Second Workshop on Usable Privacy & Security
for Mobile Devices (U-PriSM 2)

August 27, 2013 Munich, Germany
co-located with MobileHCI 2013

PDF version of the CFP

Keynote Presentation

Alex De Luca, Ludwig-Maximilians-Universität München

New Devices Old Concepts: The Smartphone Authentication Dilemma

Passwords were invented in the early 60s when there was the need to protect access to some of the very first computers. Personal identification numbers (PINs) came with the first ATMs. Neither of them was designed for good usability or user convenience but they are still the dominant form of authentication nowadays. With the introduction of smartphones, the amount of private and sensitive data on mobile devices has finally reached a critical mass worth protecting, which is in most of the cases done using PINs and passwords. While they are neither great nor very secure for desktop computers and ATMs, they perform even worse on mobile devices. In this talk, I will describe the smartphone authentication dilemma and present research that tries to overcome this problem, that is, making authentication on mobile devices more usable and more secure. I will finally present a list of dos and don’ts for designing authentication systems for smartphones.

Alexander De Luca is currently working as a postdoc at the Media Informatics Group, University of Munich (LMU). His main research interest is usable privacy and security with a focus on authentication mechanism for different platforms. His published work includes but is not limited to: location privacy, authentication mechanisms for public spaces and mobile devices, data privacy, anti-phishing. His current research focuses on security and privacy issues of mobile devices. He also co-organized several workshops and special interest groups on this topic including the SPMU workshop series.

U-PriSM 2 Workshop Program
August 27, 2013, Room: 20

Note: Times Revised to better align with conference breaks

9:00 - 9:15 Welcome
9:15 - 10:15 Keynote - Alex De Luca, Ludwig-Maximilians-Universität München
10:15 - 11:00 Break (Room 16)
11:00 - 11:40 Session A

11:00 - Towards an Application-driven Mobile Authentication Model
Nicholas Micallef (Glasgow Caledonian University)
Mike Just (Glasgow Caledonian University)
Lynne Baillie (Glasgow Caledonian University)
Gunes Kayacik (Glasgow Caledonian University)

11:10 - Context-Based Security Questions for Fallback Authentication on Mobile Devices
Alina Hang (Media Informatics Group, University of Munich (LMU))

11:20 - Discussion
11:40 - 12:20 Session B

11:40 - Risky Business: A Study on User Awareness and Valuation of Cellular Privacy Risks
Dipayan Ghosh (Cornell University)
Stephanie Santoso (Cornell University)
Stephen Wicker (Cornell University)
Dawn Schrader (Cornell University)
Jubo Yan (Cornell University)
William Schulze (Cornell University)

11:50 - The Security Assistant - Investigating the Effect of Privacy and Security
Information on Perceived Usability, Trust and Behavior
Marc Busch (CURE - Center for Usability Research and Engineering)
Christina Hochleitner (CURE - Center for Usability Research and Engineering)
Manfred Tscheligi (University of Salzburg, ICT&S Center)

12:00 Discussion
12:20 - 13:50 Lunch (Senatssaal)
13:50 - 14:30 Session C

13:50 - Exploring Interaction between Smartphone Choice and Human Aspects of Security and Privacy
Ziniada Benenson (University of Erlangen-Nuremberg)
Lena Reinfelder (University of Erlangen-Nuremberg)
Freya Gassmann (Saarland University)

14:00 - Folk Models of Smartphone Users
Melanie Volkamer (TU Darmstadt)
Michaela Kauer (TU Darmstadt)
Sinem Emeroz (TU Darmstadt)
Karen Renaud (Glasgow)

14:10 - Discussion
14:30 - 15:00 Break (Room 16)
15:00 - 15:40 Session D

15:00 Controlling Location Disclosure by Distinguishing between Public and Private Spaces
Jeremy Wood (

15:10 - The Effects of Developer-Specified Explanations for Smartphone Permission Requests
Christopher Thompson (UC Berkeley)
Serge Egelman (UC Berkeley)

15:20 - Discussion
15:40 - 16:35 Open Mic / General Discussion
16:30 - 16:45 Closing Remarks


Sonia Chiasson, Carleton University

Heather Crawford, Florida Institute of Technology

Serge Egelman, UC Berkeley

Pourang Irani, University of Manitoba