Themes
Computer security and privacy affect every aspect of computing, and are of concern for all users. The mobile device environment is no exception. With the ever-increasing functionality of modern smartphones comes the ability to store personally identifying, private information. While security provisions on traditional desktop and laptop computers have benefitted from increased research in usable security and privacy, parallel research for the unique mobile device environment is still in its infancy. This environment is characterized by the ability of users to install apps quickly and easily, a bursty use pattern in which the device is used frequently for short periods of time, and minimal user interfaces. This unique environment means that traditional security and privacy provisions such as passwords and PINs are a poor choice.
The popularity of smartphones has created an urgent need for usable security research targeted at understanding the distinct security threats arising from ubiquitous and mobile usage. Security and privacy are challenging design spaces because of several unique characteristics. For example, users typically focus on primary tasks while leaving security and privacy as secondary concerns or ignoring them altogether. Users may concentrate on some aspects of strong security (e.g., choosing a secure password) but undermine their efforts by neglecting other aspects (e.g., entering their password on their mobile device without considering that shoulder surfing is possible), and they may act insecurely without realizing that this can have later ramifications (e.g., installing apps from unknown sources). Accepted human-computer interaction (HCI) design principles do not necessarily apply because of the adversarial nature of security and privacy: attackers actively try to breach the system, leverage interface cues available to legitimate users, and deceive users by spoofing trusted indicators. The very mobility of the devices also have privacy and security ramifications that go beyond accepted HCI design principles. When a device may be easily lost, stolen or forgotten, efforts must be made to allow for privacy and security methods that protect the device and its data in this situation.
The topics within scope for the U-PriSM 2 workshop included the following: user authentication on mobile devices, permission management for applications, secure mobile payment, security indicators and features for mobile web browsing, do-not-track on mobile devices, protecting location privacy of mobile users, physical security of mobile devices (against loss or theft), and comparisons of usable privacy or security features between mobile platforms.