Exploring the Adoption of Physical Security Controls in Smartphones

  • Nasser O. AlshammariEmail author
  • Alexios Mylonas
  • Mohamed Sedky
  • Justin Champion
  • Carolin Bauer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


The proliferation of smartphones has changed our life due to the enhanced connectivity, increased storage capacity and innovative functionality they offer. Their increased popularity has drawn the attention of attackers, thus, nowadays their users are exposed to many security and privacy threats. The fact that smartphones store significant data (e.g. personal, business, government, etc.) in combination with their mobility, increase the impact of unauthorized physical access to smartphones. However, past research has revealed that this is not clearly understood by smartphone users, as they disregard the available security controls. In this context, this paper explores the attitudes and perceptions towards security controls that protect smartphone user’s data from unauthorized physical access. We conducted a survey to measure their adoption and the reasons behind users’ selections. Our results, suggest that nowadays users are more concerned about their physical security, but still reveal that a considerable portion of our sample is prone to unauthorized physical access.


User acceptance of security policies and technologies Smartphone Security control Authentication Anti-Theft Biometrics 



Nasser O. Alshammari receives funding from the Ministry of Education in Saudi Arabia.


  1. 1.
  2. 2.
  3. 3.
    Apple: iOS Security Guide. Technical report, October 2014Google Scholar
  4. 4.
  5. 5.
  6. 6.
    Sales of Smartphones Grew 20 Percent in Third Quarter of 2014.
  7. 7.
  8. 8.
  9. 9.
    Andriotis, P., Tryfonas, T., Oikonomou, G.: Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 115–126. Springer, Heidelberg (2014)Google Scholar
  10. 10.
    Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks - WiSec 2013, Association for Computing Machinery, pp. 1–6. ACM, New York (2013)Google Scholar
  11. 11.
    Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. WOOT 10, 1–7 (2010)Google Scholar
  12. 12.
    Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium on Security and Privacy, pp. 538–552. Institute of Electrical & Electronics Engineers (IEEE) (2012).
  13. 13.
    Botelho, B.A.P., Nakamura, E.T., Uto, N.: Implementation of tools for brute forcing touch inputted passwords. In: 2012 International Conference for Internet Technology and Secured Transactions, pp. 807–808. IEEE, New Yok (2012)Google Scholar
  14. 14.
    Chin, E., Felt, A.P., Sekar, V., Wagner, D.: Measuring user confidence in smartphone security and privacy. In: Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS 2012. Association for Computing Machinery (ACM), New York (2012)Google Scholar
  15. 15.
    Ding, Y., Horster, P.: Undetectable on-line password guessing attacks. SIGOPS Oper. Syst. Rev. 29(4), 77–86 (1995)CrossRefGoogle Scholar
  16. 16.
    Harbach, M., von Zezschwitz, E., Fichtner, A., De Luca, A., Smith, M.: It’s a hard lock life: a field study of smartphone (un) locking behavior and risk perception. In: Symposium on Usable Privacy and Security (SOUPS), pp. 9–11 (2014)Google Scholar
  17. 17.
    Kraus, L., Wechsung, I., Möller, S.: A comparison of privacy and security knowledge and privacy concern as influencing factors for mobile protection behavior. In: Workshop on Privacy Personas and Segmentation (PPS) (2014)Google Scholar
  18. 18.
    Mylonas, A., Gritzalis, D., Tsoumas, B., Apostolopoulos, T.: A Qualitative metrics vector for the awareness of smartphone security users. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds.) International Conference on Trust, Privacy & Security in Digital Business (LNCS), pp. 173–184. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  19. 19.
    Mylonas, A., Kastania, A., Gritzalis, D.: Delegate the smartphone user? security awareness in smartphone platforms. Comput. Secur. 34, 47–66 (2013)CrossRefGoogle Scholar
  20. 20.
    Mylonas, A., Theoharidou, M., Gritzalis, D.: Assessing privacy risks in android: a user-centric approach. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, M.-F. (eds.) RISK 2013. LNCS, vol. 8418, pp. 21–37. Springer, Heidelberg (2014)Google Scholar
  21. 21.
    Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security - SOUPS 2006, pp. 56–66. Association for Computing Machinery (ACM) (2006)Google Scholar
  22. 22.
    Theoharidou, M., Mylonas, A., Gritzalis, D.: A risk assessment method for smartphones. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 443–456. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. 23.
    Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security - CCS 2013, pp. 161–172. ACM (2013)Google Scholar
  24. 24.
    Yu, X., Wang, Z., Sun, K., Zhu, W.T., Gao, N., Jing, J.: Remotely wiping sensitive data on stolen smartphones. In: Proceedings of the 9th ACM Symposium on Information Computer and Communications Security - ASIA CCS 2014, pp. 537–542. ACM (2014)Google Scholar
  25. 25.
    Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defence for recall-based graphical passwords. In: Proceedings of the Seventh Symposium on Usable Privacy and Security - SOUPS 2011, ACM (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Nasser O. Alshammari
    • 1
    • 2
    Email author
  • Alexios Mylonas
    • 1
    • 3
  • Mohamed Sedky
    • 1
  • Justin Champion
    • 1
  • Carolin Bauer
    • 1
  1. 1.Staffordshire UniversityStaffordUK
  2. 2.College of Information and Computer ScienceAljouf UniversitySakakaSaudi Arabia
  3. 3.Information Security and Critical Infrastructure Protection Research Laboratory, Department of InformaticsAthens University of Economics and BusinessAthensGreece

Personalised recommendations