The Anatomy of Smartphone Unlocking - Why and How Android Users Around the World Lock their Phones


With the growth in smartphone adoption around the world, threats to the personal information they contain are also increasing. To protect devices and their contents from unauthorized physical access, manufacturers offer locking mechanisms, such as PINs, passwords, and biometrics. However, from a security perspective, PINs and patterns are susceptible to guessing attacks [1, 4, 12] and shoulder-surfing [14]. Patterns are also vulnerable to smudge attacks [2]. Because of the limitations of existing locking mechanisms, a variety of novel techniques have been introduced in the academic literature. These include additional biometric security layers for PINs [15] and Android patterns [5], external hardware [3], and improving security by visual methods like indirect input [9, 11, 13]. However, for any alternative method to be successfully adopted, a detailed understanding of how real users interact with existing smartphone authentication mechanisms is needed. As a result, the motivation for our research is twofold. First, we sought to understand the adoption and usage of current locking mechanisms: which ones are used, and what motivates people to use them. Second, we wanted to establish benchmarks for the current authentication mechanisms, against which future research can be compared: users are unlikely to switch to a mechanism that requires more time or effort than their current one. To this end, we conducted two studies: an international survey [8] and a measurement-based in situ study [7].