User Evaluations of an App Interface for Cloud-Based Identity Management

Within a project developing cloud technology for identity access management, usability tests of the mock-up of a mobile app identity provider were conducted to assess Internet users’ consciousness of data disclosures in consent forms and their comprehension of the flow of authentication data. Results show that using one’s fingerprint for giving consent was easy, but most participants did not have a correct view of where the fingerprint data is used and what entities would have access to it. Familiarity with ID apps appeared to aggravate misunderstanding. In addition, participants could not well recall details of personal data releases and settings for disclosure options. An evaluation with a confirmation screen improved the recall rate slightly. However, some participants voiced a desire to have control over their data and expressed a wish to manually select mandatory information. This can be a way of slowing users down and make them reflect more.

[1]  Jun Zhao,et al.  Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps , 2017, CHI.

[2]  Serge Egelman,et al.  My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect , 2013, CHI.

[3]  Heather Richter Lipford,et al.  Users' (mis)conceptions of social applications , 2010, Graphics Interface.

[4]  L. Jean Camp,et al.  Comparative eye tracking of experts and novices in web single sign-on , 2013, CODASPY '13.

[5]  Mohamed Shehab,et al.  Look before you Authorize: Using Eye-Tracking to Enforce User Attention towards Application Permissions , 2017, Proc. Priv. Enhancing Technol..

[6]  Philip T. Kortum,et al.  Determining what individual SUS scores mean: adding an adjective rating scale , 2009 .

[7]  Sebastian Herold,et al.  A Literature Study on Privacy Patterns Research , 2017, 2017 43rd Euromicro Conference on Software Engineering and Advanced Applications (SEAA).

[8]  Scott Ruoti,et al.  Authentication Melee: A Usability Analysis of Seven Web Authentication Systems , 2015, WWW.

[9]  Kirstie Hawkey,et al.  What makes users refuse web single sign-on?: an empirical investigation of OpenID , 2011, SOUPS.

[10]  Lujo Bauer,et al.  A comparison of users' perceptions of and willingness to use Google, Facebook, and Google+ single-sign-on functionality , 2013, Digital Identity Management.

[11]  John Sören Pettersson,et al.  Towards the Adoption of Secure Cloud Identity Services , 2017, ARES.

[12]  Jens Grossklags,et al.  Third-party apps on Facebook: privacy and the illusion of control , 2011, CHIMIT '11.

[13]  N. Leech,et al.  Validity and Qualitative Research: An Oxymoron? , 2007 .

[14]  Harold Abelson,et al.  No technical understanding required: helping users make informed choices about access to their personal data , 2014, MobiQuitous.

[15]  Joseph Bonneau,et al.  Cognitive disconnect: understanding facebook connect login permissions , 2014, COSN '14.

[16]  Mohamed Shehab,et al.  Investigating the Animation of Application Permission Dialogs: A Case Study of Facebook , 2016, DPM/QASA@ESORICS.

[17]  Tobias Pulls,et al.  Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This? , 2016, Privacy and Identity Management.

[18]  Oriana Riva,et al.  Taking data exposure into account: how does it affect the choice of sign-in accounts? , 2013, CHI.

[19]  Stephan Krenn,et al.  Opportunities and Challenges of CREDENTIAL - Towards a Metadata-Privacy Respecting Identity Provider , 2016, Privacy and Identity Management.

[20]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[21]  Emmanuel Bello-Ogunu,et al.  Investigating User Comprehension and Risk Perception of Apple's Touch ID Technology , 2017, ARES.

[22]  Jens Grossklags,et al.  An online experiment of privacy authorization dialogues for social applications , 2013, CSCW.

[23]  Blase Ur,et al.  Biometric authentication on iPhone and Android: Usability, perceptions, and influences on adoption , 2015 .

[24]  Niklas Carlsson,et al.  Information Sharing and User Privacy in the Third-party Identity Management Landscape , 2015, CODASPY.

[25]  Jeffrey Rubin,et al.  Handbook of Usability Testing: How to Plan, Design, and Conduct Effective Tests , 1994 .

[26]  Bernd Zwattendorfer,et al.  CREDENTIAL: A Framework for Privacy-Preserving Cloud-Based Data Sharing , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[27]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..