Mobile App Privacy —You’re Doing It Wrong               (and so am I)  Graham Lee, Smartphone Security Boffin,           Fu...
Mobile App Privacy —You’re Doing It Wrong               (and so am I)  Graham Lee, Smartphone Security Boffin,           Fu...
Mobile App Privacy —      You’re Doing It Wrong                          (and so am I)             Graham Lee, Smartphone ...
Mobile App Privacy —      You’re Doing It Wrong                          (and so am I)             Graham Lee, Smartphone ...
Pre-intro Disclaimer
Introductory Story
Introductory Story•   I can’t explain why I did what I did
Introductory Story•   I can’t explain why I did what I did•   It’s not just hard to explain the    rules, I don’t know them
Introductory Story•   I can’t explain why I did what I did•   It’s not just hard to explain the    rules, I don’t know the...
Introductory Story•   I can’t explain why I did what I did•   It’s not just hard to explain the    rules, I don’t know the...
Erm…privacy?
Erm…privacy?
TAP HERE TO     SMASH THEM         PIGSErm…privacy?
Erm…privacy?
iOS Example
iOS Example
iOS Example
iOS Example
Historical Example “   The Platform for Privacy Preferences     Project (P3P) enables Websites to     express their privac...
What can we draw   from this?
What can we draw      from this?• People are capricious
What can we draw      from this?• People are capricious• We can’t tell you what information we’ll  use to make any decision
What can we draw      from this?• People are capricious• We can’t tell you what information we’ll  use to make any decisio...
What can we draw      from this?• People are capricious• We can’t tell you what information we’ll  use to make any decisio...
Therefore, give users aneasily-digestible amount       of pertinent     information AT   DECISION TIME
Just-in-time information                what I’m trying to do                   how it’s going
Social Media
Social Media         Your mum can read what you post!              Change privacy settings
Social Media
Social Media               IN REPLY TO DM
Confidential Data
Confidential Data           Warning: attachment includes credit card data.                                     Delete Attac...
Summary•   Users can help    themselves to privacy…•   …if app developers do    their part and help out•   AFFORDABILITY I...
Summary•   Users can help    themselves to privacy…•   …if app developers do    their part and help out•   AFFORDABILITY I...
Summary•   Users can help    themselves to privacy…•   …if app developers do    their part and help out•   AFFORDABILITY I...
Summary•   Users can help    themselves to privacy…•   …if app developers do    their part and help out•   AFFORDABILITY I...
@iamleeg
@iamleeg       fuzzyaliens.com
@iamleeg       fuzzyaliens.com
Upcoming SlideShare
Loading in …5
×

Smartphone security and privacy: you're doing it wrong

1,058 views

Published on

Before you can get security or privacy features correct, you must understand how people think and how this will impact any UI you show for your privacy settings. In this presentation, I discuss the user's mental model and see how this impacts on iPhone and Android privacy UI.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,058
On SlideShare
0
From Embeds
0
Number of Embeds
28
Actions
Shares
0
Downloads
46
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Smartphone security and privacy: you're doing it wrong

    1. 1. Mobile App Privacy —You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited fuzzyaliens.com
    2. 2. Mobile App Privacy —You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited
    3. 3. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server Telecom COParticle Accelerator
    4. 4. Mobile App Privacy — You’re Doing It Wrong (and so am I) Graham Lee, Smartphone Security Boffin, Fuzzy Aliens Limited Desktop Server UX Telecom CO Requirements EngParticle Accelerator Dev Ops Source Control …
    5. 5. Pre-intro Disclaimer
    6. 6. Introductory Story
    7. 7. Introductory Story• I can’t explain why I did what I did
    8. 8. Introductory Story• I can’t explain why I did what I did• It’s not just hard to explain the rules, I don’t know them
    9. 9. Introductory Story• I can’t explain why I did what I did• It’s not just hard to explain the rules, I don’t know them• Ask me, I’ll not only give the wrong answer, I’ll do something different
    10. 10. Introductory Story• I can’t explain why I did what I did• It’s not just hard to explain the rules, I don’t know them• Ask me, I’ll not only give the wrong answer, I’ll do something different• My original plan got replaced at run-time in the face of new inputs
    11. 11. Erm…privacy?
    12. 12. Erm…privacy?
    13. 13. TAP HERE TO SMASH THEM PIGSErm…privacy?
    14. 14. Erm…privacy?
    15. 15. iOS Example
    16. 16. iOS Example
    17. 17. iOS Example
    18. 18. iOS Example
    19. 19. Historical Example “ The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit. ”
    20. 20. What can we draw from this?
    21. 21. What can we draw from this?• People are capricious
    22. 22. What can we draw from this?• People are capricious• We can’t tell you what information we’ll use to make any decision
    23. 23. What can we draw from this?• People are capricious• We can’t tell you what information we’ll use to make any decision• A rational choice made earlier can be overridden by novel changes in environment
    24. 24. What can we draw from this?• People are capricious• We can’t tell you what information we’ll use to make any decision• A rational choice made earlier can be overridden by novel changes in environment amme rs a n d Sp phish e rs k n o w t his
    25. 25. Therefore, give users aneasily-digestible amount of pertinent information AT DECISION TIME
    26. 26. Just-in-time information what I’m trying to do how it’s going
    27. 27. Social Media
    28. 28. Social Media Your mum can read what you post! Change privacy settings
    29. 29. Social Media
    30. 30. Social Media IN REPLY TO DM
    31. 31. Confidential Data
    32. 32. Confidential Data Warning: attachment includes credit card data. Delete Attachment
    33. 33. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
    34. 34. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
    35. 35. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
    36. 36. Summary• Users can help themselves to privacy…• …if app developers do their part and help out• AFFORDABILITY IS KEY (in everything)• Read these books ➡
    37. 37. @iamleeg
    38. 38. @iamleeg fuzzyaliens.com
    39. 39. @iamleeg fuzzyaliens.com

    ×