Mobile security vs. ease-of-use

18 Apr 2009 - 6:06pm
7 years ago
5 replies
801 reads
Barbara Ballard

2009/4/16 Erik Wingren <ixda at>:
> 1. What is your thinking/point-of-view on application-level security requirements for a mobile app, where one of its' features is to store personal, potentially sensitive data, when the app runs on a mobile device that already has built-in security layers at the OS-level?

It depends. If your market consists of enterprise customers who are
using devices managed by their IT department, then you can feel
reasonably safe that the device security will be handled.

I actually don't know of very many other folks who are using any sort
of password protection on their phone. Savvy users are STARTING to
clue in to the problem. Starting. Gmail app recommends that you enable
password protection of the phone. Password protection is off by

The next level of thinking is whether the sensitive data requires a
network connection to see, and just how sensitive the data is.

Consider viewing the current status of my stock portfolio. This
clearly is sensitive data, but how sensitive? Most people, if they
lose their phone, will both deactivate their previous device and
acquire a replacement. They don't want to pay for purchases and use
somebody else is going to make with their phone.

So, a stock portfolio status has a 24 hour period in which a thief (or
lucky person) might possibly look at the data. This is a pretty small

Allowing changes to a portfolio: VERY large risk. Require password. Period.

Also consider pre-paid customers, who are adopting web and apps as
well. (Pre-paid is more popular amongst Hispanic communities, and
mobile data adoption is higher amongst Hispanics). That same phone, on
a pre-paid plan, when lost will not likely recovered. It might not be
deactivated ("oh, it just has $5 left on it; I won't bother.")

So the security hole is a bit larger for this group.

I think the best solution is to somehow detect type of plan and
whether the device's password is on. We can't do that if we are
working on downloaded apps or web sites.

Instead, consider having an application password, on by default, with
advanced users having the ability to explicitly turn it off.

I also admire the two-level system adopted by many bank sites and at
least the 1Password application. You enter the service using a first
password (perhaps with the option of turning it off), and you can get
to a lower-sensitivity level of data. Much of the time this is all you
need. Sometimes you want access to more detailed, sensitive, or risky
data. In those cases, the user must enter a second password or PIN.

> 2. Does anyone have evidence to share, formal or anecdotal, on the percentage of iPhone/mobile users that complete registration (asking for email-as-username and password) when this is required on initial use?

For which application? What type of application? From what you
suggest, the app wouldn't work otherwise.

I do know that (for at least some large set of iPhone apps) 75% of
downloads aren't opened after day 1. See slides 12-14 here:

(same link: )

So there are already major issues. I'd consider carefully doing
anything to push those statistics even further down.

Try it out for your own app, with analytics from somebody like Flurry
or Pinch Media.

> 3. Same as above, but to what degree repeat usage starts trailing if login is required on subsequent uses?

I've not seen stats like that. But go look at those three slides. They
are sobering. Are you making money off of those subsequent views?

Barbara Ballard
Skype: barbara_ballard
Twitter, Delicious: barbaraballard
email: barbara at


19 Apr 2009 - 11:13am

Barbara Ballard wrote:
> I actually don't know of very many other folks who are using any sort
> of password protection on their phone.

Google's Android has a really nice feature where the password protection
is integrated into how you swipe the screen to unlock the phone. There
are a grid of dots, and how you connect them as you swipe-to-unlock is
actually your pass phrase.

There's probably something similar for the iPhone but I've never seen
anyone use it.

J. Eric "jet" Townsend, CMU Master of Tangible Interaction Design '09

design:; hacking:; HF: KG6ZVQ
PGP: 0xD0D8C2E8 AC9B 0A23 C61A 1B4A 27C5 F799 A681 3C11 D0D8 C2E8

19 Apr 2009 - 9:14pm
Michel Milano

In the interest of thinking more big-picture about the security of an
iphone, you might find some of the information from J. Zdziarski of

I can't seem to locate a decent summary link anymore, but this one
is a start:

the source seminar itself is

The gist is that passwords are potentially fragile and information
lingers locally. Meanwhile, encryption should be an app requirement
and responsibility.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new

20 Apr 2009 - 2:50am

Thank you very much.I will go back to my friends and have a closer
look at the problem. Then I will PM you if that's OK.
I am very suspicious of the quote and find it a little strange like
you...but I am not an expert!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new

20 Apr 2009 - 6:38am

Erik Wingren wrote:

> @ jet: That is a really clever twist - using the touchscreen interaction
> to make login fun! Is this from the Android OS-level security or an app
> running on Android? If the latter, which one?

This is OS-level security on Android.

J. Eric "jet" Townsend, CMU Master of Tangible Interaction Design '09

design:; hacking:; HF: KG6ZVQ
PGP: 0xD0D8C2E8 AC9B 0A23 C61A 1B4A 27C5 F799 A681 3C11 D0D8 C2E8

Syndicate content Get the feed