Mobile Privacy & Security

• The Medium is the Message: How Secure Messaging Apps Leak Sensitive Data to Push Notification Services (PETS ’24)
• Log: It’s Big, It’s Heavy, It’s Filled with Personal Data! Measuring the Logging of Sensitive Information in the Android Ecosystem (USENIX Sec ’23)
• Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA) (PETS ’23)
• Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps (PETS ’22)
• Users’ Expectations About and Use of Smartphone Privacy and Security Settings (CHI ’22)
• Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck (USENIX Sec ’20)
• Disaster Privacy/Privacy Disaster (JASIST ’20)
• The Price is (Not) Right: Comparing Privacy in Free and Paid Apps (PETS ’20)
• 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System (USENIX Sec ’19)
• On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies (ConPro ’19)
• Do You Get What You Pay For? Comparing The Privacy Behaviors of Free vs. Paid Apps (ConPro ’19)
• “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale (PETS ’18)
• Contextualizing Privacy Decisions for Better Prediction (and Protection) (CHI ’18)
• TurtleGuard: Helping Android Users Apply Contextual Privacy Preferences (SOUPS ’17)
• The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences (Oakland ’17)
• “Is Our Children’s Apps Learning?” Automatically Detecting COPPA Violations (ConPro ’17)
• Keep on Lockin’ in the Free World: A Multi-National Comparison of Smartphone Locking (CHI ’16)
• The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens (CHI ’16)
• Android Permissions Remystified: A Field Study on Contextual Integrity (USENIX Sec ’15)
• Are you ready to lock? understanding user motivations for smartphone locking behaviors (CCS ’14)
• The effect of developer-specified explanations for permission requests on smartphone user behavior (CHI ’14)
• When it’s better to ask forgiveness than get permission: attribution mechanisms for smartphone resources (SOUPS ’13)
• Android permissions: user attention, comprehension, and behavior (SOUPS ’12)
• Choice architecture and smartphone privacy: there’s a price for that (WEIS ’12)
• How to ask for permission (HotSec ’12)
• I’ve got 99 problems, but vibration ain’t one: a survey of smartphone users’ concerns (SPSM ’12)
• Location privacy: user behavior in the field (SPSM ’12)

Web Privacy & Security

• Security and Privacy Failures in Popular 2FA Apps (USENIX Sec ’23)
• Deployment of Source Address Validation by Network Operators: A Randomized Control Trial (Oakland ’22)
• Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges (CHI ’21)
• Deciding on Personalized Ads: Nudging Developers About User Privacy (SOUPS ’21)
• Empirical Measurement of Systemic 2FA Usability (USENIX Sec ’20)
• “You’ve Got Your Nice List of Bugs, Now What?” Vulnerability Discovery and Management Processes in the Wild (SOUPS ’20)
• Nudge Me Right: Personalizing Online Security Nudges to People’s Decision-Making Styles (CHB ’20)
• Conducting Privacy-Sensitive Surveys: A Case Study of Civil Society Organizations (CHI Workshops ’20)
• A Promise Is A Promise: The Effect Of Commitment Devices On Computer Security Intentions (CHI ’19)
• The Accuracy of the Demographic Inferences Shown on Google’s Ad Settings (WPES ’18)
• Better Late(r) than Never: Increasing Cyber-Security Compliance by Reducing Present Bias (WEIS ’18)
• Quantifying Users’ Beliefs about Software Updates (USEC ’18)
• An Experience Sampling Study of User Reactions to Browser Warnings in the Field (CHI ’18)
• A Usability Evaluation of Tor Launcher (PETS ’17)
• Let’s Go in for a Closer Look: Observing Passwords in Their Natural Habitat (CCS ’17)
• Personalized Security Messaging: Nudges for Compliance with Browser Warnings (EuroUSEC ’17)
• The Teaching Privacy Curriculum (SIGCSE ’16)
• Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes (SOUPS ’16)
• Behavior Ever Follows Intention? A Validation of the Security Behavior Intentions Scale (SeBIS) (CHI ’16)
• The Myth of the Average User: Improving Privacy and Security Systems through Individualization (NSPW ’15)
• Predicting Privacy and Security Attitudes (ACM CAS)
• Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) (CHI ’15)
• Fingerprinting Web Users through Font Metrics (FC ’15)
• The importance of being earnest [in security warnings] (FC ’13)
• Does my password go up to eleven?: the impact of password meters on password selection (CHI ’13)
• My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect (CHI ’13)
• Facebook and privacy: it’s complicated (SOUPS ’12)

Wearable & Ubiquitous Computing

• Runtime Permissions for Privacy in Proactive Intelligent Assistants (SOUPS ’22)
• Balancing Power Dynamics in Smart Homes: Nannies’ Perspectives on How Cameras Reflect and Affect Relationships (SOUPS ’22)
• Evaluating and Redefining Smartphone Permissions with Contextualized Justifications for Mobile Augmented Reality Apps (SOUPS ’21)
• Privacy Controls for Always-Listening Devices (NSPW ’19)
• Investigating Users’ Preferences and Expectations for Always-Listening Voice Assistants (IMWUT ’19)
• Privacy and Security Threat Models and Mitigation Strategies of Older Adults (SOUPS ’19)
• Privacy Attitudes of Smart Speaker Users (PETS ’19)
• Information Design in An Aged Care Context (PervasiveHealth ’19)
• “What Can’t Data Be Used For?” Privacy Expectations about Smart TVs in the U.S. (EuroUSEC ’18)
• Information Disclosure Concerns in The Age of Wearable Computing (USEC ’16)
• Somebody’s Watching Me? Assessing the Effectiveness of Webcam Indicator Lights (CHI ’15)
• Is This Thing On? Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms (CHI ’15)