Learners’ Perception on Security Issues in m-learning (Nigerian Universities Case Study)

With the advent of modern technology, mobile phones and smartphones are used not only for calling and text messages but also for banking and social networking. Recent developments in technology have made the use of mobile devices feasible in other sectors such as education and government. While educators are using mobile devices as teaching aids, students are also using them as learning tools. In some cases the developers of mobile learning in universities are making m-learning apps without serious consideration for security aspects whereas the handheld devices pose a serious threat to confidentiality, integrity and privacy of users including the learners. As a case study, this paper investigates the security concerns that students may have with the introduction of m-learning in higher education institutions in Nigeria and how this impacts on their learning. It examines the effects of security threats in m-learning on students and provides recommendations for alleviating these threats.


Introduction
Traditional distance learning and e-learning have improved the quality of education by adding flexibility, comfortability and, at times, shortening the length of study (Beauchamp and Kennewell, 2010). While distance learning is mainly paper based, elearning is a digital platform for passing knowledge from instructors to their students as well as a medium that eases information dissemination among them. e-learning is a method of educational delivery via electronic media to boost the learner's knowledge, and learning skills. With the advent of emerging mobile technologies and maturity in elearning, the need to integrate mobile devices into learning is inevitable. Mobile-learning (m-learning) is an emerging innovation that is being integrated into distance and e-learning programmes to give a complete package of virtual education (Ozuorcun and Tabak, 2012). It is the delivery of educational material through mobile devices, such as personal digital assistants (PDAs), iPods, mobile phones, smartphones and tablets (Sitthiworachart and Joy, 2008).
The use of mobile devices in education is increasing due to the availability and affordability of mobile phones, smartphones and tablets. According to the Cisco report, by 2012, 7 billion mobile devices had been sold worldwide (Cisco, 2012). The main focus of m-learning is to utilise the substantial development in mobile technologies to the utmost advantage of the learners to improve their learning process and shorten the learning curve (Keegan, 2005). Another focal point of m-learning is to facilitate information sharing, which makes it possible for learners to interact with each other and share knowledge anytime. In an educational context, mobile phones are broadly used by students to access and support learning (Aderinoye et al., 2007) and many learners exploit the interactivity and sociability of web 2.0 technologies, such as wikis, online forums, blogs, image sharing and other social media in the area of arts and humanities.
M-learning also allows learners to communicate with their lecturers, as well as access learning content and resources, while on the move. Thus, students who use mobile technologies for learning are not only closer to their lecturers and tutors, but also in full control accessing learning content and instructions through their mobile devices. Therefore, one of the advantages of m-learning is that it gives learners a degree of liberty, freedom and independence in the course of learning (El-Hussein and Cronje, 2010). Although, Taleb and Sohrabi (2012) listed the educational uses of mobile devices by students to include; access to an online dictionary, message texting as well as for scientific calculations, the authors further attributed to Levy (2007) that students who use mobile technology devices have more motivation for learning than those who do not.
The use of mobile technologies by learners, however, has implications for security in term of integrity, confidentiality, and privacy of the users' data who are involved in the learning process. In this regard, learner records, e-portfolio data, assessment grades and feedback are some examples of sensitive information that need protecting when using mobile devices in education (Kambourakis, 2013). Therefore, the challenge is to safeguard what should be learnt in the lecture room, what should be learnt outside the classroom, and the methods in which connections between these two settings should be made (Hashemi et al., 2011). The issues examined in this paper are loss or theft of mobile device, unauthorised access, attack on m-learning system and denial of service.
Denial of service (DoS) is a form of attack in which users are deprived of the services of a resource they would normally expect to have. It is aimed at complete disruption of routing information which consequently affects the whole operation of wireless network and normally affects the availability of m-learning system. While these security challenges affect the use of mobile learning in Nigerian Higher Education Institutions (HEI) and the students' viewpoints on mobile devices for learning, this article examines the learners' perceptions on security issues that affect them in mobile learning.
The first section of this article is a review of related research on m-learning security. It summarises an existing study on m-learning security and evaluates the recommendations made in the literature. The second part discusses the research carried out on security issues that affect the use of m-learning in Nigeria from university students' perspective, and details the purpose of the research, the methodology and research questions. A brief overview of the analysis of the results of the research is presented in section three while section four gives a detailed discussion of the results gathered and statistical tests. The last part of this article highlights and discusses recommendations given to the security issues mentioned in the previous sections. The article concludes with problems encountered during the research and direction for future work in ensuring a robust and highly secure m-learning environment.

Literature Review
In as much as mobile devices have capabilities to motivate modern and innovative ways to learn; the security issues inherent in mobile devices are also transferable to mlearning. There are perceived risks, such as unauthorised interfering with the learning content and instructions. Educational institutions, educators and individual learners are also extremely concerned about the increasing threats to users' data security and privacy, since in most cases, learners are allowed to use their handheld devices to access learning content and materials. There are notable works on mobile learning and the learners' views on the use of m-learning, some of which are examined below. Zamzuri et al.,(2013) state that students are the biggest users of any modern learning system and they are concerned about their privacy and security when using the system.
Many learners are worried that their confidential information such as assessment results might be revealed to others. The authors propose that students' needs and views be considered in ensuring that the system is successfully implemented in any particular institution. Alwi and Ip-Shing (2009), who studied the perception of learners via elearning (of which m-learning is a subdivision), found that there are security threats in the online learning systems, and that reliable security management in e-learning is significant in securing the modern learning environment. These studies are more peculiar to an e-learning environment and apart from privacy issues, they did not state other security threats being faced by learners when using mobile devices for learning.
In a study conducted in Nigeria, Boyinbode and Akinyede (2008) indicate that mlearning is the gateway to e-learning for many Nigerian students and it has already started to play a vital role in e-learning in Nigeria by bringing e-learning to students in rural communities. Adedoja et al., (2012) stated that m-learning allows students to send and receive learning content that contains graphs, images, video and sounds, making it a platform to create reality and dynamism needed for effective learning. They remark that mobile technologies improve the productivity and efficiency of learners in Nigeria by delivering educational materials and support in real time and right context for their immediate needs, and conclude that having a good mobile technology infrastructure in the absence of other alternatives has made m-learning a good choice for Nigerian learners. Osang et al., (2013), however, argue that many learners using the wireless internet without any supervision or monitoring might lead them to join negative groups on social networks, which might threaten their personal safety and the security of their mobile devices. They cite prevalent kidnapping cases in the country, as well as the recently publicised death of a Nigerian student who was killed by kidnappers in a hotel where they arranged to meet via social media, vividly emphasizing the potential grave dangers unassuming people are exposed to in the hands of those who abuse the technology.
The results of the study conducted by Alzaza and Yaakub (2011) Rafiu et al., (2011) shows that learners in Nigerian universities are well prepared for mlearning as they have various types of mobile devices in their possession and demonstrated high level usage skills for successful implementation. While the studies examined above are relevant because they discuss students' views on m-learning, they do not highlight any security challenges the students are facing when using their mobile devices for learning purposes. This article aims to assess mobile learning security from the students' perceptions and examine the risks that might affect m-learning in HEIs in Nigeria as well as the perceived damaging effects to the students in case of a security breach. Taking this approach will not only remove the concerns that students are having regarding the security of m-learning but also enable them to take full advantage of mlearning for their education.

Research Questions
The purpose of this study is to provide answers to the following questions.

Methodology
This study employed a survey research approach using a sample population of students from three Universities in Nigeria. The data collection method involved delivering a set of questionnaires to 90 randomly selected students. The questionnaire comprised of 21 single and multiple choice questions divided into 4 sections. Section one was on demography and it collected personal information about the respondents. Questions in section two were concerned with the mobile devices used by the respondents and what type of activities they were being used for. Section three gathered data on m-learning awareness, the learning activities they were being used for and if m-learning improved Exchanges: the Warwick Research Journal, Vol. 2(1), October 2014 107 their learning skills and performance. Section four was based on the security aspects of m-learning. It obtained information about the importance students placed on the security of their device(s), i.e. their security concerns about m-learning. In addition to the perceived threats being analysed, section four was designed to assess if the security of their mobile device had previously been breached, how it was breached and the effect it had on them. This section concluded with how mobile learning security issues can be assessed and minimised. Only the demographic and mobile security parts were used for analysis in this article.
The questionnaires were distributed at core lectures during the first semester of the 2013/2014 session after ethical consent was sought and obtained for the survey through the authors' university (BSREC approval REGO-2013-472), and respondents to the questionnaire were assured anonymity. The data collected was analysed and presented using frequency distributions, pie charts, histograms and statistical tests. Figure 1 illustrates a summary of the demographic distribution of the study participants; responses came from 42 females (46.67%) and 48 males (53.33%). The largest numbers of participants were students in the age group 20 -25, which accounted for (60%).   This research question was designed to find out which security issues students are concerned about encountering when using their mobile devices for learning.
Approximately four out of ten of the participants (42.27%) agreed that theft is a concern when using mobile devices for learning while over half of the respondents (54.43%) said loss of mobile device is a concern to them. 81.11% indicated that colleagues and friends are likely to use their handheld device without their permission, which is a concern that may lead to unauthorised access. Nearly seven out of ten of the participants (67.78%) thought that virus or malware attacks are inevitable when using a mobile device for        Table 6: Demographic information on security effects based on age groups Figure 2 shows how important students take the security of their mobile devices.

Discussion
Cumulatively, almost all the respondents agreed that the security of their mobile devices is 'important' to them. This result suggests that many students take the security of their mobile devices seriously. Many reasons are given by the students for taking the security of their mobile device seriously, the first reason being that mobile phones and smartphones are considered to be valuable personal property, consequently they attempt keep them safe. Many learners use their handheld devices to exchange education-related messages and learning contents with classmates, search the internet and library databases for learning materials, and hold group discussions with classmates. Therefore, they believed that their mobile devices are vital to their academic success and they are mindful of the security of their mobile devices. Furthermore, many students also use their handheld devices as data storage, thus they have their personal information on them. Consequently, having mobile security awareness is an important aspect of protecting their privacy. This result is supported by the work of Kambourakis (2013) that discusses the security and privacy challenges of m-learning and suggests that learners are extremely concerned about the security and safety of the data they store on their mobile devices.  Access to information, group discussion as well as learning content and instructions may be disturbed through DoS if the network is penetrated. In addition, it is a threat that results from irregular power supply to mobile learning servers, which is common in developing countries. This study is supported by the findings of Osang et al.,(2013) in which 64% of the respondents identify that the poor power supply situation in the country is a barrier tom-learning. Furthermore, DoS may occur during scheduled or unscheduled downtime due to maintenance of network infrastructure, which can lead to loss of connectivity between mobile devices and servers. It can also be caused by physical attacks on network infrastructure on universities campuses, which are common, for example during student riots in some universities in developing countries such as Nigeria.
A statistical test for observable gender differences linked to the perceived students' security concerns were carried out using nonparametric Mann-Whitney U Test. The Uvalue was calculated as 15 and the critical value of U -5. Therefore, statistically significant gender difference does not exist at confidence interval of 0.050. Similarly, a test for observable age group differences linked to the perceived security concerns were carried out using Kruskal-Wallis Test for age group; there was no statistically significant age group difference at confidence interval of 0.050. Figure 4 analyses the perceived damaging effects to the students in the event of a security breach. 92.22% of the learners agreed that loss of confidential information is the most hurtful effect. This result is consistent with the work of Zamzuri et al., (2013), which states that one of the reasons why students reject online systems is due to security reasons because they are worried about the loss of their private and confidential information. The study also reveals that 70% of learners' feared loss of study hours and performance as consequences of a security breach in m-learning due to DoS, which is possible when learners view m-learning systems as a complement to the classroom and rely on it as one of their main learning platforms. This implies that non-availability for a long period of time will have adverse effects on learners' study hours, revision time and consequently their performance. This finding is in line with the work of Kukulska-Hulme et al.,(2009),which states that good m-learning improves learners' study retention and performances in their study. Therefore, learners need a reliable, highly available and dependable m-learning system to avoid being frustrated in the event of disconnection to the m-learning system, which can affect their study performance adversely. This raises the worry that students may be reluctant to fully engage with mlearning and therefore fail to realise the full potential of m-learning to their learning experience because of their concerns about loss of study hours and performance in the event of a security breach.
Half of the learners believed that they are likely to experience psychological disturbance if their personal information is leaked through a mobile device or m-learning system or if their privacy is infringed.
In uniformity with other research questions, the result was further analysed using chi- It should be noted that responses of the participants are limited to their experience and knowledge about m-learning and security issues surrounding m-learning environments as well as their mood when completing the questionnaire. The participants were asked to respond to the questions as practically as possible and to answer the questionnaire based on their view on m-learning.

Recommendations
Having discussed the issues pertaining to m-learning security as well as the damaging effects from learners' viewpoints, it is important to highlight possible suggestions and put in place strategies for alleviating these perceived security issues relating to mlearning systems, starting from the mobile devices and including the servers and network infrastructure, by engaging proper security procedures and policies.
The first task in alleviating security issues in relation to students' perceptions' of mlearning is to create awareness and information education about mobile security. This is imperative as our study revealed that, while most of the students considered the security of their mobile devices as very important or important, some of them do not. With adequate knowledge, learners will be more security conscious about the safety of their handheld devices. Being security conscious will make learners take proper care for their devices and help to alleviate their concerns of loss or theft of their device.
Similarly, security consciousness should be encouraged among learners who connect to educational resources while on the move using any free available WI-FI. While some students may not consider connection to free WI-FI a major security threat, in some cases it may pose significant risk and there is need to educate them on the dangers.
Furthermore, they should be aware of the credibility of the organisation providing the connection regarding the security and safety of free network facilitates before using it.
For example, connecting to an unsecured and unverified wireless infrastructure increases the chances of putting personal data at risk. Therefore, students should take note of the potential risks of automatically connecting to unknown free wireless access points, which may be intercepted or controlled by attackers and may lead to unauthorised access to their mobile device and learning materials stored in it.
Overcoming unauthorised access is possible by having robust access control mechanisms for authentication and authorisation before permission is given to access the device or view learning content and materials. Password lock or biometric access will prevent other learners from using the device if left on the  (Tupakula and Varadharajan, 2013) and reverse proxies spread across multiple hosting locations.
The recommendation for alleviating perceived security issues on virus and malware attack is the use of legacy protection mechanisms. This involves having regular data backup, installing firewalls and having up to date anti-malware and anti-virus software installation on m-learning devices. Furthermore, all interfaces including Bluetooth interface should be highly secured. For example, mobile firewalls normally inspect IP interfaces, but they often overlook the Bluetooth interface (Razaque and Elleithy, 2012).

Conclusion and further research
This article discusses learners' perceptions on security aspects of mobile learning, which is expanding the possibilities of open and distance learning education. Students are willing to embrace their use of mobile devices for learning purposes not only to augment classroom lectures but also to achieve the globalisation objective (Hashemi et al., 2011).
Their interest and expertise are of great potential for m-learning if integrated into their learning curriculum (Dale and Povey, 2009). However, the security and confidentiality of their private information being exposed in the process of m-learning are of great concern to them, which may lead to a reluctance to use such technology and consequently fail to realise the full potential of m-learning. Therefore, provision of robust mechanisms to support learners' authentication, authorisation, content copying and downloading, and safeguarding learner examinations, assessment and feedback processes from attackers and impostors are what the learners want in an m-learning environment.
Student records, e-portfolios and faculty data are some of the confidential information that need to be protected while students' privacy should be guaranteed at all times (Luminita and Magdalena, 2012).Adequate security measures are required to ensure that highly secured connections are maintained between the learners' devices and m-learning servers by deploying proper security policies and measures so as to deter and repel attacks. Similarly, learners should ensure that they connect their devices only to trusted and tested networks in order to safeguard data transferred during the m-learning process.
They should avoid downloading learning materials from illegitimate sites which are common sources for malware attacks.
In conclusion, mobile learning is going to increase in patronage as technology advances, the security issues in mobile devices which are also on the increase are transferable to m-learning systems. Learners are most highly likely to be affected since they are the main users of m-learning. Therefore, adequate security education and awareness inform of tutorials and tips should be put in place for the learners in order to minimise the security palaver and give them confidence in using such technology.
This article considers m-learning security from learners' perspectives, our previous publication discusses m-learning security from lecturers' perspectives (Shonola and Joy, 2014). However, there are still many grey areas in m-learning security where limited or no research has been done, such as common attack routes in m-learning security breaches, collective responsibilities of m-learning stakeholders in combating security breaches and other perceived threats to m-learning in developing countries apart from security. Therefore, future research work should focus on these areas.