Why Implicit Authentication is Hard to Understand

Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. It relies on behavioural traits (e.g., gait patterns) for user identification, instead of biometric data or knowledge of a PIN. However, it is not yet known whether users can understand the semantics of this technology well enough to use it properly. In a study conducted by PhD students Masoud Mehrabi Koushki, Borke Obada-Obieh, and Samsung Researcher Jun Ho Huh, we investigated how Android’s Smart Lock (SL), which is the first widely deployed IA solution on smartphones, is understood by its users. 

We conducted a study gathering qualitative data from 26 smartphone users as well as quantitative data from 331 participants of an online survey. The results suggest that users often have difficulty understanding Smart Lock (SL) semantics, leaving them unable to judge when their phone would be (un)locked. We found that various aspects of SL, such as its capabilities and its authentication factors, are confusing for the users. We also found that depth of smartphone adoption is a significant antecedent of SL comprehension.


You can find more information in the paper:

Masoud Mehrabi Koushki, Borke Obada-Obieh, Jun Ho Huh, Konstantin Beznosov. “On Smartphone Users’ Difficulty with Understanding Implicit Authentication”. Proceedings of the ACM CHI Conference on Human Factors in Computing Systems (ACM CHI’21), 2021.


The following video provides a quick overview of the research.


You can also watch the full video presentation of the paper at CHI 2021 below.