Diogo Marques ; Tiago Guerreiro ; Luís Carriço ; Ivan Beschastnikh ; Konstantin Beznosov

01 February 2019

Abstract: Unauthorized physical access to personal devices by people known to the owner of the device is a common concern, and a common occurrence. But how do people experience incidents of unauthorized access? Using an online survey, we collected 102 accounts of unauthorized access. Participants wrote stories about past situations in which either they accessed the smartphone of someone they know, or someone they know accessed theirs. We describe the context leading up to these incidents, the course of events, and the consequences. We then identify two orthogonal themes in how participants conceptualized these incidents. First, participants understood trust as performative vulnerability: trust was necessary to sustain relationships, but building trust required displaying vulnerability to breaches. Second, participants were self-serving in their sensemaking: they blamed the circumstances, or the other person’s shortcomings, but rarely themselves. We discuss the implications of our findings for security design and practice.


Published in: In Proceedings of CHI 2019, Glasgow, UK: