skip to main content
10.1145/2858036.2858267acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
research-article
Open access

The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens

Published: 07 May 2016 Publication History

Abstract

To prevent unauthorized parties from accessing data stored on their smartphones, users have the option of enabling a "lock screen" that requires a secret code (e.g., PIN, drawing a pattern, or biometric) to gain access to their devices. We present a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone users worldwide. Through a month-long field study, we logged events from a panel of users with instrumented smartphones (N=134). We are able to show how existing lock screen mechanisms provide users with distinct tradeoffs between usability (unlocking speed vs. unlocking frequency) and security. We find that PIN users take longer to enter their codes, but commit fewer errors than pattern users, who unlock more frequently and are very prone to errors. Overall, PIN and pattern users spent the same amount of time unlocking their devices on average. Additionally, unlock performance seemed unaffected for users enabling the stealth mode for patterns. Based on our results, we identify areas where device locking mechanisms can be improved to result in fewer human errors -- increasing usability -- while also maintaining security.

References

[1]
Panagiotis Andriotis, Theo Tryfonas, and George Oikonomou. 2014. Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method. In Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533. Springer-Verlag NY, Inc., NY, NY, USA, 115-126.
[2]
Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT'10). USENIX Association, Berkeley, CA, USA, 1-7. http: //dl.acm.org/citation.cfm?id=1925004.1925009
[3]
Adam J. Aviv, Benjamin Sapp, Matt Blaze, and Jonathan M. Smith. 2012. Practicality of Accelerometer Side Channels on Smartphones. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12). ACM, NY, NY, USA, 41-50.
[4]
Chandrasekhar Bhagavatula, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, and Blase Ur. 2014. Poster: Usability Analysis of Biometric Authentication Systems on Mobile Phones, In Symposium On Usable Privacy and Security Poster (SOUPS 2014). SOUPS Poster (2014).
[5]
Andrea Bianchi, Ian Oakley, Vassilis Kostakos, and Dong Soo Kwon. 2011. The Phone Lock: Audio and Haptic Shoulder-surfing Resistant PIN Entry Methods for Mobile Devices. In Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction (TEI '11). ACM, NY, NY, USA, 197-200.
[6]
Joseph Bonneau, Sören Preibusch, and Ross Anderson. 2012. A Birthday Present Every Eleven Wallets? The Security of Customer-Chosen Banking PINs. In Financial Cryptography and Data Security, Angelos D. Keromytis (Ed.). Lecture Notes in Computer Science, Vol. 7397. Springer Berlin Heidelberg, 25-40.
[7]
Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and I Know It's You!: Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '12). ACM, NY, NY, USA, 987-996.
[8]
Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, and Heinrich Hussmann. 2015. I Feel Like I'm Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, NY, NY, USA, 1411-1414.
[9]
Alexander De Luca, Marian Harbach, Emanuel von Zezschwitz, Max-Emanuel Maurer, Bernhard Ewald Slawik, Heinrich Hussmann, and Matthew Smith. 2014. Now You See Me, Now You Don't: Protecting Smartphone Authentication from Shoulder Surfers. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '14). ACM, NY, NY, USA, 2937-2946.
[10]
Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock? Understanding user motivations for smartphone locking behaviors. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, NY, NY, USA, 750-761.
[11]
Rainhard D. Findling and Rene Mayrhofer. 2013. Towards Secure Personal Device Unlock Using Stereo Camera Pan Shots. In Computer Aided Systems Theory EUROCAST 2013, Roberto Moreno-Daz, Franz Pichler, and Alexis Quesada-Arencibia (Eds.). Lecture Notes in Computer Science, Vol. 8112. Springer Berlin Heidelberg, 417-425.
[12]
Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception. In Symposium On Usable Privacy and Security (SOUPS 2014). USENIX Association, Menlo Park, CA, 213-230. https://www.usenix.org/conference/ soups2014/proceedings/presentation/harbach
[13]
Eiji Hayashi, Sauvik Das, Shahriyar Amini, Jason Hong, and Ian Oakley. 2013. CASA: Context-aware Scalable Authentication. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, NY, NY, USA, Article 3, 10 pages.
[14]
Sung-Hwan Kim, Jong-Woo Kim, Seon-Yeong Kim, and Hwan-Gue Cho. 2011. A New Shoulder-surfing Resistant Password for Mobile Environments. In Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication (ICUIMC '11). ACM, NY, NY, USA, Article 27, 8 pages.
[15]
Anandatirtha Nandugudi, Anudipa Maiti, Taeyeon Ki, Fatih Bulut, Murat Demirbas, Tevfik Kosar, Chunming Qiao, Steven Y. Ko, and Geoffrey Challen. 2013. PhoneLab: A Large Programmable Smartphone Testbed. In Proceedings of First International Workshop on Sensing and Big Data Mining (SENSEMINE'13). ACM, NY, NY, USA, Article 4, 6 pages.
[16]
Stuart Schechter and Joseph Bonneau. 2015. Learning Assigned Secrets for Unlocking Mobile Devices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, Ottawa, 277-295. https://www.usenix.org/conference/soups2015/ proceedings/presentation/schechter
[17]
Hanul Sieger, Niklas Kirschnick, and Sebastian Moller. 2010. Poster: User preferences for biometric authentication methods and graded security on mobile phones, In Symposium On Usable Privacy and Security Poster (SOUPS 2010). SOUPS Poster (2010).
[18]
Laurent Simon and Ross Anderson. 2013. PIN Skimmer: Inferring PINs Through the Camera and Microphone. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices (SPSM '13). ACM, NY, NY, USA, 67-78.
[19]
Tetsuji Takada and Yuki Kokubun. 2013. Extended PIN Authentication Scheme Allowing Multi-Touch Key Input. In Proceedings of International Conference on Advances in Mobile Computing & Multimedia (MoMM '13). ACM, NY, NY, USA, Article 307, 4 pages.
[20]
Sebastian Uellenbeck, Markus Durmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). ACM, NY, NY, USA, 161-172.
[21]
Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015a. SwiPIN: Fast and Secure PIN-Entry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, NY, NY, USA, 1403-1406.
[22]
Emanuel von Zezschwitz, Alexander De Luca, Philipp Janssen, and Heinrich Hussmann. 2015b. Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)Lock Patterns. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, NY, NY, USA, 2339-2342.
[23]
Emanuel von Zezschwitz, Paul Dunphy, and Alexander De Luca. 2013. Patterns in the Wild: A Field Study of the Usability of Pattern and Pin-based Authentication on Mobile Devices. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services (MobileHCI '13). ACM, NY, NY, USA, 261-270.
[24]
Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. 2014. You Are How You Touch: User Verification on Smartphones via Tapping Behaviors. In Proceedings of the 2014 IEEE 22nd International Conference on Network Protocols (ICNP '14). IEEE Computer Society, Washington, DC, USA, 221-232.

Cited By

View all
  • (2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
  • (2025)Security Risks and Designs in the Connected Vehicle Ecosystem: In-Vehicle and Edge PlatformsIEEE Open Journal of Vehicular Technology10.1109/OJVT.2024.35240886(442-454)Online publication date: 2025
  • (2024)Act2Auth – A Novel Authentication Concept based on Embedded Tangible Interaction at DesksProceedings of the Eighteenth International Conference on Tangible, Embedded, and Embodied Interaction10.1145/3623509.3633360(1-15)Online publication date: 11-Feb-2024
  • Show More Cited By

Index Terms

  1. The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems
    May 2016
    6108 pages
    ISBN:9781450333627
    DOI:10.1145/2858036
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 07 May 2016

    Check for updates

    Badges

    • Honorable Mention

    Author Tags

    1. android
    2. field study
    3. lock screen
    4. security
    5. smartphone
    6. usability

    Qualifiers

    • Research-article

    Funding Sources

    • German Academic Exchange Service
    • NSF

    Conference

    CHI'16
    Sponsor:
    CHI'16: CHI Conference on Human Factors in Computing Systems
    May 7 - 12, 2016
    California, San Jose, USA

    Acceptance Rates

    CHI '16 Paper Acceptance Rate 565 of 2,435 submissions, 23%;
    Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

    Upcoming Conference

    CHI 2025
    ACM CHI Conference on Human Factors in Computing Systems
    April 26 - May 1, 2025
    Yokohama , Japan

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)294
    • Downloads (Last 6 weeks)45
    Reflects downloads up to 13 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)A Review on Secure Authentication Mechanisms for Mobile SecuritySensors10.3390/s2503070025:3(700)Online publication date: 24-Jan-2025
    • (2025)Security Risks and Designs in the Connected Vehicle Ecosystem: In-Vehicle and Edge PlatformsIEEE Open Journal of Vehicular Technology10.1109/OJVT.2024.35240886(442-454)Online publication date: 2025
    • (2024)Act2Auth – A Novel Authentication Concept based on Embedded Tangible Interaction at DesksProceedings of the Eighteenth International Conference on Tangible, Embedded, and Embodied Interaction10.1145/3623509.3633360(1-15)Online publication date: 11-Feb-2024
    • (2024)Where Do You Look When Unlocking Your Phone? : A Field Study of Gaze Behaviour During Smartphone UnlockExtended Abstracts of the CHI Conference on Human Factors in Computing Systems10.1145/3613905.3651094(1-7)Online publication date: 11-May-2024
    • (2024)It's All in the Touch: Authenticating Users With HOST Gestures on Multi-Touch Screen DevicesIEEE Transactions on Mobile Computing10.1109/TMC.2024.337101423:10(10016-10030)Online publication date: Oct-2024
    • (2024)User Verification System using Location-based Dynamic Questions for Account Recovery2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00006(9-16)Online publication date: 23-May-2024
    • (2024)Continuous Smartphone User Authentication Based on Gesture-Sensor Fusion2024 International Conference on Networking and Network Applications (NaNA)10.1109/NaNA63151.2024.00091(516-522)Online publication date: 9-Aug-2024
    • (2023)On the Long-Term Effects of Continuous Keystroke AuthenticationProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35962367:2(1-32)Online publication date: 12-Jun-2023
    • (2023)WristAcousticProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/35694736:4(1-34)Online publication date: 11-Jan-2023
    • (2023)PupilHeart: Heart Rate Variability Monitoring via Pupillary Fluctuations on Mobile DevicesIEEE Internet of Things Journal10.1109/JIOT.2023.327755510:20(18042-18053)Online publication date: 15-Oct-2023
    • Show More Cited By

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media