Author: serge

“Is Our Children’s Apps Learning?” Automatically Detecting COPPA Violations (ConPro ’17)

Abstract In recent years, a market of games and learning apps for children has flourished in the mobile world. Many of these often “free” mobile apps have access to a variety of sensitive personal information about the user, which app developers can monetize via advertising or other means. In the United States, the Children’s Online […]

The Teaching Privacy Curriculum (SIGCSE ’16)

Abstract A basic understanding of online privacy is essential to being an informed digital citizen, and therefore basic privacy education is becoming ever more necessary. Recently released high school and college computer science curricula acknowledge the significantly increased importance of fundamental knowledge about privacy, but do not yet provide concrete content in the area. To […]

Do or Do Not, There Is No Try: User Engagement May Not Improve Security Outcomes (SOUPS ’16)

Abstract Computer security problems often occur when there are disconnects between users’ understanding of their role in computer security and what is expected of them. To help users make good security decisions more easily, we need insights into the challenges they face in their daily computer usage. We built and deployed the Security Behavior Observatory […]

Information Disclosure Concerns in The Age of Wearable Computing (USEC ’16)

Abstract Wearable devices, or “wearables,” bring great benefits but also potential information disclosure risks that could expose users’ activities without their awareness or consent. We surveyed 1,782 Internet users about various data associated with the capabilities of popular wearable devices on the market to identify the data disclosure scenarios that users find most concerning. Our […]

Keep on Lockin’ in the Free World: A Multi-National Comparison of Smartphone Locking (CHI ’16)

Abstract We present the results of an online survey of smartphone unlocking (N=8,286) that we conducted in eight different countries. The goal was to investigate differences in attitudes towards smartphone unlocking between different national cultures. Our results show that there are indeed significant differences across a range of categories. For instance, participants in Japan considered […]

Behavior Ever Follows Intention? A Validation of the Security Behavior Intentions Scale (SeBIS) (CHI ’16)

Abstract The Security Behavior Intentions Scale (SeBIS) measures the computer security attitudes of end-users. Because intentions are a prerequisite for planned behavior, the scale could therefore be useful for predicting users’ computer security behaviors. We performed three experiments to identify correlations between each of SeBIS’s four sub-scales and relevant computer security behaviors. We found that […]

The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens (CHI ’16)

Abstract To prevent unauthorized parties from accessing data stored on their smartphones, users have the option of enabling a “lock screen” that requires a secret code (e.g., PIN, drawing a pattern, or biometric) to gain access to their devices. We present a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone […]

The Myth of the Average User: Improving Privacy and Security Systems through Individualization (NSPW ’15)

Abstract While individual differences in decision-making have been examined within the social sciences for several decades, they have only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors). Specifically, several researchers have shown how different online privacy decisions are correlated with the “Big Five” personality traits. In […]

Android Permissions Remystified: A Field Study on Contextual Integrity (USENIX Sec ’15)

Abstract We instrumented the Android platform to collect data regarding how often and under what circumstances smartphone applications access protected resources regulated by permissions. We performed a 36-person field study to explore the notion of “contextual integrity,” i.e., how often applications access protected resources when users are not expecting it. Based on our collection of […]

Predicting Privacy and Security Attitudes (ACM CAS)

Abstract While individual differences in decision-making have been examined within the social sciences for several decades, this research has only recently begun to be applied by computer scientists to examine privacy and security attitudes (and ultimately behaviors). Specifically, several researchers have shown how different online privacy decisions are correlated with the “Big Five” personality traits. […]