Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Smartphone security and privacy: you're doing it wrong

1,089 views

Published on

Before you can get security or privacy features correct, you must understand how people think and how this will impact any UI you show for your privacy settings. In this presentation, I discuss the user's mental model and see how this impacts on iPhone and Android privacy UI.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Smartphone security and privacy: you're doing it wrong

  1. 1. Mobile App Privacy —You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited fuzzyaliens.com
  2. 2. Mobile App Privacy —You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited
  3. 3. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server Telecom COParticle Accelerator
  4. 4. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server UX Telecom CO Requirements EngParticle Accelerator Dev Ops Source Control …
  5. 5. Pre-intro Disclaimer
  6. 6. Introductory Story
  7. 7. Introductory Story• I can’t explain why I did what I did
  8. 8. Introductory Story• I can’t explain why I did what I did• It’s not just hard to explain the rules, I don’t know them
  9. 9. Introductory Story• I can’t explain why I did what I did• It’s not just hard to explain the rules, I don’t know them• Ask me, I’ll not only give the wrong answer, I’ll do something different
  10. 10. Introductory Story• I can’t explain why I did what I did• It’s not just hard to explain the rules, I don’t know them• Ask me, I’ll not only give the wrong answer, I’ll do something different• My original plan got replaced at run-time in the face of new inputs
  11. 11. Erm…privacy?
  12. 12. Erm…privacy?
  13. 13. TAP HERE TO SMASH THEM PIGSErm…privacy?
  14. 14. Erm…privacy?
  15. 15. iOS Example
  16. 16. iOS Example
  17. 17. iOS Example
  18. 18. iOS Example
  19. 19. Historical Example “ The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. ”
  20. 20. What can we draw from this?
  21. 21. What can we draw from this?• People are capricious
  22. 22. What can we draw from this?• People are capricious• We can’t tell you what information we’ll use to make any decision
  23. 23. What can we draw from this?• People are capricious• We can’t tell you what information we’ll use to make any decision• A rational choice made earlier can be overridden by novel changes in environment
  24. 24. What can we draw from this?• People are capricious• We can’t tell you what information we’ll use to make any decision• A rational choice made earlier can be overridden by novel changes in environment amme rs a n d Sp phish e rs k n o w t his
  25. 25. Therefore, give users aneasily-digestible amount of pertinent information AT DECISION TIME
  26. 26. Just-in-time information what I’m trying to do how it’s going
  27. 27. Social Media
  28. 28. Social Media Your mum can read what you post! Change privacy settings
  29. 29. Social Media
  30. 30. Social Media IN REPLY TO DM
  31. 31. Confidential Data
  32. 32. Confidential Data Warning: attachment includes credit card data. Delete Attachment
  33. 33. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
  34. 34. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
  35. 35. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
  36. 36. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
  37. 37. @iamleeg
  38. 38. @iamleeg fuzzyaliens.com
  39. 39. @iamleeg fuzzyaliens.com

×