This article describes primarily the development and empiric validation of a design for security warning messages on
smartphones for primary school children (7-10 years old). Our design approach for security warnings for children uses a
specific character and is based on recommendations of a paediatrician expert. The design criteria are adapted to
children's skills, e.g. their visual, acoustic, and haptic perception and their literacy.
The developed security warnings are prototypically implemented in an iOS application (on the iPhone 3G/4G) where
children are warned by a simulated anti-malware background service, while they are busy with another task. For the
evaluation we select methods for empiric validation of the design approach from the field of usability testing ("think
aloud" test, questionnaires, log-files, etc.). Our security warnings prototype is evaluated in an empiric user study with 13
primary school children, aged between 8 and 9 years and of different gender (5 girls, 8 boys). The evaluation analysis
shows, that nearly all children liked the design of our security warnings. Surprisingly, on several security warning
messages most of the children react in the right way after reading the warning, although the meaning couldn't be
interpreted in the right way. Another interesting result is, that several children relate specific information, e.g. update, to
a specific character. Furthermore, it could be seen that most of the primary school test candidates have little awareness of
security threats on smartphones. It is a very strong argument to develop e.g. tutorials or websites in order to raise
awareness and teach children how to recognize security threats and how to react to them. Our design approach of
security warnings for children's smartphones can be a basis for warning on other systems or applications like tutorials,
which are used by children.
In a second investigation, we focus on webpages, designed for children since smartphones and webpages (the services
behind) are more and more interconnected. From this point of view those services should continue the securityapproaches
for children's smartphones. The webservices were evaluated among different criteria, e.g. data protection.
The results of a first investigation are reported in this paper.