A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.
The problem is that users became "habituated" to warnings and stopped perceiving them. This is a significant factor in security philosophy. This is why people staffing TSA checkpoints get good at spotting water bottles which they see all the time but miss fake bombs and guns smuggled in by people who test them.
According to the report with the catchy title "Tuning Out Security Warnings: A Longitudinal Examination of Habituation Through fMRI, Eye Tracking, and Field Experiments", writers Anthony Vance, Jeffrey L. Jenkins, Bonnie Brinton Anderson, Daniel K. Bjornn and C. Brock Kirwan found that people habituated rapidly to repeated warnings within a single laboratory session.
"We observed that there was a recovery effect of attention from one day to the next when warnings were withheld. Unfortunately, this recovery effect wasn’t enough to offset the overall pattern of habituation across the workweek."
More positively, the researchers found that a polymorphic warning, a warning that changes its appearance with each presentation, could sustain attention over time.