ABSTRACT
In addition to storing a plethora of sensitive personal and work information, smartphones also store sensor data about users and their daily activities. In order to understand users' behaviors and attitudes towards the security of their smartphone data, we conducted 28 qualitative interviews. We examined why users choose (or choose not) to employ locking mechanisms (e.g., PINs) and their perceptions and awareness about the sensitivity of the data stored on their devices. We performed two additional online experiments to quantify our interview results and the extent to which sensitive data could be found in a user's smartphone-accessible email archive. We observed a strong correlation between use of security features and risk perceptions, which indicates rational behavior. However, we also observed that most users likely underestimate the extent to which data stored on their smartphones pervades their identities, online and offline.
- Andriotis, P., Tryfonas, T., Oikonomou, G., and Yildiz, C. A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec '13, ACM (New York, NY, USA, 2013), 1--6. Google ScholarDigital Library
- Apple, Inc. Find My iPhone, 2014. http://www.apple.com/icloud/find-my-iphone.html.Google Scholar
- Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. Smudge attacks on smartphone touch screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies, WOOT'10, USENIX Association (Berkeley, CA, USA, 2010), 1--7. Google ScholarDigital Library
- Aviv, A. J., Sapp, B., Blaze, M., and Smith, J. M. Practicality of accelerometer side channels on smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC '12, ACM (New York, NY, USA, 2012), 41--50. Google ScholarDigital Library
- Becher, M., Freiling, F. C., Hoffmann, J., Holz, T., Uellenbeck, S., and Wolf, C. Mobile security catching up? revealing the nuts and bolts of the security of mobile devices. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, IEEE Computer Society (Washington, DC, USA, 2011), 96--111. Google ScholarDigital Library
- Bonneau, J., Herley, C., Oorschot, P. C. v., and Stajano, F. The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP '12, IEEE Computer Society (Washington, DC, USA, 2012), 553--567. Google ScholarDigital Library
- Bonneau, J., Preibusch, S., and Anderson, R. A birthday present every eleven wallets? The security of customer-chosen banking PINs. In FC '12: Proceedings of the the Sixteenth International Conference on Financial Cryptography (March 2012).Google ScholarCross Ref
- Boyles, J. L., Smith, A., and Madden, M. Privacy and data management on mobile devices, September 5 2012. http://www.pewinternet.org/2012/09/05/privacy-and-data-management-on-mobile-devices/.Google Scholar
- Broida, R. How to improve your chances of recovering a lost android phone, February 20 2013. http://www.pcworld.com/article/2028782/.Google Scholar
- Chiang, H.-Y., and Chiasson, S. Improving user authentication on mobile devices: A touchscreen graphical password. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services, MobileHCI '13, ACM (New York, NY, USA, 2013), 251--260. Google ScholarDigital Library
- Chin, E., Felt, A. P., Sekar, V., and Wagner, D. Measuring user confidence in smartphone security and privacy. In Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM (2012), 1. Google ScholarDigital Library
- De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. Touch me once and i know it's you!: Implicit authentication based on touch screen patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '12, ACM (New York, NY, USA, 2012), 987--996. Google ScholarDigital Library
- De Luca, A., Harbach, M., von Zezschwitz, E., Maurer, M.-E., Slawik, B. E., Hussmann, H., and Smith, M. Now you see me, now you don't: Protecting smartphone authentication from shoulder surfers. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '14, ACM (New York, NY, USA, 2014), 2937--2946. Google ScholarDigital Library
- De Luca, A., von Zezschwitz, E., Nguyen, N. D. H., Maurer, M.-E., Rubegni, E., Scipioni, M. P., and Langheinrich, M. Back-of-device authentication on smartphones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '13, ACM (New York, NY, USA, 2013), 2389--2398. Google ScholarDigital Library
- Duggan, M. Cell phone activities 2013, September 19 2013. http://www.pewinternet.org/2013/09/19/cell-phone-activities-2013/.Google Scholar
- Dunphy, P., Heiner, A. P., and Asokan, N. A closer look at recognition-based graphical passwords on mobile devices. In Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS '10, ACM (New York, NY, USA, 2010), 3:1--3:12. Google ScholarDigital Library
- Fox, S. 51% of u.s. adults bank online, August 7 2013. http://www.pewinternet.org/2013/08/07/51-of-u-s-adults-bank-online/.Google Scholar
- Frank, M., Biedert, R., Ma, E., Martinovic, I., and Song, D. Touchalytics: On the applicability of touchscreen input as a behavioral biometric for continuous authentication. Information Forensics and Security, IEEE Transactions on 8, 1 (Jan 2013), 136--148.Google Scholar
- Glaser, B. G., and Strauss, A. L. The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine Publishing Company, Chicago, 1967.Google Scholar
- Hang, A., von Zezschwitz, E., De Luca, A., and Hussmann, H. Too much information!: User attitudes towards smartphone sharing. In Proceedings of the 7th Nordic Conference on Human-Computer Interaction: Making Sense Through Design, NordiCHI '12, ACM (New York, NY, USA, 2012), 284--287. Google ScholarDigital Library
- Harbach, M., von Zezschwitz, E., Fichtner, A., Luca, A. D., and Smith, M. It\textquoterights a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In Symposium On Usable Privacy and Security (SOUPS 2014), USENIX Association (Menlo Park, CA, July 2014), 213--230.Google Scholar
- Hayashi, E., Riva, O., Strauss, K., Brush, A., and Schechter, S. Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications. In Proceedings of the Eighth Symposium on Usable Privacy and Security, ACM (2012), 2. Google ScholarDigital Library
- Herley, C. So long, and no thanks for the externalities: the rational rejection of security advice by users. In New Security Paradigms Workshop (2009), 133--144. Google ScholarDigital Library
- Hitti, M. Put 'ice' on your cell phone. WebMD Health News, October 16 2006. http://www.webmd.com/news/20061016/put-ice-on-your-cell-phone.Google Scholar
- Karlson, A. K., Brush, A., and Schechter, S. Can i borrow your phone?: understanding concerns when sharing mobile phones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM (2009), 1647--1650. Google ScholarDigital Library
- Lookout. Mobile lost & found: Your phone's favorite hiding places, March 22 2012. https://blog.lookout.com/blog/2012/03/22/.Google Scholar
- Riva, O., Qin, C., Strauss, K., and Lymberopoulos, D. Progressive authentication: deciding when to authenticate on mobile phones. In Proceedings of the 21st USENIX Security Symposium (2012). Google ScholarDigital Library
- Sae-Bae, N., Ahmed, K., Isbister, K., and Memon, N. Biometric-rich gestures: A novel approach to authentication on multi-touch devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '12, ACM (New York, NY, USA, 2012), 977--986. Google ScholarDigital Library
- Schaub, F., Walch, M., Könings, B., and Weber, M. Exploring the design space of graphical passwords on smartphones. In Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS '13, ACM (New York, NY, USA, 2013), 11:1--11:14. Google ScholarDigital Library
- Schechter, S., Brush, A. B., and Egelman, S. It's no secret. measuring the security and reliability of authentication via. In Proceedings of the 2009 IEEE Symposium on Security and Privacy, IEEE Computer Society (Los Alamitos, CA, USA, 2009), 375--390. Google ScholarDigital Library
- Serwadda, A., and Phoha, V. V. When kids' toys breach mobile phone security. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, ACM (New York, NY, USA, 2013), 599--610. Google ScholarDigital Library
- Simon, L., and Anderson, R. Pin skimmer: Inferring pins through the camera and microphone. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, SPSM '13, ACM (New York, NY, USA, 2013), 67--78. Google ScholarDigital Library
- Starr, C., Rudman, R., and Whipple, C. Philosophical basis for risk analysis. Annual Review of Energy 1 (November 1976), 629--662.Google Scholar
- Takada, T., and Kokubun, Y. Extended pin authentication scheme allowing multi-touch key input. In Proceedings of International Conference on Advances in Mobile Computing & Multimedia, MoMM '13, ACM (New York, NY, USA, 2013), 307:307--307:310. Google ScholarDigital Library
- Uellenbeck, S., Dürmuth, M., Wolf, C., and Holz, T. Quantifying the security of graphical passwords: The case of android unlock patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, ACM (New York, NY, USA, 2013), 161--172. Google ScholarDigital Library
- Van Bruggen, D., Liu, S., Kajzer, M., Striegel, A., Crowell, C. R., and D'Arcy, J. Modifying smartphone user locking behavior. In Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS '13, ACM (New York, NY, USA, 2013), 10:1--10:14. Google ScholarDigital Library
- Von Zezschwitz, E., Dunphy, P., and De Luca, A. Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services, ACM (2013), 261--270. Google ScholarDigital Library
- von Zezschwitz, E., Koslow, A., De Luca, A., and Hussmann, H. Making graphic-based authentication secure against smudge attacks. In Proceedings of the 2013 International Conference on Intelligent User Interfaces, IUI '13, ACM (New York, NY, USA, 2013), 277--286. Google ScholarDigital Library
- Wright, S. The symantec smartphone honey stick project. Tech. rep., Symantec, 2012.Google Scholar
- Zhao, Z., Ahn, G.-J., Seo, J.-J., and Hu, H. On the security of picture gesture authentication. In Proceedings of the 22Nd USENIX Conference on Security, SEC'13, USENIX Association (Berkeley, CA, USA, 2013), 383--398. Google ScholarDigital Library
Index Terms
- Are You Ready to Lock?
Recommendations
Android Applications Repackaging Detection Techniques for Smartphone Devices
The problem of malwares affecting Smartphones has been widely recognized by the researchers across the world. Majority of these malwares target Android OS. Studies have found that most of the Android malwares hide inside repackaged apps to get inside ...
Permission-Educator: App for Educating Users About Android Permissions
Intelligent Human Computer InteractionAbstractCyberattacks and malware infestation are issues that surround most operating systems (OS) these days. In smartphones, Android OS is more susceptible to malware infection. Although Android has introduced several mechanisms to avoid cyberattacks, ...
AppInk: watermarking android apps for repackaging deterrence
ASIA CCS '13: Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications securityWith increased popularity and wide adoption of smartphones and mobile devices, recent years have seen a new burgeoning economy model centered around mobile apps. However, app repackaging, among many other threats, brings tremendous risk to the ecosystem,...
Comments