Mobile-based application for assessing and reporting social-engineering vulnerabilities in higher learning institutions:

Abstract

This study developed a mobile-based application for assessing and reporting social-engineering vulnerabilities in Tanzanian higher learning institutions (HLIs). Social-engineering attacks such as phishing, smishing, vishing, baiting and pretexting, continue to threaten campus data security, yet existing detection and reporting mechanisms are slow and fragmented. Guided by the theories of reasoned action, protection motivation and technology acceptance, a mixedmethods approach was used: a targeted literature review, a questionnaire survey of 395 students, academic and administrative staff, and semi-structured interviews with ten cybersecurity experts informed the functional requirements. An Agile development cycle produced a bilingual Android application that integrates interactive self-assessment quizzes, instant incident-reporting forms and tailored awareness content. Results showed that 74% of respondents recognised social-engineering threats, but only 38% had received formal training, and just 32% of incidents were officially reported. Pilot deployment in four stratified institutions yielded 95% overall user satisfaction and 100% successful login/registration, demonstrating strong acceptance of the mobile solution. All ten critical system-test cases passed on first run (100% task-success, zero functional errors), the mean System-Usability-Scale score reached 85.4/100, and Locust stress-tests sustained 1000 concurrent writes with sub-250 ms latency, quantitatively confirming the app’s reliability, usability and scalability.