“No Good Reason to Remove Features”

Expert Users Value Useful Apps over Secure Ones
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10292)


Application sandboxes are an essential security mechanism to contain malware, but are seldom used on desktops. To understand why this is the case, we interviewed 13 expert users about app appropriation decisions they made on their desktop computers. We collected 201 statements about app appropriation decisions. Our value-sensitive empirical analysis of the interviews revealed that (a) security played a very minor role in app appropriation; (b) users valued plugins that support their productivity; (c) users may abandon apps that remove a feature – especially when a feature was blocked for security reasons. Our expert desktop users valued a stable user experience and flexibility, and are unwilling to sacrifice those for better security. We conclude that sandboxing – as currently implemented – is unlikely to be voluntarily adopted, especially by expert users. For sandboxing to become a desirable security mechanism, they must first accommodate plugins and features widely found in popular desktop apps.


Value-Sensitive Design Security Productive security Sandboxing Apps Appropriation 


  1. 1.
    Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  2. 2.
    Apple Inc.: App Sandboxing, September 2016.
  3. 3.
    Apple Inc.: iOS Security iOS 9.3 or later, May 2016.
  4. 4.
    Beautement, A., Becker, I., Parkin, S., Krol, K., Sasse, A.: Productive security: a scalable methodology for analysing employee security behaviours. In: SOUPS 2016. USENIX Association (2016)Google Scholar
  5. 5.
    Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behaviour in organisations. In: NSPW 2008. ACM (2008)Google Scholar
  6. 6.
    Chacos, B.: And the study says: Windows 8 users rarely touch Metro apps, May 2013.
  7. 7.
    Canonical: Ubuntu Core Documentation - Security and Sandboxing (2016).
  8. 8.
    Counsell, D.: Not on the Mac App Store, November 2015.
  9. 9.
    Docker Inc.: Overview of Docker Hub (2016).
  10. 10.
    Flatpak: Flatpak - the future of application distribution (2016).
  11. 11.
    Friedman, B.: Value-sensitive design. Interactions 3(6), 16–23 (1996)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Google: Android: application security, September 2016.
  13. 13.
    Hoffman, C.: Why the Mac App Store Doesn’t Have the Applications You Want, March 2015.
  14. 14.
    Hoffman, C.: Why Desktop Apps Arent Available in the Windows Store (Yet), March 2016.
  15. 15.
    Paul, I.: The 10 most glaring Windows Store no-shows, April 2013.
  16. 16.
    Kirlappos, I., Parkin, S., Sasse, M.: Learning from shadow security: why understanding non-compliance provides the basis for effective security. In: Workshop on Usable Security, USEC 2014, February 2014Google Scholar
  17. 17.
    Mathiasen, N.R., Bødker, S.: Threats or threads: from usable security to secure experience? In: NordiCHI 2008. ACM (2008)Google Scholar
  18. 18.
    McCarthy, J.C., Wright, P.: Technology as Experience. MIT Press, Cambridge (2004)Google Scholar
  19. 19.
    Microsoft: Windows 8 Security Overview, June 2013.
  20. 20.
    Dzhumerov, M.: Mac App Store: The Subtle Exodus, October 2014.
  21. 21.
    Nichols, A.L., Maner, J.K.: The good-subject effect: investigating participant demand characteristics. J. Gen. Psychol. 135(2), 151–165 (2008)CrossRefGoogle Scholar
  22. 22.
    Cohen, P.: The Mac App Store and the trouble with sandboxing, April 2014.
  23. 23.
    Potter, S., Nieh, J.: Apiary: easy-to-use desktop application fault containment on commodity operating systems. In: USENIX ATC 2010 (2010)Google Scholar
  24. 24.
    Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’ a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3), 122–131 (2001)CrossRefGoogle Scholar
  25. 25.
    Schreuders, Z.C., McGill, T., Payne, C.: Empowering end users to confine their own applications: the results of a usability study comparing SELinux, AppArmor, and FBAC-LSM. ACM Trans. Inf. Syst. Secur. 14(2): (2011)Google Scholar
  26. 26.
    Sketch: Leaving the Mac App Store, December 2015.
  27. 27.
    Smetters, D.K., Grinter, R.E.: Moving from the design of usable security technologies to the design of useful secure applications. In: NSPW 2002. ACM (2002)Google Scholar
  28. 28.
    Statista: Most popular Google Play app categories in February 2014, by device installs, February 2014.
  29. 29.
    Statista: Most popular Apple App Store categories in June 2016, by share of available apps, June 2016.
  30. 30.
    Strauss, A., Corbin, J.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications Inc., Thousand Oaks (1998)Google Scholar
  31. 31.
    Streeting, S.: Between a rock and a hard place our decision to abandon the Mac App Store, February 2012.
  32. 32.
    Yee, K.P.: Aligning security and usability. IEEE Secur. Priv. 2(5), 48–55 (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University College LondonLondonUK

Personalised recommendations