Is Implicit Authentication on Smartphones Really Popular? On Android Users’ Perception of “Smart Lock for Android”

Implicit authentication (IA) on smartphones has gained a lot of attention from the research community over the past decade. IA leverages behavioral and contextual data to identify users without requiring explicit input, and thus can alleviate the burden of smartphone unlocking. The reported studies on users’ perception of IA have painted a very positive picture, showing that more than 60% of their respective participants are interested in adopting IA, should it become available on their devices. These studies, however, have all been done either in lab environments, or with low- to medium-fidelity prototypes, which limits their generalizability and ecological validity. Therefore, the question of “how would smartphone users perceive a commercialized IA scheme in a realistic setting?” remains unanswered. To bridge this knowledge gap, we report on the findings of our qualitative user study (N = 26) and our online survey (N = 343) to understand how Android users perceive Smart Lock (SL). SL is the first and currently only widely-deployed IA scheme for smartphones. We found that SL is not a widely adopted technology, even among those who have an SL-enabled phone and are aware of the existence of the feature. Conversely, we found unclear usefulness, and perceived lack of security, among others, to be major adoption barriers that caused the SL adoption rate to be as low as 13%. To provide a theoretical framework for explaining SL adoption, we propose an extended version of the technology acceptance model (TAM), called SL-TAM, which sheds light on the importance of factors such as perceived security and utility on SL adoption.

[1]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2017, IEEE Systems Journal.

[2]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[3]  Kathleen M. MacQueen,et al.  Applied Thematic Analysis , 2011 .

[4]  Xiang-Yang Li,et al.  Continuous user identification via touch and movement behavioral biometrics , 2014, 2014 IEEE 33rd International Performance Computing and Communications Conference (IPCCC).

[5]  Swathi S. V. P. Rayala,et al.  I Don't Use Apple Pay Because It's Less Secure ...: Perception of Security and Usability in Mobile Tap-and-Pay , 2017 .

[6]  Christophe Kolski,et al.  State of the Art on the Cognitive Walkthrough Method, Its Variants and Evolutions , 2010, Int. J. Hum. Comput. Interact..

[7]  Urs Hengartner,et al.  Itus: an implicit authentication framework for android , 2014, MobiCom.

[8]  Konstantin Beznosov,et al.  On the Impact of Touch ID on iPhone Passcodes , 2015, SOUPS.

[9]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[10]  Karen Renaud,et al.  Understanding user perceptions of transparent authentication on a mobile device , 2014, Journal of Trust Management.

[11]  Lynne Baillie,et al.  Why aren't Users Using Protection? Investigating the Usability of Smartphone Locking , 2015, MobileHCI.

[12]  Mohammad Chuttur,et al.  Overview of the Technology Acceptance Model: Origins, Developments and Future Directions , 2009 .

[13]  Shatha J. Alghamdi,et al.  Dynamic Authentication of Smartphone Users Based on Touchscreen Gestures , 2018 .

[14]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[15]  Kirstie Hawkey,et al.  What makes users refuse web single sign-on?: an empirical investigation of OpenID , 2011, SOUPS.

[16]  Bojan Cukic,et al.  Touch gesture-based authentication on mobile devices: The effects of user posture, device size, configuration, and inter-session variability , 2019, J. Syst. Softw..

[17]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[18]  Konstantin Beznosov,et al.  Towards Understanding the Link Between Age and Smartphone Authentication , 2019, CHI.

[19]  Darrell L. Butler,et al.  Barriers to Adopting Technology By , 2002 .

[20]  Peng Xu,et al.  Do I have to learn something new? Mental models and the acceptance of replacement technologies , 2011, Behav. Inf. Technol..

[21]  Fred D. Davis,et al.  A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies , 2000, Management Science.

[22]  Urs Hengartner,et al.  A Comparative Evaluation of Implicit Authentication Schemes , 2014, RAID.

[23]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[24]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[25]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[26]  Jean Vanderdonckt,et al.  ECOVAL: A Framework for Increasing the Ecological Validity in Usability Testing , 2015, 2015 48th Hawaii International Conference on System Sciences.

[27]  Luís Carriço,et al.  Snooping on Mobile Phones: Prevalence and Trends , 2016, SOUPS.

[28]  Karin Strauss,et al.  Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications , 2012, SOUPS.

[29]  Cleidson R. B. de Souza,et al.  Experimenting on the cognitive walkthrough with users , 2014, MobileHCI '14.

[30]  Sriram Subramanian,et al.  Proceedings of the 16th international conference on Human-computer interaction with mobile devices & services , 2014, MobileHCI 2014.

[31]  Konstantin Beznosov,et al.  Android users in the wild: Their authentication and usage behavior , 2016, Pervasive Mob. Comput..

[32]  Fred D. Davis,et al.  User Acceptance of Computer Technology: A Comparison of Two Theoretical Models , 1989 .

[33]  Daniel Vogel,et al.  Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying , 2015, SOUPS.

[34]  Christoph Busch,et al.  Unobtrusive User-Authentication on Mobile Phones Using Biometric Gait Recognition , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[35]  Nasir D. Memon,et al.  An HMM-based behavior modeling approach for continuous mobile authentication , 2014, 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[36]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[37]  Susmita Sur-Kolay,et al.  CABA: Continuous Authentication Based on BioAura , 2017, IEEE Transactions on Computers.

[38]  E. Rogers,et al.  Diffusion of innovations , 1964, Encyclopedia of Sport Management.

[39]  Rajesh Kumar,et al.  Context-Aware Active Authentication Using Smartphone Accelerometer Measurements , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[40]  Heinrich Hußmann,et al.  I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones , 2015, CHI.

[41]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[42]  Luminita Vasiu,et al.  Biometric Recognition - Security and Privacy Concerns , 2004, ICETE.

[43]  Alexandru-Cosmin Grivei Touch based biometric authentication for Android devices , 2015, 2015 7th International Conference on Electronics, Computers and Artificial Intelligence (ECAI).

[44]  Ivan Beschastnikh,et al.  Vulnerability & Blame: Making Sense of Unauthorized Access to Smartphones , 2019, CHI.

[45]  Leo R. Vijayasarathy,et al.  Predicting consumer intentions to use on-line shopping: the case for an augmented technology acceptance model , 2004, Inf. Manag..