On lightweight mobile phone application certification
Proceedings of the 16th ACM conference on Computer and communications security
Semantically Rich Application-Centric Security in Android
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A closer look at recognition-based graphical passwords on mobile devices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Towards understanding ATM security: a field study of real world ATM use
Proceedings of the Sixth Symposium on Usable Privacy and Security
The VMware mobile virtualization platform: is that a hypervisor in your pocket?
ACM SIGOPS Operating Systems Review
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Managing smart phone security risks
2010 Information Security Curriculum Development Conference
Implicit authentication through learning user behavior
ISC'10 Proceedings of the 13th international conference on Information security
CRePE: context-related policy enforcement for android
ISC'10 Proceedings of the 13th international conference on Information security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A specification based intrusion detection framework for mobile phones
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
On the need for different security methods on mobile phones
Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services
Practical and lightweight domain isolation on Android
Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices
iSpy: automatic reconstruction of typed input from compromising reflections
Proceedings of the 18th ACM conference on Computer and communications security
Shoulder surfing defence for recall-based graphical passwords
Proceedings of the Seventh Symposium on Usable Privacy and Security
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Measuring user confidence in smartphone security and privacy
Proceedings of the Eighth Symposium on Usable Privacy and Security
Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications
Proceedings of the Eighth Symposium on Usable Privacy and Security
Progressive authentication: deciding when to authenticate on mobile phones
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Understanding Users' Requirements for Data Protection in Smartphones
ICDEW '12 Proceedings of the 2012 IEEE 28th International Conference on Data Engineering Workshops
Hi-index | 0.00 |
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users' concerns about unauthorized data access on their smartphones (22 interviewed and 724 surveyed subjects). We found that users are generally concerned about insiders (e.g., friends) accessing their data on smartphones. Furthermore, we present the first evidence that the insider threat is a real problem impacting smartphone users. In particular, 12% of subjects reported a negative experience with unauthorized access. We also found that younger users are at higher risk of experiencing unauthorized access. Based on our results, we propose a stronger adversarial model that incorporates the insider threat. To better reflect users' concerns and risks, a stronger adversarial model must be considered during the design and evaluation of data protection systems and authentication methods for smartphones.