Nicholas Micallef

Why aren't Users Using Protection? Investigating the Usability of Smartphone Locking

One of the main reasons why smartphone users do not adopt screen locking mechanisms is due to the inefficiency of entering a PIN/pattern each time they use their phone. To address this problem we designed a context-sensitive screen locking application which asked participants to enter a PIN/pattern only when necessary, and evaluated its impact on efficiency and satisfaction. Both groups of participants, who prior to the study either locked or did not lock their phone, adopted our application and felt that unlocking their phone only when necessary was more efficient, did not annoy them and offered a reasonable level of security. Participants responded positively to the option of choosing when a PIN/pattern is required in different contexts. Therefore, we recommend that designers of smartphone locking mechanisms should consider ceding a reasonable level of control over security settings to users to increase adoption and convenience, while keeping smartphones reasonably secure.

Time to exercise!: an aide-memoire stroke app for post-stroke arm rehabilitation

A majority of Stroke survivors have an arm impairment (up to 80%), which persists over the long term (>12 months). Physiotherapy experts believe that a rehabilitation Aide-Memoire could help these patients [25]. Hence, we designed, with the input of physiotherapists, Stroke experts and former Stroke patients, the Aide-Memoire Stroke (AIMS) App to help them remember to exercise more frequently. We evaluated its use in a controlled field evaluation on a smartphone, tablet and smartwatch. Since one of the main features of the app is to remind Stroke survivors to exercise we also investigated reminder modalities (i.e., visual, vibrate, audio, speech). One key finding is that Stroke survivors opted for a combination of modalities to remind them to conduct their exercises. Also, Stroke survivors seem to prefer smartphones compared to other mobile devices due to their ease of use, usability, familiarity and being easier to handle with one arm.

Sensor use and usefulness: Trade-offs for data-driven authentication on mobile devices

Modern mobile devices come with an array of sensors that support many interesting applications. However, sensors have different sampling costs (e.g., battery drain) and benefits (e.g., accuracy) under different circumstances. In this work we investigate the trade-off between the cost of using a sensor and the benefit gained from its use, with application to data-driven authentication on mobile devices. Current authentication practice, where user behaviour is first learned from the sensor data and then used to detect anomalies, typically assumes a fixed sampling rate and does not consider the battery consumption and usefulness of sensors. In this work we study how battery consumption and sensor effectiveness (e.g., for detecting attacks) vary when using different sensors and different sensor sampling rates. We use data from both controlled lab studies, as well as field trials, for our experiments. We also propose an adaptive sampling technique that adjusts the sampling rate based on an expected device vigilance level. Our results show that it is possible to reduce the battery consumption tenfold without significantly impacting the detection of attacks.

Non-intrusive and Transparent Authentication on Smart Phones

This work aims to contribute to the field of non-intrusive and transparent authentication on smart phones by defining an implicit authentication model consisting of a set of distinguishable recurring features extracted from a combination of different sources of inbuilt sensors which have not yet been previously combined for this purpose. The research goals of this work are (1) define a robust methodology for accurate and transparent sensor data collection (2) identify sets of distinguishable and recurring features to define an implicit authentication model and (3) evaluate the usability and security threats of this authentication model so that a smart phone could be trained for a brief period of time after which it will be capable of authenticating users in a non-intrusive and transparent manner.

Towards designing a mobile app that creates avatars for privacy protection

Online forms often require users to provide a lot of personal information when registering for services, which puts their privacy at risk. While recent legislation has focused on how personal data is handled by organizations, the recent Cambridge Analytica revelations expose the limitations of relying on organizations to adhere to legislation or even their own privacy policies. In this research, we tackle this problem by taking the first steps towards providing users with more control over their personal data when registering for services. We employ a user-centered approach to design a privacy protection app, which, through the use of avatars, would provide users with greater control and flexibility over the personal information they disclose during online registrations. This paper reports on a set of design findings and observations extracted from a series of design workshops conducted to identify the design elements users would prefer in this novel privacy protection app.