual’s intention to change behaviour. The rst two constructs
(Perceived Severity and Perceived Vulnerability) are referred to as
Threat Appeal or Threat Appraisal, and the other three constructs
(Self-Ecacy, Response Ecacy, and Response Cost) are referred to
as Coping Appeal or Coping Appraisal.
Over the years, PMT has been adapted and applied across various
domains. For example, Chambers et al. [
23
] conducted a focus group
with American Indian adolescents according to PMT to educate
the youth and their parents about safe sexual practices to protect
themselves from sexually transmitted diseases. In a dierent study,
Poong et al. [
79
,
80
] developed a presentation based on PMT to
motivate tourists to protect and preserve the world heritage site
of Luang Prabang [
107
]. In the domain is cybersecurity, Bavel et
al. [
9
] designed nudges according to PMT to motivate users to
navigate an e-commerce website safely and securely while making
a purchase. The four dierent nudges were: (1) a plain message
that served as a control group, (2) a coping message instructing
the user how to navigate the e-commerce platform safely, (3) a
threat appeal message that conveyed the dangers of shopping on
e-commerce platforms, and (4) a combination of coping + threat
messages. From the quantitative results and telemetry analysis,
the authors found that the threat + coping message performed the
best followed by the coping message, threat, and control message.
The authors found that informing participants on how to protect
themselves from threats was the best method to motivate users.
Williams et al. [
97
] designed a game called “(Smart)Watch Out!” to
improve user awareness about smartwatch security and privacy.
The game mechanics were modelled according to PMT constructs.
The player must go around town answering security questions to
citizens and must dodge answering thieves who would try to steal
the player’s data. With this game mechanic, the authors highlighted
the consequences of not following proper security and privacy
practices (Threat appraisal). The users must perform security tasks
to protect themselves (coping appraisal) from losing the game and
to make progress in the game. From the results, the researchers
found a signicant increase in self-ecacy and perceived threat. The
usage of lock screens and permissions increased after playing the
game compared to the control group that did not play the game.
Chittaro et al. [
28
] designed an interactive serious game to edu-
cate users about emergency preparedness during terror attacks. For
perceived severity, the authors used gory eects, bone-crushing
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
sounds and realistic human screams to induce fear. For perceived
vulnerability, the authors simulated public places such as train
stations and airports to induce a sense of reality in the user. For
self-ecacy, the player must perform the right action in-game to
protect themselves during the catastrophe and for response ecacy,
the player does not get hurt badly when they performed the right
actions in-game. For response cost, the suggestions shown to the
player are simple to perform and mimic real-world actions. The
authors compared the game with a non-interactive version in a
2x2 between-study design experiment. From the quantitative re-
sults, the authors found that the interactive version of the game
performed better than the non-interactive version in increasing the
threat appraisal constructs, emergency preparedness knowledge
and self-ecacy.
Various researchers have adapted the PMT by adding dierent
constructs to explore usable privacy and security [
5
,
29
,
62
,
92
]. For
instance, Mwagwabi [
62
] added Exposure to Hacking as a construct
to the PMT scale. Similarly, Verkijika et al. [
92
] added Anticipated
Regret as a construct to the PMT scale and adapted it for smart-
phone security and privacy. Knapova et al. [
50
] evaluated the deter-
minants of smartphone security behaviour using a combination of
the Health Belief Model and PMT constructs. We adopted the PMT
scale validated by Verkijika et al. [
92
] to measure users’ intention
to adopt a secure smartphone behaviour in this paper.
2.5 Regulatory Focus Theory
Dierent people try to reach their goals using various techniques.
RFT states that people are either predominantly Promotion Focused
or Prevention Focused, and hence, adapt to one of the focuses while
trying to reach a goal [
22
,
40
]. When a person works towards a
goal because of the advancement or achievement that one might
get from achieving the goal, they would be considered “promotion
focused”. Promotion focused people often take an eager approach,
proactively trying to achieve positive outcomes, to accomplish
their goals. On the other hand, Prevention focused individuals
often take a vigilant approach, proactively trying to avoid negative
outcomes, to achieve their goals. When a person does not want to
lose what they have or if they want to follow societal etiquette to
reach what they consider as a standard safe goal (i.e., concerned
about safety and security), they are considered to be "Prevention
focused”. Higgins et al. [
42
] developed an 11-item scale called the
Regulatory Focus Questionnaire (RFQ) to determine the Regulatory
Focus of a person. When the persuasion means matches the users’
motivational orientation, users feel right while performing the task,
and they experience an increased strength of engagement, referred
to as Regulatory Fit [
21
,
22
]. Regulatory Fit might also occur due
to non-verbal cues or physical actions [
21
]. RFT has been used in
consumer research to motivate users to buy products and has also
been used in the health domain [22, 42, 43, 52].
Lee et al. [
53
] explored the eects of regulatory t on learning
with the help of the game, “Do I have Right”. The game educates
the players about constitutional amendments. The player must win
lawsuits in the game and accumulate prestige points. For the eager
condition, the players had to win as many lawsuits as possible,
and for the vigilant condition, the players should not lose prestige
points. From the evaluation results, it was evident that players in
the t condition played the game for a longer time compared to
those in the non-t condition. Players in the t condition also spent
more time on learning-related behaviours. Elgarf et al. [
30
] designed
an interactive pretend play game (with human-robot interaction)
according to RFT to study the impact of RFT on emotional induction
in children. The authors designed a pretend-play narrative game
where the child must work with the robot to escape to planet Mars.
The gameplay was designed according to RFT. The promotion focus
game version was designed to elicit happiness, and the prevention
focus game version was designed to elicit fear. The robot was set
to elicit fear and happiness via facial expressions and sounds. The
results of the evaluation showed that children elicited joy and hap-
piness in the promotion focus version, but the prevention version
did not induce fear.
In another study, Heeter et al. [
39
] conducted a quasi-experiment
with an aim and shoot game which was tailored according to RFT.
The promotion focus version displayed the number of rounds the
player won, and the prevention focus version displayed the num-
ber of shots missed by the player overall. The promotion focused
players took more shots (eager approach) and made more mistakes
compared to the prevention focus players, who were careful not
to make mistakes. The promotion focused players also played the
game more than the allotted time limit, and prevention focus play-
ers were more likely to comply with external instructions. RFT is
often used in a marketing context, and unlike the normal text-based
interventions [
20
,
52
] that have leveraged RFT, persuasive games
that utilize RFT for motivating users towards a positive behaviour
change are few.
To improve users’ awareness of smartphone security and privacy,
our persuasive game includes suggestion texts to teach players
about smartphone security and privacy. RFT has been used to study
the eects of tailored written messages and has been successful in
motivating users towards their goals [
20
,
22
,
52
]. Hence, we tailored
our game according to the RFT. To the best of our knowledge, our
game is the rst persuasive game to implement RFT in a smartphone
security context. We tailored our game design according to RFT
to motivate both promotion focused users and prevention focused
users towards adopting secure smartphone behaviour. The details
of the design process are discussed in the following section.
3 PERSUASIVE GAME DESIGN AND
DEVELOPMENT
With the evolution of games, there is a clear distinction between
older games that invoke nostalgia with their basic game design
compared to modern games with evolved gameplay, narrative, and
improved graphics. These older games are called Retro Games
[
108
]. Existing research has shown that retro games evoke nostalgia
and improves player satisfaction and competence [
98
]. A familiar
playstyle also reduces the learning curve of the overall gameplay
for the players. After reviewing various popular game designs and
various brainstorming sessions, we designed and developed a 2D
retro-themed game inspired by other games like Super Mario [
109
]
and MegaMan [
110
]. Research has shown that narrative elements
improve users’ motivation and engagement during learning [
54
].
A good contextual narrative helps the players to connect with
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
Table 2: Implementation of Level Design Patterns
Level Design Pattern Description Implementation
Branching
Guidance
Foreshadowing
Layering
Multiple paths are provided to the player to
explore in-game. A specic condition to unlock a
path is known as conditional branching.
Using non-verbal game elements to guide the
player in-game.
Teasing the player with unreachable game
objects early in-game or with a game element
that changes over time in-game.
Make the game challenging and interesting by
combining multiple game elements or reusing
game elements.
We provide alternate paths in-game for the player to
explore further. This makes the game more
interesting and increases their curiosity.
We utilized enemies and permission collectibles to
guide the player.
We included hidden areas in our game that are visible
to the players but cannot be reached easily. This
increases the players’ curiosity.
We combined enemies and obstacles and placed them
in the pathways. We also added moving and
disappearing platforms to keep things interesting.
the game, retain knowledge, and positively motivates the players
[27, 64].
Our persuasive game design includes a narrative that integrates
smartphone security and privacy while maintaining a classic sto-
ryline similar to the popular 2-D games. The protagonist and his
friends go on a camping trip to a forest. While setting up their
tent, they were invaded by a wild troll who was angry with them.
The troll was a new smartphone user and a victim of data theft.
Hence, it was angry with “Humans – The inventor of Smartphones”.
The troll kidnaps the protagonist’s friends and traps them in var-
ious parts of the Jungle. The troll promises to release them if the
protagonist helps it by collecting appropriate smartphone permis-
sions for an Android app on each level. The protagonist must help
other jungle creatures along the way with their smartphone issues.
The game starts with an interesting hook when the protagonist’s
friends are kidnapped by the troll to motivate the users towards
playing the game and encourage further exploration. Following
this, each level has a story to maintain the continuity of the game
while weaving smartphone security concepts into the story. There
are three levels in the game, and the players learn about the var-
ious aspects of smartphone security and privacy issues through
appropriate feedback provided by the game for each action that the
player performs in-game. Apart from this, the game also utilizes
various features like hidden areas and rewards to persuade the
users to progress in the game. Further, various NPCs were added to
the game with interactable conversations (in the form of quizzes)
related to smartphone security and privacy to keep the game inter-
esting and relatable to the main story. We discuss the persuasive
game design and gameplay in the upcoming sections.
3.1 Persuasive Game Design
We designed the persuasive game in a retro-styled manner similar to
popular games like Mario [
109
] and MegaMan [
110
], to reduce the
player’s learning curve. Besides the gameplay and storyline, an im-
portant feature of a 2D platformer is the level design. Monotonous
content might not be interesting for the players, and popular 2D
games utilize level design to motivate players to progress through
the game. We leveraged the 2D level design patterns developed by
Khalifa et al. [
33
,
49
] to design the levels in an interesting manner.
The design patterns allow a designer to be creative while providing
specic guidelines. We outline some of the key level design patterns
and their implementation in Table 2. Apart from the level design,
we leveraged the Persuasive Systems Design (PSD) Framework de-
veloped by Oinas-Kukkonen et al. [
71
] to integrate some persuasive
strategies into the game. Persuasive strategies are techniques that
can be implemented in persuasive games to motivate behaviour
change. The details of some of the key persuasive strategies are
outlined in Table 3.
We developed the game using Unity Game Engine [
91
] and pro-
grammed the scripts using C#. We designed some of the game assets
like the buttons and the menu components using Inkscape [
111
].
Apart from this, we wrote separate game manager scripts for var-
ious functionalities of the game. This helps to maintain separate
scripts while maintaining a few master scripts to integrate func-
tionalities (inheriting functions from other classes) from various
other scripts.
3.2 Gameplay
The game starts with a contextual story followed by a tutorial
that explains the controls of the game and how to progress in the
game. Players are briefed about the features of an Android app for
which they must collect necessary permissions according to the
app features mentioned in each level. This is followed by a list of all
the permission symbols that are shown to the player with a simple
explanation of their functionality. After this, a quiz is shown to
the player before starting each level. The players are questioned
about the required permissions for the app for which they would be
collecting permissions in-game. This quiz is also shown to the user
after completing the level, and the players get appropriate feedback
for their quiz answers, explaining why certain permissions might
or might not be required for the app. There are a total of three
levels in the game that cover three dierent apps with diverse
permissions (Table 4). When the player collects the permissions,
the game displays secure smartphone behaviour tips (Figure 1(d)).
There are obstacles and enemies to overcome in the game to keep
it interesting. The player’s score increases when the enemies are
destroyed, and there are hidden areas and health bonuses to help
the players progress in the game. The player has three lives and a
health bar. The players lose health points when they are attacked
by an enemy. When the player loses all their health, they lose a life
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
Table 3: Implementation of Persuasive Strategies from the PSD Framework
Persuasive Strategy Description Implementation
Suggestion The application oers a tting suggestion to aid
the user in their behaviour change journey. We provided appropriate secure smartphone
suggestions to the players when they picked up
permission collectibles and for the in-game quiz
answers.
Rewards
Competition
The application rewards the user for performing
certain tasks.
The application utilizes the user’s drive for
competition and provides a way to compete with
others.
We included badges, bonus health, bonus life and
points as in-game rewards for the players.
We included a leaderboard where players’ can see
other players’ scores and their in-game badges.
Figure 1: Sample screenshots of the persuasive game
(indicated by a heart symbol). The players lose a life when they fall
on thorns/spikes or when they miss jumping on a platform and fall
into the river.
To include other smartphone security and privacy scenarios, we
introduced NPC’s (Figure 1(a)). The player must help the NPC’s
with their smartphone issue by answering their questions (Figure
1(b)). We adapted a quiz format, where the player is given a scenario
with three possible options to choose from, and they must choose
the correct one. Appropriate feedback is provided to the players
for choosing an option. The twelve common smartphone security
and privacy issues identied from the thematic analysis described
in section 2.2 were included as quiz scenarios with an interesting
narrative for each NPC.
3.3 Tailoring the Game with Regulatory Focus
Theory
As mentioned in the background section, tailoring persuasive ap-
plications has been shown to yield better results. Dierent people
might take various approaches to achieve their goals. We tailored
the game according to RFT and this resulted in two versions of the
game namely – the promotion focus version and the prevention focus
version of the game. The promotion focus version of the game was
tailored for promotion focus users who strive to accomplish their
goals due to the achievements or gains that they might get out of
achieving the goals. The prevention focus version of the game was
tailored for the prevention focus users who are vigilant and try to
avoid losses while reaching their goals. For both groups of players
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
Table 4: Description of App Features and Permissions required in each level
Level App and Features Permissions
1. Communication App – Video Chat, Sharing Media Files, Sharing Location,
Messaging your contacts, SMS, Phone Dialer.
2. Activity Tracking App – Activity Tracking, Heart Rate Tracking, Fitness Blog,
Popular running routes around you
3.
Event Booking App – View events happening around you, Save event reminders
on your calendar, Store oine tickets on your phone.
Camera, Storage, Location, Contacts, SMS,
Phone, Microphone
Sensors, Activity Recognition, Location,
Storage, Camera
Storage, Location, Calendar
Table 5: Tailoring Game Design according to Regulatory Focus Theory
Tailored Game Versions Design Changes
Promotion Focus Version
• The suggestions of the security scenarios were tailored to reect the gains or the positive
outcome that the users would achieve when they take precautionary measures for safeguarding
their smartphone from security and privacy issues.
• Players gain 10 health points for picking up necessary permissions.
• Players gain 15 health points for correct in-game quiz answers.
• Players do not lose movement speed or health upon picking up an unnecessary permission.
Prevention Focus Version
• The suggestions of the security scenarios were tailored to reect the losses or the negative
outcome that the users would face when they do not take precautionary measures to safeguard
their smartphone from security and privacy issues.
• Players lose 10 health points for picking up unnecessary permissions.
• Players lose 15 health points for wrong in-game quiz answers.
• Players lose about 80% of movement speed upon picking up an unnecessary permission.
(promotion and prevention focus), the non-tailored versions of the
game were the opposite versions of the game – The Promotion
Focus version of the game was the non-tailored version for the
Prevention Focus group of users, and the Prevention Focus version
for the game was the non-tailored version for Promotion Focus
group of users. The gameplay and game mechanics were the same
across the two versions of the game. The details of tailored game
design are outlined in Table 5.
4 EVALUATION OF THE PERSUASIVE GAME
We tailored the game according to the Regulatory Focus Theory
[
40
], which states that people develop a predominant motivational
orientation to reach their goals over their lifetime. People with a
Promotion Focus orientation prefer the presence of positive out-
comes or gains while working towards their goals. People with a
Prevention Focus orientation prefer to avoid negative outcomes
while trying to reach their goals. To answer our research ques-
tions, we conducted an in-the-wild study, where the participants
answered a pre-study survey followed by 10-day gameplay after
which they completed a post-study survey.
For the pre-study survey, we collected the players’ demographics,
gaming habits, Protection Motivation scores [
92
], and smartphone
security behaviour using the Smartphone Security Behaviour Scale
(SSBS) [
45
], Permission Scenario and Regulatory Focus Question-
naire (RFQ [
42
] for classifying participants as either promotion
focus or prevention focus). The SSBS is used to measure smart-
phone security behaviour over two factors namely the technical
aspect and the social aspect [
45
]. The technical aspect of SSBS cov-
ers the technical steps or knowledge that is needed (e.g., Using a
VPN or Anti-Virus) to secure one’s smartphone. The social aspect of
SSBS covers the users’ ability to identify social cues (e.g., Deleting
suspicious communication, verifying the app’s source) to identify
smartphone security threats. We included a Permission Scenario in
both the pre-study survey and the post-study survey, where the par-
ticipants had to select the correct or required permissions according
to the features of the app out of the ten dangerous permissions. The
RFQ is an 11-item validated scale used to identify a user’s motiva-
tional orientation as either Promotion Focus or Prevention Focus
[
42
]. In the post-study survey, the Protection Motivation scores,
Smartphone Security Behaviour scale, and Permissions Scenario
were included again as repeated measures. Besides these measures,
the players’ overall play experience (IMI) [
85
] was also measured
using a 7-point Likert scale. After the post-study survey, we inter-
viewed some of the players (n
=
25), randomly selected from those
who opted-in for the optional interview, to get a better understand-
ing of their experience with the game. Table 6 outlines the research
questions and the respective survey scales used for the evaluation
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
Research Questions Survey Scales
RQ1: Does the persuasive game motivate users to protect
themselves from smartphone security threats overall?
RQ2: What is the overall player experience for the persuasive
game?
RQ3: How eective are the individual versions of the persuasive
game for improving secure smartphone behaviour?
RQ4: Does tailoring the persuasive game according to regulatory
focus theory improve the eectiveness of the game with respect to
increasing players’ secure smartphone behaviour and their play
experience?
Protection Motivation Theory (PMT) [92] scale (Pre-Post study
design), SSBS, Permission Scenario
Intrinsic Motivation Inventory [85]
PMT, SSBS, Permission Scenario
PMT, IMI
Table 6: Research Questions and Survey scales for Evaluation Study
Table 7: Participants distribution in 2x2 between-subjects study design for Evaluation Study
Total n = 102
Motivational Orientation Promotion Focus Game version Prevention Focus Game version
Promotion Focus players 25 (tailored) 24 (non-tailored)
Prevention Focus players 26 (non-tailored) 27 (tailored)
study, and Table 7 shows the number of participants for the 2x2
between-subjects study design. We also carried out a thematic anal-
ysis on the participants’ comments from the interviews to gain
insights about the players’ experience with the game in general
and their opinions about the various game features and security
scenarios.
After receiving ethics approval from our university institutional
review board, the recruitment of participants commenced. We used
snowball sampling [
112
] for recruiting participants, and the re-
cruitment notice was shared using university email lists, and social
media sites like Reddit, LinkedIn and Facebook. An informed con-
sent form was included at the beginning of the pre-study survey,
outlining the study details, duration of the study, risks and benets
involved in the study, and optional interview opt-in. Since the study
was conducted in-the-wild, a lottery-style reward for participants
was suggested by the IRB, which is an acceptable practice in the
university and the country where the University is located. A par-
ticipant’s data was included in the analysis if they had played the
game for at least 10 mins per day, over the course of 10 days, and
this was ensured with the help of the game’s log data. After remov-
ing incomplete responses, we included a total of 102 participants
who completed the study in the analysis. Based on the participants’
RFQ responses, they were divided into two groups – Promotion
Focus and Prevention Focus. To eliminate the possibility of bias,
the participants were randomly assigned to one of the two versions
of the game – the Promotion Focus version or the Prevention Focus
version, according to their motivational orientation. From this, four
experimental groups were formed:
1.
Promotion Focus tailored: Promotion Focus users who played
the promotion focus game version
2.
Promotion Focus non-tailored: Promotion Focus users who
played the prevention focus version of the game
3.
Prevention Focus tailored: Prevention Focus users who played
the prevention focus version of the game
4.
Prevention Focus non-tailored: Prevention Focus users who
played the promotion focus version of the game
Participants’ distribution into the various groups is shown in Table
7 and the details of the participant demographics are outlined in
Table 8. After the post-study, we conducted a lucky draw, and four
participants were awarded a sum of $25.00 each.
In the following sections, we present the results of our study,
corresponding to each research question. Firstly, we present the
results of the quantitative analysis followed by the qualitative anal-
ysis of the post-study interview responses. We used Cronbach’s
alpha to check the reliability of the responses. The reliability anal-
ysis showed that all the scales demonstrated internal consistency,
with Cronbach’s alpha values above 0.70.
4.1 Overall Ecacy of the Persuasive Game
towards Improving Secure Smartphone
Behaviour
To answer RQ1: Does the persuasive game motivate users to protect
themselves from smartphone security threats overall?, we measured
users’ intention to protect themselves from smartphone security
threats, using the Protection Motivation Theory (PMT) scale val-
idated by Verkijika et al. [
92
], before and after using the game.
The PMT scale was included both in the pre- and post-study, and
the user’s intention was measured across eight constructs, namely,
Self-Ecacy, Response Ecacy, Response Cost, Perceived Severity,
Perceived Vulnerability, Anticipated Regret, Security Intention and
Security Behaviour. Apart from PMT, we also utilized SSBS [
45
]
and Permission Scenario scales in the pre- and the post-study.
We conducted a paired samples t-test with Bonferroni correction
to determine if there is a signicant dierence between the pre- and
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
Table 8: Participants Demographics
Total Participants = 102
Gender Male (68%), Female (32%)
Age 18-25 Years (53%), 26-35 Years (36%), 36-45 Years (5%), 46-60 Years (6%)
Education
Bachelor’s (51%), College Diploma (2%), Doctoral (3%), Highschool or Equivalent (18%),
Less than High School (1%), Master’s (25%)
Gameplay Time 0 Hours (16%), 1-2 Hours (50%), 3-5 Hours (17%), 6-8 Hours (10%), 8+ Hours (7%)
Frequently Used Devices for Gaming PC (85), Smartphone (9), Console (51), Other (5)
Table 9: Paired sample t-test values for PMT constructs
PMT Constructs Pre-Mean ± SD Post-Mean ± SD t p
Self-Ecacy
Response Ecacy
Response Cost
Security Behaviour
3.81± 0.65
4.06 ± 0.65
2.54 ±0.93
3.07 ± 1.21
4.15 ± 0.72
4.25 ± 0.74
2.37 ± 0.97
3.48 ± 1.27
3.708
2.472
-1.928
3.518
<0.001
0.015
0.040
<0.001
Table 10: Paired sample t-test values for SSBS
SSBS Constructs Pre-Mean ± SD Post-Mean ± SD SD t p
Technical Aspect 2.53 ± 0.77 2.96 ± 0.89 0.76 5.692 <0.001
Social Aspect 4.18 ± 0.75 4.24 ± 0.80 0.77 0.748 0.456
post-study scores of the PMT scale, SSBS scale and the Permission
Scenario scale. For the PMT scale, the results of the paired t-test
(Table 9) shows that there was a signicant increase for self-ecacy
(t(101)
=
3.708, p < 0.001), response ecacy (t(101)
=
2.472, p
=
0.015), security behaviour (t(101)
=
3.518, p < 0.001) and a signicant
decrease for response cost (t(101)
=
-1.928, p
=
0.040) but a signicant
change was not observed across the other constructs. Response cost
refers to the eort that needs to be taken by the user to perform
a task. A low score on response cost shows that users do not feel
much eort is needed to take preventive measures. Overall, all the
values were above the neutral value of 2.5 except for response cost,
which is signicantly less than the neutral point on a 5-point Likert
scale.
Although both the Technical and Social constructs scores are
higher than the neutral value of 2.5 on a 5-point Likert scale, the
paired t-test results for SSBS (Table 10) show that there was a
signicant increase in the mean value of the Technical construct
(t(101)
=
5.692, p < 0.001) but not for the Social construct (t(101)
=
0.748, p
=
0.456). This shows that overall, users practiced more
of the technical aspects of smartphone security compared to the
social aspects. This might be because there might not have been
enough opportunities during the 10 days duration of the study for
the users to practice the social aspects of smartphone security (e.g.:
identifying and deleting suspicious emails) unlike the technical
aspects (e.g.: Password reset) that do not depend on such opportune
moments.
For the permission scenario, the result of the paired sample t-test
shows a statistically signicant increase in the mean value from
permission (Table 11). But for the unnecessary permission, there
was a decrease in means from the pre- to the post-study, although
it was not signicant.
4.2
Overall Player Experience of the Persuasive
Game
To answer RQ2: What is the overall player experience for the persua-
sive game?, we used a one-sample t-test across the scores on the
IMI scale. We compared the data against a neutral value of 3.5 on a
7-point Likert scale for player experience (IMI) (Table 12, Figure 2).
The results of the one-sample t-test show that players were highly
motivated by the game, and they also reported a positive play ex-
perience irrespective of the game version or their motivational
orientation.
To examine if there were any dierences across the two game
versions, we conducted an independent samples t-test on the player
experience (IMI) constructs. The results showed that there were no
signicant dierences in player experience (t(100)
=
0.181, p
=
0.857)
across the two game versions. This implies that without considering
players’ motivational orientation (the tailoring variable) both game
versions are equally eective with respect to the player experience.
4.3 Eectiveness of Game Versions on Secure
Smartphone Behaviour
To answer RQ3: How eective are the individual versions of the
persuasive game for improving secure smartphone behaviour?, after
validating the data for the assumptions of ANOVA, we conducted
the pre- to the post-study (t(101)
=
2.03, p
=
0.045) for the necessary
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
Table 11: Paired sample t-test values for Permission Scenario constructs
Permission Scenario Constructs Pre-Mean ± SD Post-Mean ± SD SD t p
Necessary Permissions 2.32 ± 0.94 2.55 ± 0.73 1.17 2.03 0.045
Unnecessary Permissions 1.42 ± 1.65 1.16 ± 1.42 2.07 -1.24 0.218
Table 12: One sample t-test values for Player Experience (IMI)
Player Experience Constructs M SD t(101) p
Interest/Enjoyment 5.16 1.29 9.144 <0.001
Pressure/Tension 2.72 1.28 -9.98 <0.001
Value/Usefulness 5.08 1.36 8.02 <0.001
Perceived Competence 4.52 1.35 3.95 <0.001
Perceived Choice 5.81 0.25 72.950 <0.001
Eort/Importance 4.06 1.05 0.655 0.514
Figure 2: Mean values of IMI constructs
an RM-ANOVA with the game versions as the between-subject fac-
tor, time (pre, post-study) as a within-subject factor, and PMT, SSBS,
and Permission scenario constructs as the dependent variables. The
results show that there was no main eect of the game versions
on the PMT constructs -self-ecacy (F(1,100)
=
2.716, p
=
0.102),
response ecacy (F(1,100)
=
0.011, p
=
0.916), response cost (F(1,100)
=
0.164, p
=
0.686), perceived severity (F(1,100) < 0.05, p
=
0.990), per-
ceived vulnerability (F(1,100)
=
0.806, p
=
0.371), security behaviour
(F(1,100)
=
0.466, p
=
0.466) and anticipated regret (F(1,100)
=
0.022,
p
=
0.883). Also, for SSBS, the results show there was no main eect
of the game version for the Technical construct (F(1,100)
=
1.322, p
=
0.253) and the Social construct (F(1,100)
=
0.303, p
=
0.583). Similarly,
there was no main eect of the game versions on the necessary
permissions construct (F(1,100)
=
0.039, p
=
0.843) and the unnec-
essary permissions construct (F(1,100)
=
0.139, p
=
0.719). . These
results show that, overall, both the game versions were equally
eective for secure smartphone behaviour (PMT, SSBS, permission
constructs) without considering users’ motivational orientation
type. The results suggest that random assignment of participants
to the two game versions did not yield groups who perceived and
rated the game version dierently overall.
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
4.4 Impact of Tailoring on the Eectiveness of
Persuasive Game towards Improving Secure
Smartphone Behaviour
To answer RQ4: Does tailoring the persuasive game according to
regulatory focus theory improve the eectiveness of the game with
respect to increasing players’ secure smartphone behaviour and
their play experience?, rst, we conducted a repeated-measures
ANOVA (RM-ANOVA) with player’s motivational orientation (Pro-
motion focused, Prevention focused) and game version (Promo-
tion Focus version, Prevention Focus version) as between-subjects
factors and time (pre-post) as a within-subjects factor with PMT
constructs, SSBS constructs and Permission Scenario constructs as
the dependent variables.
Time: The results of the RM-ANOVA show that there was a main
eect of time across the following constructs: self-ecacy (F(1,98)
=
21.766, p < 0.001), response ecacy (F(1,98)
=
5.781, p
=
0.018)
and security behaviour (F(1,98)
=
13.282, p < 0.001) overall but there
was no main eect of time across the other PMT constructs. These
results show that there was an overall signicant increase from pre-
to post-study without considering the groups. From the pairwise
comparison, it was evident that there was a signicant increase
from pre- to post-study across three constructs: self-ecacy (p <
0.001), response ecacy (p
=
0.018) and security behaviour (p <
0.001) after playing the game overall.
Apart from the PMT constructs, there was a main eect of time
for SSBS Technical construct (F(1,98)
=
30.932, p < 0.001) and neces-
sary permissions (F(1,98) = 3.992, p = 0.048) and from the pairwise
comparison, it was evident that there was a signicant increase
from pre-test to post-study for the SSBS Technical construct (p < 0
.001) and necessary permissions (p
=
0.048). These results show that
after playing the persuasive game, players reported a signicant
increase in their technical knowledge of smartphone security be-
haviour along with a signicant increase in selecting the necessary
permissions in the post-study overall. Apart from this, there was
an overall increase in scores on the Social construct and a decrease
in the Unnecessary permissions construct although they were not
signicant.
Game Version: The results of RM-ANOVA show that there was
no main eect of the game versions across the constructs (p > 0.05).
These results suggest that random assignment of participants to the
two game versions did not yield groups who perceived and rated
the game version dierently overall.
3-way Interaction between Players’ Motivation Orientation,
Game Version, and Time. The results of the RM-ANOVA show
that there was a 3-way interaction between players’ motivational
orientation, game versions, and time for the PMT construct Security
Behaviour (F(1,98)
=
4.423, p
=
0.038). From the posthoc pairwise
comparisons, it was evident that promotion focused players who
played the promotion Focus version (tailored version) of the game
(p
=
0.011), and prevention focused players who played the preven-
tion focus version (tailored version) of the game (p
=
0.002) had a
signicant increase in security behaviour compared to the other
two groups (promotion focus non-tailored and prevention focus
non-tailored) that played the non-tailored version of the game (p
=
1.0 and p
=
0.145) respectively. This shows that tailoring the
game was benecial towards improving the player’s security be-
haviour over time, compared to the non-tailored version of the
game thereby answering our RQ4. Table 13 outlines some of the
participant’s sample comments from the interview across the four
groups that sheds more light on the results.
4.5 Eects of Tailoring on Player Experience
To compare the eectiveness of the tailored versus non-tailored ver-
sion of the game with respect to players’ motivational orientation,
we randomly assigned the players into four sub-groups: (1) promo-
tion focus tailored, (2) promotion focus non-tailored, (3) prevention
focus tailored, and (4) prevention focus non-tailored. To check if
the tailored version of the persuasive game had an eect on the
players’ play experience, we conducted a One-Way ANOVA with
these four sub-groups as between-subject factors and with play-
ers’ experience as the dependent measures. From the results of the
One-Way ANOVA, it was evident that there was a signicant main
eect of tailoring on player experience (F(1,98)
=
3.905, p
=
0.011) for
the Perceived Choice construct. The post hoc pairwise comparisons
showed that for the Perceived Choice construct of Player Experience
(IMI), the tailored versions of the game performed better (p
=
0.019,
p = 0.032) than the non-tailored versions (p > 0.05).
4.6 Thematic Analysis of Interview Data
We interviewed a total of 25 participants from across the four in-
tervention groups (promotion focused tailored (n
=
5), promotion
focused non-tailored (n
=
7), prevention focused tailored (n
=
6),
prevention focused non-tailored (n
=
7)) after the post-study survey
to learn more about their gameplay experience and their opinions
about smartphone security. The interview was optional and was
audio recorded with the participant’s consent through Microsoft
teams. Among the participants who opted for the optional interview,
25 participants were randomly invited from the four intervention
groups and the average duration of the semi-structured interviews
was about 30 minutes. We then transcribed the interview data using
Microsoft teams and conducted a thematic analysis [
16
] using an
anity diagram with Miro boards [
113
]. The coding process was
carried out by the primary researcher followed with a review of
the codes by two other researchers. Some of the sample interview
questions are given below:
1)
What was your rst impression when you opened the game?
2)
Can you tell me about how the game tries to teach about
smartphone security?
3)
Which specic security or privacy concept stood out for you
in the game?
4) What do you think about the game’s diculty?
Ten main themes emerged from the thematic analysis with a
few other sub-themes. The 10 main themes were – Liking – Game
Aesthetics and Nostalgia, Positive and Negative Aspects of Game Con-
trols, Security and Privacy Factors, Motivation to Play, That’s Enough
For Today!, Finding Hidden Areas, In-game Quizzes, Minor Usability
Issues, Nit Pick by Players, Ouch..that hurts! (Game Diculty). Some
of the key themes are discussed further.
4.6.1 Liking - Game Aesthetics and Nostalgia. When players were
asked about their rst impression of the game, 21 players mentioned
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
Table 13: Sample comments that highlight the benets of tailoring for security behaviour
Groups Sample Comments
Promotion focus – tailored
“I was not aware about the banking app and public wi scenario. . . and that was a good one” – P13
“For instance, the backup and public Wi-Fi scenario quizzes were direct real time examples that I was able to
relate to. . . ” – P75
Prevention focus – tailored
“. . .I liked the overall concept of combining multiple concepts like hiding Bluetooth to not downloading 3rd
party apps. I like range of security concepts included in the game.” – P66
Promotion focus –
“I had to read through the choices and it made a big pause in the game
. . .
Considering the game play time, it
non-tailored was a bit long” – P3
Prevention focus –
“
. . .
I also saw the recommendation of VPN, but when I was watching youtube videos, they push these things so
non-tailored
much that they are being overhyped. Youtubers don’t have computer science background but they say all kinds
of things to promote products.” -P88
the game’s aesthetics and how it reminded them of the games that
they played during their childhood. This reinforces our design deci-
sion of building a retro-style 2-D game that is familiar to a broader
audience A familiar game might reduce the game’s learning curve,
and this would make it easy for players to concentrate on the game
content rather than guring out what to do in the game. As men-
tioned before, existing research has shown that nostalgia is directly
impacted by past memories, and satisfaction of competence, espe-
cially with retro games that focus on challenges and fast gameplay
[
98
]. Some of the sample comments from the participants are shown
below.
“
. . .
I liked the way the story was laid out
. . .
the graph-
ics were really good, and it was a smooth experience.
There were no crashes in the game, and it was a pleas-
ant experience going through the game. I am picky
about what I play, and this game was up to the mark.”
– P98.
“I liked the UI, it was similar to Mario, and the controls
were simple. It was very easy to use
. . .
the best part
is you get to learn about security features also.” – P84
“When I started playing the game, it looked very fa-
miliar, like contra, which you might have played, and
super mario.” – P74.
4.6.2 Security and Privacy Factors. When the participants were
asked about smartphone security and how the game educates about
smartphone security, ve sub-themes emerged for security. Users
were interested in learning about various facets of smartphone
security and privacy (learning about security & privacy). They had
their own favourite security & privacy recommendations, and they
were keen on recommending safe practices to others. For instance,
14 users said that they were already aware of some of the exist-
ing safe practices for smartphone security & privacy, and users’ past
experiences. A total of 23 players mentioned that they learnt new
information and tried out a few of the suggestions that they learned
from the game in the real world while 12 users specied that they
had experience with malware or were already aware of security.
Hence, they found this game to be a good reinforcement or a re-
minder. Past experience might motivate them to take precautionary
measures prudently, and research has shown that individuals who
try to averse regret are more likely to make secure decisions to
avoid negative consequences [
92
]. Fourteen (14) Participants also
mentioned that they would recommend this game to other peo-
ple realizing the importance of smartphone security. Some of the
sample player comments are outlined below:
“I am a computer science student, and I am aware
of what to do. The risks I take are intentional and
not using a VPN is more of a technical decision than
security
. . .
I’d say this game helped in reinforcing
what I already know.” – P15
“
. . .
I liked the overall concept of combining multiple
concepts like hiding Bluetooth to not downloading 3
rd
party apps. I like a range of security concepts included
in the game.” – P66
“I was not aware of the banking app and public wi
scenario. . . , that was a good one” – P13
4.6.3 Finding Hidden Areas. All the 12 players who uncovered hid-
den areas liked nding them and some of the players had their own
suggestions. Hidden areas can be classied under the foreshadowing
2D level design pattern [
49
]. As mentioned before, these visual cues
create a sense of uncertainty called perpetual curiosity [
90
] that
leads to increased attention to the game. This design pattern has
been used across various popular games for a long time. The sample
comments for this theme are outlined below:
“As I was playing, I saw something like a diamond
hidden behind another object. You really had to pay
attention to note these things. The badges also made
me aware that there were hidden areas.” – P13
“There were some hidden areas which I found interest-
ing. Sometimes I nd a way to reach them, but most
of the time, I can see an area above me but I didn’t
know how to reach it” – P28
4.6.4 In-Game Qizzes. Among the participants who were inter-
viewed, 21 players liked the in-game quizzes and mentioned that
they were a nice alternative feature in the game. These in-game
quizzes covered other smartphone security scenarios/issues, and
appropriate feedback was given to the players for each option. The
in-game quizzes were shown to the players when they encounter
an NPC who needs help with their smartphone issue. The sample
comments for this theme are outlined below:
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
“I love the quizzes, honestly, it’s the part I love about
the game. After playing the game you kind of have
this pause that helps you
. . .
this was a contrasting
activity that intriguing for me” – P46
“The quizzes directly relate to real-world
scenarios
. . .
(explains backup scenarios and public
Wi-Fi scenario)
. . .
those real-time examples were
nice.”- P57
“
. . .
they added a dierent level of depth to the game.
Having this switch from the game engaged me
dierently.”- P7
4.6.5 Ouch..That hurts! (Game Dificulty). The game’s diculty
was mentioned at various moments during the interview. Users’
perceived diculty might be helpful for a designer to balance the
game or conrm their game design. From the feedback of 22 partici-
pants, two major themes for diculty emerged -what was dicult?
And Diculty feels good. It was evident that the players felt that
level three (3) was harder than the other two levels, and most of
them enjoyed various aspects of the game’s diculty. The sample
comments of the participants for this theme are given below:
“I liked the game’s diculty. I think the levels had incre-
mental diculty and I improved playing as I progressed
in the game.” – P98.
“It is challenging yet the right amount of diculty. The
rst 2 levels were ne, the third level was a bit dicult,
but I did enjoy it.” – P69.
Overall, we uncovered various insights about aspects of the game
from the results of the thematic analysis, and some of these were in
line with our quantitative results. The participant’s feedback sheds
light on various positive aspects of the persuasive game and how it
educates the users about secure smartphone behaviour. This shows
that several aspects of the persuasive game indeed inuence how
users perceive the game and learn from it.
5 DISCUSSON
In the recent past, persuasive games have been tailored to bring
forth a positive behaviour change in players. Various theories have
been used for tailoring digital applications. For example, according
to the Transtheoretical model (TTM) [
59
,
60
,
77
], a person might be
at their early stage of behaviour change or later stage of behaviour
change. Mulchandani et al.[
60
] tailored a persuasive game accord-
ing to TTM, to motivate users in the early stages, and later stages
toward adopting COVID-19 precautionary measures. Another ex-
ample is the BrainHex player satisfaction model [
63
,
73
], which
outlines seven types of players’ playstyle, namely, seeker, survivor,
daredevil, mastermind, conqueror, socializer and achiever. Orji et al.
[
72
] tailored a game for healthy eating using the BrainHex model
to promote healthy eating behaviour. Choosing a behaviour theory
for tailoring is an important step in the process of tailoring digital
applications.
For our persuasive game, we tailored it using the Regulatory Fo-
cus Theory [
22
,
40
], a goal pursuit theory that emphasizes the mo-
tivational orientation of the users and how they pursue their goals
accordingly. The theory states that people try to reach their goals
according to their predominant motivational orientation, which
could be either Promotion Focus or Prevention Focus. Throughout
one’s lifetime, people are predominantly promotion focused or pre-
vention focused, and hence adapt to one of the focuses while trying
to reach a goal [
22
,
40
]. When a person tries to reach a goal be-
cause of the advancement or accomplishment that they might get
out of performing the task, they are considered to be promotion
focused. Promotion focused people might often take an eager means
(proactively trying to achieve positive outcomes) to achieve their
goal whereas, a Prevention focused individual might take a vigilant
means (proactively trying to avoid negative outcomes) to achieve
their goal.
Based on our results, the benets of tailoring were evident for
the security behaviour. We found evidence to support our hypoth-
esis that players who played the game tailored according to their
motivational orientation had a signicant improvement in security
behaviour over time compared to those who played the non-tailored
version of the game. These results are similar to previous studies
(both in the domain of games for change and health interventions)
that employed Regulatory Focus Theory and found that tailoring
the intervention according to users’ motivational orientation per-
suaded them toward their goals [
30
,
39
,
52
,
53
]. From the results,
it was also evident that tailoring the game increases play experi-
ence, specically, the players’ Perceived Choice. This suggests that
players preferred the tailored version because it gives them a sense
of choice compared to the non-tailored version. Players preferred
the tailored version over the non-tailored version of the game even
though they enjoyed both game versions. Existing research shows
that players tend to put more eort into their preferred games [
69
]
compared to the games that do not appeal to them. This might
increase the number of times the player plays the game, which
might lead to better in-game performance and improve the player’s
understanding of the game [
25
]. Given the number of games in the
market and the plethora of choices available for players, players
might be used to playing games of dierent genres, and everyone
might have their own nitpicks with each game. Tailoring games
with a behaviour theory allows the designers to adjust the game
design according to various parameters, which might lead to a con-
siderable increase in the perceived choice of players and improve
their overall playing experience. Overall, the results of the Evalua-
tion Study showed that tailoring the game according to the player’s
motivational orientation was indeed benecial for improving the
users’ secure smartphone behaviour. There are only a handful num-
ber of games that leverage Regulatory Focus Theory [
30
,
39
,
44
,
53
],
and this work is a step toward adding valuable results and insights
to both theory and practice.
5.1
Implications for Persuasive Game Designers
We believe that our persuasive game is benecial for improving
secure smartphone behaviour, and the results show that tailoring
the game has considerable benets over a one-size-ts-all approach.
Here, we share some of the key design implications of our research.
Designing a retro-themed game puts the players at ease and
reduces the overhead required to learn about a new gameplay style.
From the thematic analysis of our qualitative study, it was evident
that players were able to relate the retro-style game design with
their past game experiences and felt nostalgic. This was also evident
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
from the user’s qualitative feedback -“It had a sort of pacman vibe
to it and for me, I liked the aesthetics of it as it was very crisp, and I
had a positive feeling while pressing the buttons”. – P1. This feeling
of nostalgia puts the player at ease, and recent research has shown
that this increases the player’s competence and is in line with the
Self-Determination Theory [
98
]. Thus, our design decision of a
retro game based on similar games from the past eventually paid
o.
Introducing various game mechanics in a contextual man-
ner (e.g.: In-game Quizzes, hidden areas) oers the players a break
from the monotonous gameplay and keeps them engaged. For ex-
ample, hidden areas in a game will increase the players’ curiosity
and motivate them to explore the game. These minor visual cues for
the hidden areas in the game create a knowledge gap or a sense of
suspicion that invokes the player’s perpetual curiosity [
90
], leading
to an increased engagement with the game that motivates them to
explore further. This is also evident from the user interviews – “The
frog and other small characters ask for help in the form of quizzes
. . .
those were cool
. . .
whether it is to take regular backup or using VPN,
the quizzes were a good change and very informative” – P99. Another
user mentioned “I saw a place with a gem, and I wanted to go there.
When I tried to access it, it popped me to another place that I was not
able to reach initially.” – P59. This design decision of adding hidden
areas was one among the six 2D level design patterns, which shows
that the design patterns are helpful for designing interesting levels
and for keeping the players motivated.
Including contextual real-world scenarios often helps the
user to relate to the content easily. In our game, we included in-game
quizzes for various security and privacy issues, with an NPC to
simulate real-world issues to keep it interesting and contextual. This
helps the user to relate the content with their own experience and
reect upon those experiences up to some extent. This is evident
from some of the user feedback from our research -“The game
characters ask me simple security questions and this way the game
lets me know how to behave in certain situations. These questions
sort of covered real-life scenarios and teaches us how to react to these
situations.” – P15. Existing research shows that users are prone to
making biased decisions based on their past behaviour and use it
as a heuristic for their future decision-making process. Providing
feedback on their past behaviour often makes them think about their
future decision-making process [
3
]. Eventually, the users would
be able to anticipate such security or privacy incidents and take
precautions accordingly [92].
Finally, it is not surprising that dierent users are motivated
for dierent reasons, by various features. A user who is motivated
to explore or learn more about a specic concept might not be
motivated to compete with other users in the same persuasive game
[
25
]. Tailoring the game according to the players’ motivational
orientation using Regulatory Focus Theory increased users’
secure smartphone behaviour levels and improved the perceived
choice of the players. Tailoring the game according to the players’
motivational orientation might be helpful to uncover various eects
of other persuasive strategies for further tailoring of persuasive
games.
6 LIMITATIONS AND FUTURE WORK
Surveys are widely used across various research domains, and it
is one of the most common methods in HCI research. We con-
ducted the experiments as remote in-the-wild studies, and hence,
the surveys were self-administered online. All the survey data were
self-reported by the users, and a limitation here is the possibility
of participants’ bias. For the choice of the game platform, we fo-
cused on the Android phone. Although Android is regarded as less
secure compared to iOS, Android has an overall higher market
share [
1
,
2
,
58
], although iOS has a higher market share in North
America. Creating another game for both operating systems might
be a better solution as part of future work that would cover a wider
audience (only the permissions would change between iOS and
Android). From the survey, it was evident that, apart from smart-
phones, players also frequently played PC games and console games.
Considering the ubiquitous nature of games, it might be wise to roll
out the persuasive game for various devices like PC and Consoles
to educate a wide range of audiences. As part of our future work,
we plan to run a longitudinal study with a larger sample size, and
the duration of the study would be 3+ months. There would be at
least three points of data collection during the study. This might
help uncover various other security and privacy issues, and one
can monitor the participant’s secure smartphone behaviour over a
long period.
Our work can also be extended to other domains like mental
wellness. Recent research [
45
] has shown that people who were
not addicted to the Internet were aware of the secure smartphone
behaviour in a social aspect, and people who showed moderate
to severe depression symptoms performed better on the technical
aspects of smartphone security. This might be a new avenue for
tailoring gamied interventions according to specic mental health
issues. Our game could be tailored for various mental health indica-
tors in order to improve user awareness about secure smartphone
behaviour.
7 CONCLUSION
This research is a signicant and fruitful contribution to the eld of
HCI, specically Persuasive Technology for Security and Privacy.
This work shows how to design and tailor a persuasive game ac-
cording to the user’s motivational orientation (using Regulatory
Focus Theory) to motivate them to follow secure smartphone be-
haviour. The tailored versions of the game signicantly improved
the player’s security behaviour compared to the non-tailored ver-
sion of the game. Looking at the players’ perceived choice of game,
it was evident that they preferred the game tailored to their motiva-
tional orientation type. The overall player experience scores show
that the game is highly persuasive, and this is also supported by the
feedback collected from user interviews. Our work is a rst step
toward successfully tailoring a persuasive game for smartphone
security and utilizes validated scales to measure the user’s secure
smartphone behaviour.
ACKNOWLEDGMENTS
This research was undertaken, in part, thanks to funding from the
Canada Research Chairs Program. We acknowledge the support of
the Natural Sciences and Engineering Research Council of Canada
CHI ’23, April 23–28, 2023, Hamburg, Germany Anirudh Ganesh et al.
(NSERC) through the Discovery Grant. The research is conducted
as part of the Dalhousie Persuasive Computing Lab.
REFERENCES
[1]
Mohd Shahdi Ahmad, Nur Emyra Musa, Rathidevi Nadarajah, Rosilah Has-
san, and Nor Eendy Othman. 2013. Comparison between android and iOS
Operating System in terms of security. In 2013 8th International Conference on
Information Technology in Asia - Smart Devices Trend: Technologising Future
Lifestyle, Proceedings of CITA 2013. https://doi.org/10.1109/CITA.2013.6637558
[2]
Fattoh Al-Qershi, Muhammad Al-Qurishi, Sk Md Mizanur Rahman, and Atif
Al-Amri. 2014. Android vs. iOS: The security battle. In 2014 World Congress on
Computer Applications and Information Systems, WCCAIS 2014. https://doi.org/
10.1109/WCCAIS.2014.6916629
[3]
Dolores Albarracín and Robert S. Wyer. 2000. The Cognitive Impact of Past
Behavior: Inuences on Beliefs, Attitudes, and Future Behavioral Decisions.
Journal of personality and social psychology 79, 1: 5. https://doi.org/10.1037/0022-
3514.79.1.5
[4]
Felwah Alqahtani, Sandra Meier, and Rita Orji. 2021. Personality-based approach
for tailoring persuasive mental health applications. User Modeling and User-
Adapted Interaction: 1–43. https://doi.org/10.1007/s11257-021- 09289-5
[5]
Mohd Anwar, Wu He, Ivan Ash, Xiaohong Yuan, Ling Li, and Li Xu. 2017.
Gender dierence and employees’ cybersecurity behaviors. Computers in Human
Behavior 69: 437–443. https://doi.org/10.1016/j.chb.2016.12.040
[6]
Maria Bada, Angela M. Sasse, and Jason R.C. Nurse. 2015. Cyber Security Aware-
ness Campaigns: Why do they fail to change behaviour? In International Con-
ference on Cyber Security for Sustainable Society, 2015. Retrieved March 6, 2021
from http://arxiv.org/abs/1901.02672
[7]
Mehrdad Bahrini, Marcel Meissner, Rainer Malaka, Nina Wenig, and Karsten
Sohr. 2019. HappyPerMi: Presenting critical data ows in mobile application
to raise user security awareness. Conference on Human Factors in Computing
Systems - Proceedings, April. https://doi.org/10.1145/3290607.3312914
[8]
Mehrdad Bahrini, Georg Volkmar, Jonas Schmutte, Nina Wenig, Karsten Sohr,
and Rainer Malaka. 2019. Make my phone secure! Using gamication for mobile
security settings. ACM International Conference Proceeding Series: 299–308. https:
//doi.org/10.1145/3340764.3340775
[9]
René van Bavel, Nuria Rodríguez-Priego, José Vila, and Pam Briggs. 2019. Using
protection motivation theory in the design of nudges to improve online security
behavior. International Journal of Human Computer Studies 123: 29–39. https:
//doi.org/10.1016/j.ijhcs.2018.11.003
[10]
Max V Birk, Cheralyn Atkins, Jason T Bowey, and Regan L Mandryk. 2016.
Fostering Intrinsic Motivation through Avatar Identication in Digital Games.
https://doi.org/10.1145/2858036.2858062
[11]
Ron Bitton, Kobi Boymgold, Rami Puzis, and Asaf Shabtai. 2020. Evaluating the
Information Security Awareness of Smartphone Users. In Conference on Human
Factors in Computing Systems - Proceedings (2020), 1–13. https://doi.org/10.1145/
3313831.3376385
[12]
Ron Bitton, Andrey Finkelshtein, Lior Sidi, Rami Puzis, Lior Rokach, and Asaf
Shabtai. 2018. Taxonomy of mobile users’ security awareness. Computers and
Security 73: 266–293. https://doi.org/10.1016/j.cose.2017.10.015
[13]
Marcela C.C. Bomm, Sharon I. Kirkpatrick, Lennart E Nacke, and James R. Wal-
lace. 2020. Food Literacy while Shopping: Motivating Informed Food Purchasing
Behaviour with a Situated Gameful App. In Conference on Human Factors in
Computing Systems - Proceedings. https://doi.org/10.1145/3313831.3376801
[14]
Marcela C.C. Bomm and James R. Wallace. 2018. Pirate bri’s grocery adventure:
Teaching food literacy through shopping. Conference on Human Factors in Com-
puting Systems - Proceedings 2018-April: 1–6. https://doi.org/10.1145/3170427.
3188496
[15]
Amiangshu Bosu, Fang Liu, Danfeng Daphne Yao, and Gang Wang. 2017. Collu-
sive data leak and more: Large-scale threat analysis of inter-app communications.
In ASIA CCS 2017 - Proceedings of the 2017 ACM Asia Conference on Computer
and Communications Security, 71–85. https://doi.org/10.1145/3052973.3053004
[16]
Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychol-
ogy. Qualitative Research in Psychology 3, 2: 77–101. https://doi.org/10.1191/
1478088706QP063OA
[17]
Frank Breitinger, Ryan Tully-Doyle, and Courtney Hassenfeldt. 2020. A survey
on smartphone user’s security choices, awareness and education. Computers
and Security 88. https://doi.org/10.1016/j.cose.2019.101647
[18]
Marcus Butavicius, Kathryn Parsons, Malcolm Pattinson, and Agata McCormac.
2015. Breaching the human rewall: Social engineering in phishing and spear-
phishing emails. In ACIS 2015 Proceedings - 26th Australasian Conference on
Information Systems, 1–10.
[19]
Feren Calderwood and Iskra Popova. 2019. Smartphone cyber security awareness
in developing countries: A case of Thailand. In Lecture Notes of the Institute
for Computer Sciences, Social-Informatics and Telecommunications Engineering,
LNICST, 79–86. https://doi.org/10.1007/978-3- 030-05198-3_7
[20]
Joseph Cesario, Heidi Grant, and E Tory Higgins. 2004. Regulatory Fit and
Persuasion: Transfer From “ Feeling Right .” Journal of Personality and Social
Psychology 86, 3: 388–404. https://doi.org/10.1037/0022-3514.86.3.388
[21]
Joseph Cesario and E. Tory Higgins. 2008. Making message recipients “feel
right”: How nonverbal cues can increase persuasion. Psychological Science 19, 5:
415–420. https://doi.org/10.1111/j.1467-9280.2008.02102.x
[22]
Joseph Cesario, E. Tory Higgins, and Abigail A. Scholer. 2008. Regulatory
Fit and Persuasion: Basic Principles and Remaining Questions. Social and
Personality Psychology Compass 2, 1: 444–463. https://doi.org/10.1111/j.1751-
9004.2007.00055.x
[23]
Rachel Chambers, Lauren Tingey, Britta Mullany, Sean Parker, Angelita Lee,
and Allison Barlow. 2016. Exploring sexual risk taking among American Indian
adolescents through protection motivation theory. AIDS Care - Psychological
and Socio-Medical Aspects of AIDS/HIV 28, 9: 1089–1096. https://doi.org/10.1080/
09540121.2016.1164289
[24]
Aditya Chand, Monica Gonzalez, Julian Missig, Purin Phanichphant, and Pen Fan
Sun. 2006. Balance pass: Service design for a healthy college lifestyle. Conference
on Human Factors in Computing Systems - Proceedings: 1813–1818. https://doi.
org/10.1145/1125451.1125795
[25]
Ching Huei Chen, Victor Law, and Kun Huang. 2019. The roles of engagement
and competition on learner’s performance and motivation in game-based science
learning. Educational Technology Research and Development 67, 4: 1003–1024.
https://doi.org/10.1007/s11423-019- 09670-7
[26]
Tianying Chen, Laura Dabbish, and Jessica Hammer. 2019. Self-ecacy-based
game design to encourage security behavior online. In Conference on Human
Factors in Computing Systems - Proceedings, 1–6. https://doi.org/10.1145/3290607.
3312935
[27]
Zhi-Hong Chen, Howard Hao, Jan Chen, and Wan-Jhen Dai. 2018. Using
Narrative-based Contextual Games to Enhance Language Learning: A Case
Study. Source: Journal of Educational Technology & Society 21, 3: 186–198.
[28]
Luca Chittaro and Riccardo Sioni. 2015. Serious games for emergency prepared-
ness: Evaluation of an interactive vs. a non-interactive simulation of a terror
attack. Computers in Human Behavior 50: 508–519. https://doi.org/10.1016/j.chb.
2015.03.074
[29]
Scott M. Debb and Marnee K. Mcclellan. 2021. Perceived Vulnerability As a
Determinant of Increased Risk for Cybersecurity Risk Behavior. Cyberpsychology,
Behavior, and Social Networking 24, 9: 605–611. https://doi.org/10.1089/cyber.
2021.0043
[30]
Maha Elgarf, Natalia Calvo-Barajas, and Ana Paiva. 2021. Reward seeking or loss
aversion? impact of regulatory focus theory on emotional induction in children
and their behavior towards a. In Conference on Human Factors in Computing
Systems - Proceedings. https://doi.org/10.1145/3411764.3445486
[31]
Luciano Gamberini, Nicola Corradi, Luca Zamboni, Michela Perotti, Camilla
Cadenazzi, Stefano Mandressi, Giulio Jacucci, Giovanni Tusa, Anna Spagnolli,
Christoer Björkskog, Marja Salo, and Pirkka Aman. 2011. Saving is Fun: De-
signing a Persuasive Game for Power Conservation. Retrieved December 23,
2021 from www.energyawareness.eu
[32]
Anirudh Ganesh, Chinenye Ndulue, and Rita Orji. 2021. PERMARUN- A Per-
suasive Game to Improve User Awareness and Self-Ecacy towards Secure
Smartphone Behaviour. Conference on Human Factors in Computing Systems -
Proceedings. https://doi.org/10.1145/3411763.3451781
[33]
Anirudh Ganesh, Chinenye Ndulue, and Rita Orji. 2021. The design and devel-
opment of mobile game to promote secure smartphone behaviour. In CEUR
Workshop Proceedings, 73–87.
[34]
Anirudh Ganesh, Chinenye Ndulue, and Rita Orji. 2022. Smartphone Security
and Privacy – A Gamied Persuasive Approach with Protection Motivation
Theory. In International Conference on Persuasive Technology, 89–100. https:
//doi.org/10.1007/978-3- 030-98438-0_7
[35]
C. J. Gokul, Sankalp Pandit, Sukanya Vaddepalli, Harshal Tupsamudre, Vi-
jayanand Banahatti, and Sachin Lodha. 2018. Phishy - A serious game to train
enterprise users on phishing awareness. In CHI PLAY 2018 - Proceedings of the
2018 Annual Symposium on Computer-Human Interaction in Play Companion
Extended Abstracts, 169–181. https://doi.org/10.1145/3270316.3273042
[36]
Mark Gondree, Zachary N.J. Peterson, and Tamara Denning. 2013. Security
through play. IEEE Security and Privacy 11, 3: 64–67. https://doi.org/10.1109/
MSP.2013.69
[37]
Jihae Han. ChemCraf: A Ludic Approach to Educational Game Design Figure 1:
Title screen of ChemCraf, an adventure game for higher-level chemistry KEY-
WORDS Game Design, Educational Games, User Experience, Human-Computer
Interaction. https://doi.org/10.1145/3411763.3451854
[38]
Helen Ai He, Saul Greenberg, and Elaine M. Huang. 2010. One size does not t
all: Applying the transtheoretical model to energy feedback technology design.
Conference on Human Factors in Computing Systems - Proceedings 2: 927–936.
https://doi.org/10.1145/1753326.1753464
[39]
Carrie Heeter, Yu-Hao Lee, Brian Magerko, Carrie Cole, and Ben Medler. 2012.
Regulatory Focus and Serious Games: A Quasi-Experimental Study. Retrieved
March 3, 2022 from http://gel.msu.edu/playertypes
[40]
E. Tory Higgins. 1998. Promotion and Prevention: Regulatory Focus as A Mo-
tivational Principle. Advances in Experimental Social Psychology 30, C: 1–46.
https://doi.org/10.1016/S0065-2601(08)60381- 0
Tailoring a Persuasive Game to Promote Secure Smartphone Behaviour CHI ’23, April 23–28, 2023, Hamburg, Germany
[41]
E. Tory Higgins. 1998. Promotion and Prevention: Regulatory Focus as A Mo-
tivational Principle. Advances in Experimental Social Psychology 30, C: 1–46.
https://doi.org/10.1016/S0065-2601(08)60381- 0
[42]
E. Tory Higgins, Ronald S. Friedman, Robert E. Harlow, Lorraine Chen Idson,
Ozlem N. Ayduk, and Amy Taylor. 2001. Achievement orientations from sub-
jective histories of success: Promotion pride versus prevention pride. European
Journal of Social Psychology 31, 1: 3–23. https://doi.org/10.1002/ejsp.27
[43]
E. Tory Higgins, Emily Nakkawita, and James F. M. Cornwell. 2020. Beyond
outcomes: How regulatory focus motivates consumer goal pursuit processes.
Consumer Psychology Review 3, 1: 76–90. https://doi.org/10.1002/arcp.1052
[44]
Shu-Hsun Ho, Chutinon Putthiwanit, and Chia-Ying Lin. 2011. May I continue
or should I stop? The eects of regulatory focus and message framings on video
game players’ self control. International Journal of Business and Social Science 2,
12: 194–200. Retrieved March 3, 2022 from www.ijbssnet.com
[45]
Hsiao Ying Huang, Güliz Seray Tuncay, Soteris Demetriou, Carl A Gunter, Rini
Banerjee, and Masooda Bashir. 2020. Smartphone Security Behavioral Scale: A
New Psychometric Measurement for Smartphone Security. arXiv.
[46]
Stephen Hutt, James R Brockmole, Kristina Krasich, and Sidney K D. Breaking
out of the Lab: Mitigating Mind Wandering with Gaze-Based Attention-Aware
Technology in Classrooms; Breaking out of the Lab: Mitigating Mind Wandering
with Gaze-Based Attention-Aware Technology in Classrooms. https://doi.org/
10.1145/3411764.3445269
[47]
Maurits Kaptein, Boris De Ruyter, Panos Markopoulos, and Emile Aarts. 2012.
Adaptive persuasive systems: a study of tailored persuasive text messages to
reduce snacking. ACM Transactions on Interactive Intelligent Systems 2, 2: 10–
1/25. https://doi.org/10.1145/2209310.2209313
[48]
Christine Keung, Alexa Lee, Shirley Lu, and Megan O’Keefe. 2013. BunnyBolt:
A mobile tness app for youth. ACM International Conference Proceeding Series:
585–588. https://doi.org/10.1145/2485760.2485871
[49]
Ahmed Khalifa, Fernando De Mesentier Silva, and Julian Togelius. 2019. Level
design patterns in 2D games. IEEE Conference on Computatonal Intelligence and
Games, CIG 2019-Augus. https://doi.org/10.1109/CIG.2019.8847953
[50]
Lenka Knapova, Agata Kruzikova, Lenka Dedkova, and David Smahel. 2021.
Who Is Smart with Their Smartphones? Determinants of Smartphone Security
Behavior. Cyberpsychology, Behavior, and Social Networking 24, 9: 584–592. https:
//doi.org/10.1089/CYBER.2020.0599/FORMAT/EPUB
[51]
Murat Koyuncu and Tolga Pusatli. 2019. Security Awareness Level of Smart-
phone Users: An Exploratory Case Study. Mobile Information Systems 2019.
https://doi.org/10.1155/2019/2786913
[52]
Angela Y Lee and Jennifer L Aaker. 2004. Bringing the Frame into Focus: The
Inuence of Regulatory Fit on Processing Fluency and Persuasion. Journal of
Personality and Social Psychology 86, 2: 205–218. https://doi.org/10.1037/0022-
3514.86.2.205
[53]
Yu Hao Lee, Carrie Heeter, Brian Magerko, and Ben Medler. 2013. Feeling right
about how you play: The eects of regulatory t in games for learning. Games
and Culture 8, 4: 238–258. https://doi.org/10.1177/1555412013498818
[54]
James C. Lester, Jonathan P. Rowe, and Bradford W. Mott. 2013. Narrative-
centered learning environments: A story-centric approach to educational games.
In Emerging Technologies for the Classroom: A Learning Sciences Perspective.
Springer New York, 223–237. https://doi.org/10.1007/978-1-4614- 4696-5_15
[55]
James E Maddux and Ronald W. Rogers. 1983. Protection motivation and self-
ecacy: A revised theory of fear appeals and attitude change. Journal of
Experimental Social Psychology 19, 5: 469–479. https://doi.org/10.1016/0022-
1031(83)90023-9
[56]
Yannic Meier, Johanna Schäwel, Elias Kyewski, and Nicole C Krämer. 2020.
Applying Protection Motivation Theory to Predict Facebook Users’ Withdrawal
and Disclosure Intentions. In ACM International Conference Proceeding Series,
21–29. https://doi.org/10.1145/3400806.3400810
[57]
Gaurav Misra, Nalin Asanka Gamagedara Arachchilage, and Shlomo Berkovsky.
2017. Phish Phinder: A Game Design Approach to Enhance User Condence
in Mitigating Phishing Attacks. Retrieved December 12, 2021 from http://arxiv.
org/abs/1710.06064
[58]
Ibtisam Mohamed and Dhiren Patel. 2015. Android vs iOS security: A com-
parative study. In Proceedings - 12th International Conference on Information
Technology: New Generations, ITNG 2015, 725–730. https://doi.org/10.1109/ITNG.
2015.123
[59]
Dinesh Mulchandani. 2021. Design and Evaluation of COVID Pacman–A Persua-
sive Game to Promote the Awareness and Adoption of COVID-19 Precautionary
Measures Tailored to the Stages of Change. Dalhousie University. Retrieved
March 4, 2022 from https://dalspace.library.dal.ca/handle/10222/80525
[60]
Dinesh Mulchandani, Alaa Alslaity, and Rita Orji. 2022. Exploring the eective-
ness of persuasive games for disease prevention and awareness and the impact
of tailoring to the stages of change. Human–Computer Interaction 37, 4: 1–35.
https://doi.org/10.1080/07370024.2022.2057858
[61]
Dinesh Mulchandani and Rita Orji. 2021. A Persuasive Game to Promote Aware-
ness and Adoption of COVID-19 Precautionary Measures. In UMAP 2021 -
Adjunct Publication of the 29th ACM Conference on User Modeling, Adaptation
and Personalization, 83–85. https://doi.org/10.1145/3450614.3461678
[62]
Florence Mwaka Mwagwabi. 2015. A Protection Motivation Theory Approach
to Improving Compliance with Password Guidelines.
[63]
Lennart E Nacke, Chris Bateman, and Regan L Mandryk. 2014. BrainHex: A
neurobiological gamer typology survey. Entertainment Computing 5, 1: 55–62.
https://doi.org/10.1016/j.entcom.2013.06.002
[64]
Emily Naul and Min Liu. 2020. Why Story Matters: A Review of Narrative
in Serious Games. Journal of Educational Computing Research 58, 3: 687–707.
https://doi.org/10.1177/0735633119859904
[65]
Chinenye Ndulue and Rita Orji. 2018. STD PONG: Changing risky sexual be-
haviour in Africa through persuasive games. In ACM International Conference
Proceeding Series, 134–138. https://doi.org/10.1145/3283458.3283463
[66]
Chinenye Ndulue and Rita Orji. 2021. Heuristic Evaluation of an African-centric
Mobile Persuasive Game for Promoting Safety Measures against COVID-19. In
ACM International Conference Proceeding Series, 43–51. https://doi.org/10.1145/
3448696.3448706
[67]
Chinenye Ndulue, Oladapo Oyebode, and Rita Orji. 2020. PHISHER CRUSH:
A Mobile Persuasive Game for Promoting Online Security. In Lecture Notes in
Computer Science (including subseries Lecture Notes in Articial Intelligence and
Lecture Notes in Bioinformatics), 223–233. https://doi.org/10.1007/978-3- 030-
45712-9
[68]
Chinenye Ndulue, Oladapo Oyebode, and Rita Orji. 2020. PHISHER CRUSH:
A Mobile Persuasive Game for Promoting Online Security. In Lecture Notes in
Computer Science (including subseries Lecture Notes in Articial Intelligence and
Lecture Notes in Bioinformatics), 223–233. https://doi.org/10.1007/978-3- 030-
45712-9_17
[69]
Domen Novak, Aniket Nagle, Urs Keller, and Robert Riener. 2014. Increasing
motivation in robot-aided arm rehabilitation with competitive and cooperative
gameplay. Journal of NeuroEngineering and Rehabilitation 11, 1: 1–15. https:
//doi.org/10.1186/1743-0003- 11-64
[70]
Shohana Nowrin and David Bawden. 2018. Information security behaviour of
smartphone users: An empirical study on the students of university of Dhaka,
Bangladesh. Information and Learning Science 119, 7–8: 444–455. https://doi.org/
10.1108/ILS-04- 2018-0029
[71]
Harri Oinas-Kukkonen and Marja Harjumaa. 2009. Persuasive systems design:
Key issues, process model, and system features. Communications of the Associa-
tion for Information Systems 24, 1: 485–500. https://doi.org/10.17705/1cais.02428
[72]
Rita Orji, Regan L. Mandryk, and Julita Vassileva. 2017. Improving the ecacy of
games for change using personalization models. ACM Transactions on Computer-
Human Interaction 24, 5. https://doi.org/10.1145/3119929
[73]
Rita Orji, Regan L. Mandryk, Julita Vassileva, and Kathrin M. Gerling. 2013.
Tailoring persuasive health games to gamer type. Conference on Human Factors
in Computing Systems - Proceedings: 2467–2476. https://doi.org/10.1145/2470654.
2481341
[74]
Rita Orji, Julita Vassileva, and Regan L. Mandryk. 2013. LunchTime: A slow-
casual game for long-term dietary behavior change. Personal and Ubiquitous
Computing 17, 6: 1211–1221. https://doi.org/10.1007/s00779-012- 0590-6
[75]
Brian Orland, Nilam Ram, Dean Lang, Kevin Houser, Nate Kling, and Michael
Coccia. 2014. Saving energy in an oce environment: A serious game interven-
tion. Energy and Buildings 74: 43–52. https://doi.org/10.1016/j.enbuild.2014.01.
036
[76]
Oladapo Oyebode, Anirudh Ganesh, and Rita Orji. 2021. TreeCare: Development
and Evaluation of a Persuasive Mobile Game for Promoting Physical Activity.
In IEEE Conference on Games.
[77]
Oladapo Oyebode, Chinenye Ndulue, and Dinesh Mulchandani. 2021. Tailoring
persuasive and behaviour change systems based on stages of change and mo-
tivation. In Conference on Human Factors in Computing Systems - Proceedings.
https://doi.org/10.1145/3411764.3445619
[78]
Oladapo Oyebode, Chinenye Ndulue, and Dinesh Mulchandani. 2021. Tailoring
persuasive and behaviour change systems based on stages of change and mo-
tivation. In Conference on Human Factors in Computing Systems - Proceedings.
https://doi.org/10.1145/3411764.3445619
[79]
Y. S. Poong, S. Yamaguchi, and J. Takada. 2015. Impact of learning content
on World Heritage Site preservation awareness in town of Luang Prabang,
Lao PDR: Application of protection motivation theory. In ISPRS Annals of the
Photogrammetry, Remote Sensing and Spatial Information Sciences, 251–256. https:
//doi.org/10.5194/isprsannals-II- 5-W3-251- 2015
[80]
Yew Siang Poong, Shinobu Yamaguchi, and Jun Ichi Takada. 2014. Persuasive
content development: Application of protection motivation theory in promoting
heritage site preservation awareness. In Conference on Human Factors in Comput-
ing Systems - Proceedings, 2437–2442. https://doi.org/10.1145/2559206.2581259
[81]
Feren CalderWood and Iskra Popova. 2019. Smartphone Cyber Security Aware-
ness in Developing Countries: A Case of Thailand. Department of Computer and
System Sciences, Stockholm University, Sweden: 58–68. https://doi.org/10.1007/
978-3- 030-05198-3
[82]
Raghu Raman, Athira Lal, and Krishnashree Achuthan. Serious Games based
approach to cyber security concept learning: Indian context. 3–7.
CHI ’23, April 23–28, 2023, Hamburg, Germany
[83]
George E Raptis and Christina Katsini. 2021. Beter, funner, stronger: A gameful
approach to nudge people into making less predictable graphical password
choices. In Conference on Human Factors in Computing Systems - Proceedings, 17.
https://doi.org/10.1145/3411764.3445658
[84]
Joel Reardon, Álvaro Feal, Amit Elazari, Bar On, Narseo Vallina-Rodriguez, and
Serge Egelman. 2019. 50 Ways to Leak Your Data: An Exploration of Apps’
Circumvention of the Android Permissions System. In Proceedings of the 28th
USENIX Security Symposium, 603–620. Retrieved January 19, 2021 from https:
//www.usenix.org/conference/usenixsecurity19/presentation/reardon
[85]
J. Lynn Reynolds. 2006. Measuring intrinsic motivations. Handbook of Research
on Electronic Surveys and Measurements, Imi: 170–173. https://doi.org/10.4018/
978-1- 59140-792-8.ch018
[86]
R Rogers W. 1983. Cognitive and physiological processes in fear appeals and atti-
tude change: a revised theory of protection motivation. Social Psychophysiology:
A Sourcebook, October 2014: 153–177.
[87]
Sam Scholeeld and Lynsay A Shepherd. 2019. Gamication Techniques for
Raising Cyber Security Awareness. In Lecture Notes in Computer Science (in-
cluding subseries Lecture Notes in Articial Intelligence and Lecture Notes in
Bioinformatics) (2019) 11594 LNCS 191-203.
[88]
Pintu Shah and Anuja Agarwal. 2020. Cybersecurity behaviour of smartphone
users in India: an empirical analysis. Information and Computer Security 28, 2:
293–318. https://doi.org/10.1108/ICS-04- 2019-0041
[89]
Michael Thomps and Cynthia Irvine. 2011. Active learning with the CyberCIEGE
video game. In 4th Workshop on Cyber Security Experimentation and Test, CSET
2011, 1–8.
[90]
Alexandra To, Sanah Ali, Geo Kaufman, and Jessica Hammer. 2016. Integrating
Curiosity and Uncertainty in Game Design. Proceedings of 1st International Joint
Conference of DiGRA and FDG: 1–16.
[91]
Unity. Unity Real-Time Development Platform | 3D, 2D VR & AR Engine. Re-
trieved December 4, 2020 from https://unity.com/
[92]
Silas Formunyuy Verkijika. 2018. Understanding smartphone security behav-
iors: An extension of the protection motivation theory with anticipated regret.
Computers and Security 77: 860–870. https://doi.org/10.1016/j.cose.2018.03.008
[93]
Patrickson Weanquoi, Jaris Johnson, and Jinghua Zhang. 2017. Using a game to
teach about phishing. SIGITE 2017 - Proceedings of the 18th Annual Conference on
Information Technology Education: 75. https://doi.org/10.1145/3125659.3125669
[94]
Devon Wemyss, Roberta Castri, Vanessa De Luca, Francesca Cellina, Evelyn
Lobsiger-kägi, Pamela Galbani Bianchi, and Christian Hertach. 2016. Keeping
up with the Joneses: examining community-level collaborative and competitive
game mecha .... BEHAVE 2016 - 4th European Conference on Behaviour and Energy
Eciency, September: 8–9. Retrieved from http://www.zhaw.chhttp//www.supsi.
ch
[95]
Zikai Alex Wen, Zhiqiu Lin, Rowena Chen, and Erik Andersen. 2019. What.Hack:
Engaging Anti-Phishing Training through a Role-playing Phishing Simulation
Game. Conference on Human Factors in Computing Systems - Proceedings: 1–12.
https://doi.org/10.1145/3290605.3300338
Anirudh Ganesh et al.
[96]
Primal Wijesekera, Arjun Baokar, Lynn Tsai, Joel Reardon, Serge Egelman, David
Wagner, and Konstantin Beznosov. 2017. The Feasibility of Dynamically Granted
Permissions: Aligning Mobile Privacy with User Preferences. Proceedings - IEEE
Symposium on Security and Privacy: 1077–1093. https://doi.org/10.1109/SP.2017.
51
[97]
Meredydd Williams, Jason R.C. Nurse, and Sadie Creese. 2019. (Smart)Watch
Out! encouraging privacy-protective behavior through interactive games. Inter-
national Journal of Human Computer Studies 132: 121–137. https://doi.org/10.
1016/j.ijhcs.2019.07.012
[98] Tim Wulf, Nicholas David Bowman, John A. Velez, and Johannes Breuer. 2018.
Once Upon a Game: Exploring Video Game Nostalgia and Its Impact on Well-
Being. Psychology of Popular Media Culture, October. https://doi.org/10.1037/
ppm0000208
[99]
Johnathan Yerby. 2014. Development Of Serious Games For Teaching Digital
Forensics. Issues in Information Systems 13, 2: 112–122.
[100]
Nima Zargham, Mehrdad Bahrini, Georg Volkmar, Karsten Sohr, Dirk Wenig,
and Rainer Malaka. 2019. What could go wrong? Raising mobile privacy and
security awareness through a decision-making game. CHI PLAY 2019 - Extended
Abstracts of the Annual Symposium on Computer-Human Interaction in Play:
805–812. https://doi.org/10.1145/3341215.3356273
[101]
Xiao Juan Zhang, Zhen Li, and Hepu Deng. 2017. Information security behaviors
of smartphone users in China: An empirical analysis. Electronic Library 35, 6:
1177–1190. https://doi.org/10.1108/EL-09- 2016-0183
[102]
Android | The platform pushing what’s possible. Retrieved May 19, 2021 from
https://www.android.com/intl/en_ca/
[103]
Manifest.permission_group | Android Developers. Retrieved December 3, 2020
from https://developer.android.com/reference/android/Manifest.permission_
group
[104]
Request app permissions | Android Developers. Retrieved January 2, 2021 from
https://developer.android.com/training/permissions/requesting
[105]
Android 12 Privacy & Security. Retrieved November 5, 2021 from https://www.
android.com/android-12/#a12-safe
[106]
Regulatory focus theory / Dr Simon Moss / -. Retrieved November 27, 2022 from
https://www.sicotests.com/newpsyarticle/Regulatory-focus-theory
[107]
Luang Prabang - Wikipedia. Retrieved February 7, 2022 from https://en.
wikipedia.org/wiki/Luang_Prabang
[108]
What even is a “retro game” anymore? Retrieved July 1, 2022 from https://www.
inputmag.com/gaming/what-even-is-a-retro-game-anymore
[109]
The ocial home of Super Mario
TM
– Home. Retrieved January 11, 2021 from
https://mario.nintendo.com/
[110]
Mega Man - Wikipedia. Retrieved November 6, 2021 from https://en.wikipedia.
org/wiki/Mega_Man
[111]
Draw Freely | Inkscape. Retrieved November 6, 2021 from https://inkscape.org/
[112]
Snowball sampling - Wikipedia. Retrieved July 1, 2022 from https://en.wikipedia.
org/wiki/Snowball_sampling
[113]
Miro | Online Whiteboard for Visual Collaboration. Retrieved November 21,
2022 from https://miro.com/app/dashboard/
[114]
2020. NSA Mobile Device Best Practices. https://doi.org/10.4324/9780429269110-11
