Security indicators are the important elements of the user interface that allow you to verify that the page is secure. Indicators will notify users of the following:
- page uses SSL encryption;
- Website owned by a legal company;
- page uses an invalid certificate;
- page have certain unprotected elements.
Security indicators are required because encryption of the web site is optional, and browsers provide insufficient protection. Should all sites be encrypted, it would be simple enough to purchase EV-certificate.
The main issue with security indicators is that most users do not pay much attention to them. Many users simply ignore all these signs. Studies shown that people are rarely checking the browser address bar, preferring to focus on the content of the site. The reason behind this lies in the absence of coherence among the various browsers, and even among different versions of the same browser. Safety Indicators Guidelines do exist, however they are not specific. Common approach to security indicators do not exist.
During the early stages of the introduction of SSL, browser developers sought to educate users: if there is a lock in the address bar, then the site is secure. Some time later on, browser developers has began experimenting with the interface, making various changes with it.
Currently, the only factor that is consistently displayed by all browsers is the green bar for EV-certificates. All the major browsers are using it.
In regards to mobile platforms, situation could be even worse. Browser developers are trying to remove all interface elements, which in their point of view are superfluous – including safety indicators. As a result Secure Websites in mobile browsers could be very difficult to identify.
Overall, mobile users are more vulnerable to phishing attacks. Security of mobile applications is even more difficult to assess. All applications should be using secure protocols for backend, however it could be hard to verify it because there are no indicators confirming that. In summary, why should we believe them only on the basis of a lock symbol? Maybe they simply do not use any protection.