Talk presented at UX Camp Brighton 2016 – Redux on 14/06/16 at 68 Middle Street
See original blog post for the version of this talk given at UX Camp Brighton, 2016 (19/03/16).
Video version of original talk.FACTORS OF TRUST IN IOT APP INTERFACES from Fiona MacNeill on Vimeo. Session description:
Does your app rely on OAuth to offer connection to other apps and services? Based on my research studying app-to-device relationships in Internet of Things systems (e.g. Fitbit, Jawbone UP, Nest, SmartThings, Glooko), I have uncovered some best practice recommendations when it comes to inspiring trust within your interface.
Trust definitions used in this video are from Pavlidis, Islam, Mouratidis, and Kearney (2014).
This research is aligned with the SenSe research Cluster at the University of Brighton (secure and dependable software systems).
The SenSe cluster aims to develop novel and pragmatic ways to assure the dependability of software systems with particular emphasis on security, trust and risk. We focus on theories from model-based engineering and analysis-based assurance to develop methods, models, practices and tools that promote the provision of security and dependability in complex interconnected and heterogeneous systems and information infrastructures that underpin our economy and society.
Preliminary recommendations: UX Questions to Ask in Relation to IoT Apps
|#||Category||Questions to ask|
|1||System dialogues and Semantics||Are system dialogues consistent?
Are all the settings housed together?
Can the Terms of Service (or a shortened format of ToSs) be accessed from within the app?
Can connected apps and devices be reviewed/managed from within the app?
Can support documentation be accessed from within the app?
|3||Checkups for Setup/Workflow/Privacy
An essential part of onboarding. Also a method for supporting trust and helping users to invest time in learning the higher-level functions of an app, which promotes realisation of app benefits and long-term commitment to use of the app (Brignull, 2013).
|Periodic reminders about setup:
Periodic review of workflow:
A possible incentive could be that the workflow will stop/timeout if it is not reviewed a la IFTTT.
Non-legalese overview of changes to T&Cs should be included in privacy checks.
|4||Role/function of the app
Applies to central app and third-party apps.
This sounds really obvious, but a lot of primary IoT apps don’t actually explain their purpose within the system.
What service does the app offer?
What need does the app fulfill?
What does the app do?
How important is the app to the operation of the system? E.g. is it the primary interface or management tool for the system?
What data does it need? – Make it clear what is used and why, in plain English.
|5||Health/status of hub/sensor/device
At any point in time the user should be able to view a basic log of what is currently going on in the system.
What is going on in the system right now?
Is recent system activity accessible?
Is it possible to access logs from other time periods?
Is it possible to see what communication channels are in operation?
What third-party apps are connected to the system, what are they doing?
What third-party devices are connected to the system, what are they doing?
This should be more like what you expect from your banking app when it comes to overseeing the operation of high-importance health, home/business automation IoT systems.
|6||OAUTH and API: secondary app data use||
Respect users and prove that your app is more trustworthy by only calling data that you are actually using.
What data is needed into order to provide the desired third-party service?
How is the data used to provide the service?
Note: platform manufacturers/developers need to ensure that third-party apps aren’t over-privileged in terms of the data they access and the calls they can make via APIs (See the work of Fernandes, Jung and Prakesh, 2016). Developers need to state their intention when it comes to use of information that they call via the API. This doesn’t stop those with malicious intent, but it helps users to distinguish between those who pay due diligence to privacy and those who are either malicious or sloppy.
|7|| What is shared?
Can data access be allowed/disallowed?
Once disallowed from the primary app, is this decision upheld?
Ideal world: provide granular options for allowing/disallowing access to data which is not necessary for the operation of the service offered by the app. Better yet, don’t ask for the data at all if it isn’t essential to operation.
Is two-step authentication an option for the web app and login from a new device?
Does the smartphone/tablet app offer biometric authentication?
Does the app offer the option of setting a passcode for auto screen lock?
Particularly if the app controls home appliances.
|9||Dependency and operational relationship||
As systems become more complicated it is crucial that the user is aided in building a mental picture of the basic configuration of the system. I keep thinking of Max when I think of this: https://cycling74.com/products/max/
Is logging available?
What is going on in the system right now?
What is attached to this system (devices/sensors/users)?
Is the system visualised in any way?
|10||Try before you buy||
Wearables have the right idea on this one, allowing you to trial a wearable companion app using your smartphone’s built-in sensors. What if you could try out the perks of the system before you buy the actual device?
Is a preview of how the app will operate with devices, provided as part of onboarding?
Can you try of some of the functionality of the system without buying a system-specific device?
[alex]. (2016, May 2). SmartThings platform security – response from Alex. Retrieved June 13, 2016, from https://community.smartthings.com/t/smartthings-platform-security-response-from-alex/46878
Aliph, Inc. (2016). Jawbone UP (Version 4.13) [Mobile application software]. Retrieved from https://itunes.apple.com/gb/app/up-by-jawbone-track-up-move/id461125277?mt=8
Barcena, M. B., Wueest, C., & Lau, H. (2014). How safe is your quantified self? (1.1). Retrieved from http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/how-safe-is-your-quanti fied-self.pdf
BBC (2016). Hidden killers, series 1: 2. The Edwardian home Retrieved from http://www.bbc.co.uk/iplayer/episode/b03lyv9x/hidden-killers-series-1-2-the-edwardian-home
Bilton, N. (2016, January 18). Nest thermostat glitch leaves users in the cold. The New York Times. Retrieved from http://www.nytimes.com/2016/01/14/fashion/nest-thermostat-glitch-battery-dies-software-freeze.html
Bradbury, D. (2015, November 26). Usability v safety: How to design our way to better security. The Guardian. Retrieved from https://www.theguardian.com/media-network/2015/nov/26/usability-safety-how-to-design-better-security-technology
Brooks, J. (2016, January 8). Fitbit hit with class action lawsuit over alleged misreading of heart rates [Blog post]. Retrieved from http://ww2.kqed.org/futureofyou/2016/01/08/fitbit-hit-with-class-action-lawsuit-over-alleged-misreading-of-heart-rates/
Brignull, H. (2013, March). Ramp Up. Personalising the experience, Brighton. Retrieved from http://uxbrighton.org.uk/Personalisation-the-Experience/
Brignull, H. (2016). User interfaces designed to trick people. Retrieved June 13, 2016, from http://darkpatterns.org/
Catalyst IT. (2016). Mahara (Version 1.10.5) [Computer software]. Retrieved from http://mahara.org
Chen, E. Y., Pei, Y., Chen, S., Tian, Y., Kotcher, R., & Tague, P. (2014). OAuth Demystified for mobile application developers. CCS ’14 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/2660267.2660323
Cluley, G. (2013, February 13). Jawbone accounts compromised by hackers – personal info accessed, passwords disabled [Blog post]. Retrieved from https://nakedsecurity.sophos.com/2013/02/13/jawbone-hack/
Cycling’74. Max is a visual programming language for media. Retrieved March 19, 2016, from https://cycling74.com/products/max/
Ericsson. (2016, June). Wearable technology and the Internet of things. Retrieved from https://www.ericsson.com/thinkingahead/consumerlab/consumer-insights/wearable-technology-and-the-internet-of-things
Faily, S. (2014). Engaging stakeholders in security design: An assumption-driven approach. Proceedings of the Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014), Plymouth, 21-29. doi:10.13140/2.1.3997.2647
Feamster, N. (2016, January 19). Who will secure the Internet of things? [Blog post]. Retrieved from https://freedom-to-tinker.com/blog/feamster/who-will-secure-the-internet-of-things/
Felt, A. P., Egelman, S., & Wagner, D. (2012). I’ve got 99 problems, but vibration ain’t one. Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices – SPSM ’12. doi:10.1145/2381934.2381943
Field, C. (2004, January 23). Danger high voltage! Edwardian electric Tablecloth uncovered Retrieved from http://www.culture24.org.uk/history-and-heritage/art19432
Fitbit, inc. (2016). Fitbit (Version 2.18) [Mobile application software]. Retrieved from https://itunes.apple.com/gb/app/fitbit/id462638897?mt=8
Guadamuz, A. (2015). The monkey selfie: Copyright lessons for originality in photographs and internet jurisdiction. Internet Policy Review. doi:10.14763/2016.1.398
Glooko, Inc. (2015). Glooko (Version 3.2) [Mobile application software]. Retrieved from https://itunes.apple.com/gb/app/glooko/id471942748?mt=8
Harrison, D., Marshall, P., Bianchi-Berthouze, N., & Bird, J. (2015). Activity tracking: Barriets, workarounds and customisation. Proceedings of UBICOMP ‘15, Osaka, Japan. doi:10.1145/2750858.2805832
Hess, W. (2015, May 7). Onboarding: Designing Welcoming First Experiences. Retrieved March 19, 2016, from http://uxmag.com/articles/onboarding-designing-welcoming-first-experiences
Higginbotham, S. (2016, January 22). Episode 42: These are the two biggest challenges facing the smart home Retrieved from http://iotpodcast.com/2016/01/episode-42-these-are-the-two-biggest-challenges-facing-the-smart-home/
Higginbotham, S. (2016, March 17). Episode 50: Are your devices being held hostage?. Retrieved March 28, 2016, from http://iotpodcast.com/2016/03/nest-hostage/
Internet Policy Review. (2013). Privacy & security. Retrieved June 13, 2016, from http://policyreview.info/categories/privacy-security
IoT security research at university of Michigan. (2016). Retrieved June 13, 2016, from https://iotsecurity.eecs.umich.edu/
Kastrenakes, J. (2016, March 10). Nest can now use your phone to tell when you’ve left the house Retrieved from http://www.theverge.com/2016/3/10/11188888/nest-now-uses-location-for-home-away-states-launches-family-accounts
Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., & Kavakli, E. (2014). Towards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts. Computer Stan- dards & Interfaces, 36(4), 759–775. doi:10.1016/j.csi.2013.12.010
Krok, A. (2016, June 6). British security firm hacks Mitsubishi Outlander via mobile app, Wi-Fi – Roadshow. Retrieved June 12, 2016, from http://www.cnet.com/roadshow/news/british-security-firm-hacks-mitsubishi-outlander-via-mobile-app-wi-fi/
Lohr, S. (2016, June 9). Tony Fadell steps down amid tumult at nest, a Google acquisition. Technology. Retrieved from http://www.nytimes.com/2016/06/04/technology/tony-fadell-nest-google-alphabet.html
Malik, O. (2015, December 30). In Silicon valley now, it’s almost always winner takes all. The New Yorker. Retrieved from http://www.newyorker.com/tech/elements/in-silicon-valley-now-its-almost-always-winner-takes-all
myDevices. (2016). First IoT project builder – myDevices cayenne. Retrieved March 19, 2016, from https://www.cayenne-mydevices.com/
Nest Labs, Inc. (2016). Nest app (Version 5.2.2) [Mobile application software]. Retrieved from https://itunes.apple.com/gb/app/nest-app/id464988855?mt=8
O’Neill, O. (2002). A question of trust: The BBC Reith lectures 2002 (4th ed.). United Kingdom: Cambridge University Press.
O’Neill, O. (2013, September 25). How to trust intelligently [Blog post]. Retrieved from http://blog.ted.com/ how-to-trust-intelligently/
openHAB. (2016). OpenHAB. Retrieved June 13, 2016, from http://www.openhab.org/
Rogers, C. Martha Lane Fox interviewed by the house magazine Retrieved from https://doteveryone.org.uk/blog/2016/05/martha-lane-fox-in-the-house-magazine/
Sasse, A. (2015). Scaring and bullying people into security won’t work. IEEE Security & Privacy 13(3), 80-83. doi:10.1109/MSP.2015.65
Scoseria, I. (2016). MyDevices launches cayenne, the world’s First drag-and-drop IoT project builder. Retrieved 19 March 2016, from http://press.mydevices.com/2016/01/26/mydevices-launches-cayenne-the-worlds-first-drag-and-drop-iot-project-builder/
Secure Tropos. (2013). SecTro2 (Version 2.1) [Computer software]. Retrieved from http://www.omilab.org/web/secure-tropos/environment
Sempers, P. (2015, October 19). Samsung Smartthings app tour on galaxy s6 – #ThinkSmartThings Retrieved from https://www.youtube.com/watch?v=UmqmpJg_xFA
Seuss (1999). The cat in the hat (5th ed.). New York: Random House USA Children’s Books.
Spary, S. (2016, January 6). Online criminals are tageting Fitbit user accounts. BuzzFeed News. Retrieved from http://www.buzzfeed.com/saraspary/online-criminals-are-targeting-fitbit-user-accounts
SmartThings, Inc. (2016). SmartThings Mobile (Version 2.0.7) [Mobile application software]. Retrieved from https://itunes.apple.com/gb/app/smartthings-mobile/id590800740?mt=8
Wollerton, M. (2016, May 23). The best smart hub. Retrieved from http://thewirecutter.com/reviews/best-smart-hub/
Woods, B. (2016, January 19). Hippocratic oath for connected medical devices. Retrieved June 12, 2016, from https://www.iamthecavalry.org/domains/medical/oath/