THE ANATOMY OF SMARTPHONE UNLOCKING: Why and How Android Users Around the World Lock their Phones

To prevent unauthorized access to their smartphones, users can enable a "lock screen," which may require entering a PIN or password, drawing a pattern, or providing a biometric. We present the results of two studies that together offer a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone users worldwide. An online survey (N=8,286), conducted in eight different countries, sheds light on people's reasons for choosing their screen lock method and demonstrates significant crosscultural differences in attitudes towards this subject. In a separate monthlong field study (N=134), we studied how existing lock screen mechanisms provide users with distinct tradeoffs between usability and security, identifying areas where both could be improved.

[1]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[2]  Ian Oakley,et al.  The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices , 2011, Tangible and Embedded Interaction.

[3]  Theodore Tryfonas,et al.  Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method , 2014, HCI.

[4]  Serge Egelman,et al.  Keep on Lockin' in the Free World: A Multi-National Comparison of Smartphone Locking , 2016, CHI.

[5]  Ross J. Anderson,et al.  A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs , 2012, Financial Cryptography.

[6]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[7]  Sung-Hwan Kim,et al.  A new shoulder-surfing resistant password for mobile environments , 2011, ICUIMC.

[8]  Heinrich Hußmann,et al.  SwiPIN: Fast and Secure PIN-Entry on Smartphones , 2015, CHI.

[9]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[10]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[11]  Tetsuji Takada,et al.  Extended PIN Authentication Scheme Allowing Multi-Touch Key Input , 2013, MoMM '13.

[12]  Heinrich Hußmann,et al.  Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns , 2015, CHI.

[13]  Chunming Qiao,et al.  PhoneLab: A Large Programmable Smartphone Testbed , 2013, SENSEMINE@SenSys.

[14]  Serge Egelman,et al.  The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens , 2016, CHI.

[15]  Hai Huang,et al.  You Are How You Touch: User Verification on Smartphones via Tapping Behaviors , 2014, 2014 IEEE 22nd International Conference on Network Protocols.