The Anatomy of Smartphone Unlocking A Field Study of Android Lock Screens MarianHarbach1,AlexanderDeLuca2,SergeEgelman1,3 1InternationalComputerScienceInstitute,Berkeley,CA 2Google,Zurich,Switzerland 3UniversityofCalifornia,Berkeley,CA [email protected],[email protected],[email protected] ABSTRACT on improving smartphone authentication, including improv- Topreventunauthorizedpartiesfromaccessingdatastoredon ingadoption. Researchersproposenewlockingmechanisms theirsmartphones, usershavetheoptionofenablinga“lock onaregularbasis. screen”thatrequiresasecretcode(e.g.,PIN,drawingapat- Asweshowinthispaper,theresearchonthesesystemsoper- tern,orbiometric)togainaccesstotheirdevices. Wepresent atesonassumptionsaboutsmartphoneauthenticationthatare a detailed analysis of the smartphone locking mechanisms overly optimistic or simply not true. For instance, a system currentlyavailabletobillionsofsmartphoneusersworldwide. thattakes10secondstoauthenticatemightbefineinalabora- Through a month-long field study, we logged events from a torysetting,butitsusabilityintherealworldisquestionable panel of users with instrumented smartphones (N = 134). whenauserhastounlockherphoneupto50timesperday. We are able to show how existing lock screen mechanisms Thus,inordertoimprovetheusabilityandadoptionofsmart- provide users with distinct tradeoffs between usability (un- phoneauthenticationmechanisms,anunderstandingofusers’ lockingspeedvs. unlockingfrequency)andsecurity. Wefind insitubehaviorsoverlongperiodsoftimeisnecessary. that PIN users take longer to enter their codes, but commit fewererrorsthanpatternusers, whounlockmorefrequently Recent research has taken steps to better understand smart- and are very prone to errors. Overall, PIN and pattern users phonelockinginthewild,suchasbyidentifyingbasicprefer- spentthesameamountoftimeunlockingtheirdevicesonav- ences[23],usagepatternsandperformance[12],andattitudes erage. Additionally, unlock performance seemed unaffected towardsunlocking[10]. However,theperformancedatafrom forusersenablingthestealthmodeforpatterns. Basedonour theselaboratoryandfieldstudiesisstillnotverydetailedand results, we identify areas where device locking mechanisms weareunawareofanystudythathaslookedatexactauthen- canbeimprovedtoresultinfewerhumanerrors–increasing ticationtimesanderrorratesinarealworldsetup. Harbach usability–whilealsomaintainingsecurity. et al. performed the only prior field study of which we are aware [12], and their instrumentation did not allow for the captureofunlockingerrorsnordidtheydifferentiatebetween AuthorKeywords preparationandactualunlockingtime,whichprecludedade- Smartphone;security;Android;lockscreen;fieldstudy; tailedusabilityanalysis. usability Weperformedafieldstudyoveronemonthwith134partic- ipants of mixed demographics. We collected detailed data ACMClassificationKeywords on unlocking, authentication speed, error counts, and types H.5.2. Information Interfaces and Presentation: User Inter- of errors. We provide detailed data on the influence of er- facesInputdevicesandstrategies,evaluation rorsonoverallauthenticationtimes,showingthat,forexam- ple,PINandpatternusersspendsimilaramountsoftimeun- lockingtheirdevices,consideringthehighernumberoferrors INTRODUCTION Due to increased processing power and storage capabilities, committedbypatternusers. Wefurthermoreshowtheinflu- modern smartphones store a plethora of sensitive data that enceofwearingawatchonoverallsessioncount, providing users want to prevent others from accessing [10]. This, to- proofthatmanydeviceactivationsfocusonsimpleactivities, gether with security and usability problems of current au- suchascheckingthetime. Also, thosepatternusersthatac- thentication systems [1, 2, 18, 22], has motivated research tivated the “stealth mode” (visited cells are not highlighted) performedaswellastheirless-securecounterparts. We argue that our work is complementary to the previously mentionedstudiesandfillsanimportantgapleftbythesere- Permissiontomakedigitalorhardcopiesofpartorallofthisworkforpersonalor searchefforts. Themaincontributionofthispaperisprovid- classroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributed ingabenchmarkofcurrentsmartphoneauthenticationmech- forprofitorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitation onthefirstpage.Copyrightsforthird-partycomponentsofthisworkmustbehonored. anisms for future research to be compared against, as users Forallotheruses,contacttheOwner/Author. areunlikelytoinvestmoreeffortintounlockingtheirsmart- Copyrightisheldbytheowner/author(s). CHI’16,May07-12,2016,SanJose,CA,USA phonesthantheycurrentlydo. ACM978-1-4503-3362-7/16/05. http://dx.doi.org/10.1145/2858036.2858267 RELATEDWORK one data point per day, which made real world applicability In this section, we discuss the need for research on smart- ofthedatatenuousatbest. Inordertofillthisgap,Harbach phoneauthenticationandpresentresearchonreplacingorex- etal.[12]providedthefirstrealworlddataontheamountof tendingcurrentsystemslikePINandtheAndroidunlockpat- timeusersspendunlockingtheirsmartphonesrelativetothe tern. We also outline work that has looked into users’ real total amount of time spent using them. They also employed worldperformanceandperceptionsofthesemechanisms. experiencesamplingtoprovidequantitativedataonthelike- lihood of shoulder surfing, showing that there are very few SmartphoneAuthenticationSystems caseswhenusersperceivethisthreat. Thishighlightstheap- Currently, the most common smartphone authentication propriatenessofcontext-dependentauthenticationsystemsas mechanisms are PINs, the Android unlock pattern, and bio- proposedbyHayashietal.[13]. metrics (e.g., Apple’s Touch ID or Android’s Face Unlock). Egelmanetal.[10]performedaseriesofinterviewsandon- Astheyarewidelyused,securityandusabilityproblemsbe- linesurveystoprovidedataonwhy(orwhynot)userschoose come more important. These systems need to prevent unau- tosecuretheirsmartphoneswithlockingmechanisms. They thorized parties from gaining access to devices (security), also quantified and correlated the breadth of sensitive data while also minimizing the legitimate user’s burden (usabil- storedonusers’deviceswithusers’perceptionssurrounding ity),intermsofbothcognitiveload(e.g.,rememberingaPIN) thatdata. Forinstance,theyshowedthataccesstoemailisa andthetimeittakestosuccessfullyauthenticate. heavilyunderestimatedrisk. PINsandpatternsarebothpronetoguessingattacks,asusers Whilethispreviousworkhaspaintedabetterpictureofhow tend to choose easy to remember and consequently easy to usersinteractwithsmartphonelockingmechanismsandsug- guesssecrets[1,6,20]. Inaddition,authenticationcodesare gestedwaysinwhichsmartphonelockingmechanismscanbe highlysusceptibletoshouldersurfing(i.e.,apersonspyingon improved, weareunawareofanypriorstudiesthathaveex- the user’s input in order to steal the secret) [22]. Aviv et al. aminedlockscreeninteractionsindetail. Thedatapresented alsofoundthatsmudgesonthescreenscaneasilybeusedto in this paper contributes to this line of work by filling a gap inferanAndroidunlockpattern[2]. Finally,sidechannelat- leftbyHarbachetal.[12]andEgelmanetal.[10]inthatwe tacksusingbuilt-insensors(e.g.,accelerometer,microphone, providedetailedquantitativedataonusers’interactionswith etc.) have been proven to be efficient ways to infer a user’s thesemechanismsinsitu. PINorpattern[3,18]. Biometrics have recently become a popular authentication METHOD optionforsmartphones[8]. Whiletheysolvemanyofthese- Our goal was to answer the following research questions in curity and usability problems of previous mechanisms, they ordertoprovideadeeperunderstandingofrealworldunlock- also have some shortcomings. Besides privacy issues, re- ingperformance, aswellastocollectbenchmarksandideas searchersshowedthatsomebiometricsystemscanbetricked forthedevelopmentoffuturenovellockingmechanisms: withrelativelysimplemethods(e.g.,[11]). Inaddition,users may perceive these systems as being insecure [17] or awk- 1. Howmuchtimedousersspendinteractingwithlockscreen ward to use in specific situations [4, 8]. Thus, getting bio- UIelementseachday? metricsrightishardandimportant:ifamechanismisseenas 2. Doeswearingawatchinfluencehowfrequentlythephone low-effortandsecure,usersmaybemotivatedtoprotecttheir isactivatedorunlocked? deviceswhentheyotherwisewouldnot[8,10]. 3. How much time do users spend on the lock screen before beginningtounlock? Therehasalsobeensignificantresearchefforttosolveexist- 4. Howlongdoesasuccessfulunlockattempttake? ing security problems of smartphone authentication. These 5. How do code length and line visibility impact successful includeadditionalbiometricsecuritylayersforPINs[24]and unlocktime? Androidpatterns[7],externalhardware[5],orimprovingse- curitybyvisualmethodslikeindirectinput[14,19,21]. This 6. How many errors do users commit when unlocking their isjustasmallexcerptofthehugebodyofliteratureonsmart- phones? phone authentication. However, for any of these alternative 7. Howlongdoadditionalattemptstakeandhowmuchtime methodstobesuccessfullyadopted,adetailedunderstanding iswastedthrougherrorsintotalperday? ofhowusersinteractwithexistingsmartphoneauthentication 8. Whichtypesoferrorsoccurmostfrequently? mechanismsinsituisneeded. 9. How frequently does the lock screen actually prevent someonefromaccessingthephone? RealWorldInsights 10. Whatareusers’subjectiveviewsofthetimeittakestoun- To provide a baseline understanding of users’ interactions lockandtheerrorscommitted? with existing smartphone authentication systems, recent re- In order to obtain the fine-grained field data about users’ searchhasbeguntoexaminethewaysinwhichusersinteract unlocking behaviors needed to answer these questions, we withthesemechanismsoutsideoflaboratoryenvironments. hadtoinstrumentusers’primarysmartphones. Thisalsore- In2013,vonZezschwitzetal.[23]providedfirstinsightson quired a modification of the Android operating system and thedifferencesbetweenPINsandtheAndroidpatterninareal thusflashinganewoperatingsystemontousers’devices. To world setting. However, in their study, users only provided facilitate such studies, the University of Buffalo offers aca- notreached Lock Homescreenandappinteraction Screen Timeout dismissed Code Abort off Code too correct s-t-u R etry short Abort Screen Preparation Key Code entry on wrong begin Retry Slideaborted Device sleeping No unlock Figure1. Theeventsandtransitionsloggedduringdatacollection. Sessionsareframedbyscreenonandoffevents. Afterkeyentryhasbegunwith thefirsttouchontheunlockingUIelements,theenteredcodecaneitherbecorrect,wrong,ortooshort.Ifthecodewascorrect,codeentrywasnotyet againnecessary,ornocodeisneeded(slide-to-unlock),thelockscreenisdismissed. demicresearchersaccesstothePhoneLabpanel1[15]ofmore After key entry begins, the entered code can either be cor- than 200 participants who have received customized smart- rect,incorrect,ortooshort. Ifthecodeisenteredincorrectly phones. These LG Nexus 5 phones run a modified Android five times, the user will be prevented from trying again for Open Source Project (AOSP) build and are instrumented to 30 seconds. If a code was too short (three digits/strokes or send log entries to a central server. The phones are period- less),Androiddoesnotcounttheattempttowardsthenumber icallyupdatedover-the-airsothatdatacollectionandexper- of failed attempts. After the key was entered correctly, the imentation modifications can be deployed in a flexible man- Keyguard(i.e.,thelockscreen)isdismissed. Wealsolog ner. Participantsprimarilyincludestudentsandstafffromthe thiseventtodetectdismissalswithoutcodeentry,e.g.,when UniversityofBuffalo. thelockscreentimeout(thetimebeforeare-authenticationis necessary)wasnotyetreachedorwhentheuserisnotusing We extended the instrumentation available on PhoneLab to a code-based lock. The latter case means that the slide-to- collect the necessary data, which was transparently dis- unlockmethod(s-t-u)isused,whichdoesnotinvolveacode, tributedtothepanelasanover-the-airupdateoftheirphones. butsimplyslidingthefingeracrossthescreentodismissthe Attheendofthestudyperiod,wealsodeployedasurveyin- lock. Android also offers the option to entirely disable the strumenttoparticipantstocollectqualitativeinformationon lockscreen,whichcausesthephonetoimmediatelyshowthe their unlocking behaviors. In the next sections, we describe homescreenwhenpressingthepowerbutton. ourinstrumentationandtheexitsurveyinmoredetail. After a failed or too-short unlock attempt, a user can either retry(ifanyattemptsareleft),orabortunlockingaltogether, Logging which will be logged as a screen off event. Finally, if the To gather detailed data on unlocking events, we created log phonewasunlockedsuccessfullyandsubsequentlyinteracted entries that were modeled based on a finite state machine with,thescreenwilleventuallybeturnedoffagain(byman- (Figure 1): a session usually starts with the screen being uallypressingthepowerbuttonorreachinganidletimeout). turned on. Following that, a user may interact with notifi- To capture the necessary data, we relied on log output cationsandotherwidgetsonthelockscreen,shemayfurther captured by the PhoneLab instrumentation. The custom unlock the phone, or turn the screen back off. Turning the AOSP build already included log output for certain sys- screen off involves no interaction with lock screen elements tem events. We reused output generated for screen-related (i.e., the user can either press the power button or allow the events. SCREEN ON and SCREEN OFF actions are broad- screen to timeout), whereas further unlocking the device in- casted when the user presses the hardware button to turn on volvesinteractionwithlockscreenUIelements. Thisinitial thescreenandwhenatimeoutoranotherbuttonpresscauses interactioncanamounttoenteringthefirstdigitorcharacter, the screen to turn off respectively. As in the previous study inputtingthefirstpatternstroke,orsimplybeginningtoslide by Harbach et al. [12], these events frame the user’s inter- across the screen to unlock the phone. We denote this point action with the device. We then modified several classes intimeasKeyEntryBegin. Previousworkreferredtothe in com.android.keyguard to capture the lock-related timebeforebeginningkeyentryaspreparationtime[21]. events. Witheachevent,wecapturedadditionalinformation, suchasthetypeoflockscreenbeingused(i.e.,PIN,pattern, 1http://phone-lab.org–lastaccess08/31/15 orslide-to-unlock),thelengthoftheenteredcode,whetheror theirphonestoWiFiontimetouploadtheloggingdata. We notadrawnpatternwasvisible(theso-called“stealthmode”), trimmed the remaining data to only include full days from thereasonforturningthescreenoff(bytheuseroratimeout), midnighttomidnight. Wealsocutdownthedatatothefirst andhowmanyattemptshadalreadybeenmade.Theaccuracy 30 full days, so that we can base the analysis on an equal of the collected data, especially the timestamps, will be dis- amountoftimeperparticipant. Finally,weremovedafurther cussedintheLimitationssection. 8participantswhousedmultipletypesoflockscreensduring thestudyperiod,2whousedapassword,and1whodisabled Finally, in post processing, we converted the sequence of the lock screen altogether, as their small numbers preclude eventsinthelogintostatisticsabouttherespectivetransitions comparativeanalysis. ofthestatemachine. For these remaining 134 participants, we preprocessed log Survey datatodiscardeventsthatwereoutoforder. Thiswaslikely At the end of our data collection period, PhoneLab staff caused by threading issues in AOSP, causing a log entry for emailed participants a link to our online exit survey. As an a later event to be written before an earlier event’s entry. incentivetocompletethesurvey,wecreatedadrawingfora ThisanddataaccuracyarediscussedintheLimitationssec- $100 Amazon gift card. The survey asked for demographic tion. Overall, cleaning amounted to 1.2% of events being information and subjective views of the unlocking process. discardedonaverage§. These views were collected by proposing statements (e.g. ”unlocking my phone is easy”) to which participants were Nsurvey 71 asked to indicate their agreement on a 7-point Likert scale. Age 19–70years,Mdn=35years We also asked them open-ended questions to tell us about Gender 36 female situations in which they were particularly happy to have a 34 male lockscreenorparticularlyannoyedtohavealockscreen,and 1 n/a Ethnicity 38 white whetherthereareanysituationsinwhichtheyusuallystrug- 5 hispanic/latino gletounlocktheirphones. 4 black/africanamerican 1 nativeamerican StatisticalAnalysis 14 asian/pacificislander 6 other Therearetwowaysinwhichwecanlookatthelogdatawe 3 n/a collected: (a)summarizingtheloggeddatabyuserandcom- paring users’ performances; and (b) using the raw informa- Highestdegree 11 highschooldiplomaorless 40 bachelor/masterdegree tion. The lattercase allows for a detailedview on theentire 18 doctorate/professionaldegree distribution of all collected events, while the former results 2 n/a inalossofinformation. However,moststatisticaltestsoper- Annualhouseholdincome 34 lessthan$50k ateundertheassumptionthatindividualdataitemsareinde- 19 lessthan$100k 13 morethan$100k pendentofeachotherandthusrequiresummarizingperuser 5 n/a first. Whenlookingatdifferencesbetweenlockscreentypes, we will thus be relying on data that is first summarized per Nlogging 134 user. However,toalsogiveasenseofthetotaldistributionof Lockscreentype 32 PIN thetimingdatawegathered,wewillalsobediscussingsome 35 pattern 67 slide-to-unlock oftherawvalues. Toclarifywhichdatawassummarizedper Avg.PINlength 4.25 digits(sd=.84,range:4-8) user first and which was not, per user data will be marked Avg.patternlength 5.9 cells(sd=1.81,range:4-9) withasectionsign(§)andrawdatawithadoubledagger(‡). Patternstrokesinvisible 8 participants Whenconductingsignificancetesting,weusenon-parametric Table1.Participantdemographics. tests, as many of the distributions we encountered were Of the 134 participants we received log data from, 71 com- skewed. Unlessotherwisenoted,weuseKruskal-Wallisrank pleted our survey. We suspect that the remaining 63 par- sum tests for between-groups analyses with more than two ticipants were not motivated to respond, as prior PhoneLab groups and Wilcoxon rank sum tests for data between two data collection has been effortless for them. Table 1 gives groups as well as post-hoc pairwise testing with Holm cor- anoverviewoftheavailabledemographics. Thetypeoflock rections. As there is no immediate effect size measure for screenuseddidnotdifferbasedondemographicproperties. Kruskal-Wallis tests, we report the effects of the significant √ pairwisetestsusingther=Z/ N metric. In total, we observed an average of 246.4 events per user per day (σ = 181.7, Mdn = 197.7, ranging from 33.4 to RESULTS 1,170.9)§. In the following, we will present data to answer WecollecteddatafromJuly15toAugust31,2015usingthe theresearchquestionsintroducedabove. PhoneLabpanel,yieldingdatafrom202individuals. Before analysis, we cleaned the data to exclude participants from TotalTimeSpentUsingandUnlocking whom we received less than 30 full days of data (57 users). Our first goal was to examine the actual time participants These participants are likely to either not have installed the spendinteractingwiththesecuritymechanismperdaytoget AOSP update during the period of study or did not connect an idea of how much effort they are investing. Previously, Method #sessions/day #unlocks/day Timespentunlocking/day[s] LockedSessionLength[s] UnlockedSessionLength[s] Slide 75.0(56.2,58.4) 42.6(29.6,35.8)∗ 8.0(5.2,6.8)∗+ 87.1(178.4,44.6) 287.3(225.8,224.6)∗ Pattern 76.8(54.7,62.5)∗ 44.1(32.0,36.5)+ 64.1(87.8,48.7)∗ 58.1(65.4,32.0) 316.4(177.4,264.2) PIN 53.2(44.7,46.1)∗ 29.5(22.6,22.3)∗+ 58.3(69.2,36.8)+ 59.6(59.5,38.7) 537.0(762.3,331.3)∗ Overall 70.3(53.8,57.1) 39.9(29.2,31.8) 34.7(61.8,18.3) 73.0(133.9,39.1) 354.6(423.6,259.5) χ2=7.0,p=.03 χ2=7.5,p=.02 χ2=89.6,p<.0001 χ2=2.43,p=.30 χ2=6.75,p=.034 r∗2=.32 r+2=.47,r∗=.41 r+2=.79,r∗=.75 2 r∗2=.25 Table2.Sessionstatisticsbytypeoflockscreenused(mean,σ,Mdn)§.Pairwisesignificantlydifferentcellsineachcolumnaremarkedwithanasterisk∗ orplussign+(holm-correctedWilcoxonranksumtestsp<.05). cantlymoretimeafterhavingunlockedthedevice,theyalso unlocklessfrequently.Thissuggestsadifferentusagepattern 150 fortheseparticipants. ay D Finally, for each session, we also collected the termination per reason, that is, how the screen was turned off. On average, Sessions 100 MethSolidde pbuartttoicni)painnts61te.9rm%inoaftesdessseisosniosn(sσth=em2s6e.l8v%es,(uMsdinng=the71p.o8w%er, mber of PPaINttern rtiaonngidnigdfnroomt d1if.f8e%r stiogn9ifi5.c7an%tl)y§.beAtwseeexnpelcotcekd,stchriesenprotyppoers- Nu (Kruskal-Wallisχ2 =2.4, p=.3)§. ge 50 2 a Aver WearingaWatch Whendesigningthisstudy,werealizedthattherecouldbea mitigating factor for the difference between activations and 0 unlocks observed in previous studies: users regularly wear- 0 1 2 Time Spent Unlocking per Day log(x+1) [log(s)] ing watches may rely less on their phones to tell the time. Also, having a smartwatch would further reduce this need Figure2. Relationshipbetweentimespentunlockingperdayandaver- agenumberofsessionsperdaygivendifferentlockscreentypes§. by showing notifications on the watch. So, as a side note to the main aim of this paper, we asked in the exit survey whether participants regularly wear a watch or smartwatch. Out of the 71 participants who responded to the survey, 31 Harbach et al. [12] reported that users spend an average of indicated they wear a watch, and two a smartwatch, on a 2.6minutesperdayunlockingtheirdevices. However, their regular basis. While this precludes looking at the specific analysisconsideredthetotaltimefromturningthescreenon effect of smartwatches on activations, we found that the 33 to dismissing the lock screen. It stands to reason that only participantswithanytypeofwatch(61.3activationsperday, afractionofthattimeisactuallydevotedtoenteringacode. σ = 56.3, Mdn = 46.6) activated their phones significantly Table2givesanoverviewofsessionsandunlocksperpartic- less frequently (W = 456, p < .05, r = .23) than partici- ipantper day. Bothsessionsand unlocksdiffersignificantly pants without watches (68.1 activations per day, σ = 31.0, by type of lock screen used. The number of activations and Mdn = 64.6). Thenumberofunlocksperday,however,did unlocksperdayalignwiththefindingsofHarbachetal.[12]. notdiffersignificantlybetweenthesetwogroups. However,ourmoredetaileddatashowthatmuchlesstimeis actuallyspentunlockingthedeviceperdayonaverage. TimeNeededBeforeanUnlockAttempt Furthermore,patternandPINuserspredictablyspentsignif- As already shown above, our data provides a more detailed icantly longer unlocking their devices than slide-to-unlock lookattheunlockprocess.Sonext,wewantedtoseewhether users (Table 2). Interestingly, the overall effort in terms of thetimebeforekeyentrybeginsdiffersforlockscreentypes. timespentforthecode-basedlockingmechanismsissimilar. Thisfirststepafterturningthescreenonhasbeenreferredto Itisimportanttonote,thatwhilemostparticipantsspentless as“preparation.” Dependingonauser’sintention, heorshe than100secondsperday,afewparticipantsspentalmost400 may look at notifications first and then unlock the phone, or secondsormore(Figure2).Thefigurealsoshowsthatourset unlock the phone straight away; the preparation phase mea- ofparticipantsincludedbothinactiveandveryactiveusers. sures how long she spent on the locked screen prior to initi- atinganunlockattempt(i.e.,startingtodrawapattern,enter Toputthetimespentunlockingintoperspective,Table2also aPIN,orslidingherfinger). InFigure1,thisisthetransition providesanoverviewofparticipants’averagesessionlengths between“screenon”and“keyentrybegin.” bylockscreentype. Thelengthofsessionswithunlocksdif- feredsignificantlybetweenlockscreentypes:PINusers’ses- We observed that preparation times vary widely. Averaging sionstookalmosttwiceaslongassessionsbyslide-to-unlock perparticipant,themeanpreparationtimeis71.5secondsper users. Patternusers’sessionlengthsfellinbetween. Session attempt(σ=131.9, Mdn=38.7)§ whentheparticipantdoes lengthsofnon-unlocksessionsdidnotdiffersignificantlybe- not unlock the device. If an unlock follows the preparation, tween lock screen types. So, while PIN users spend signifi- however,meanpreparationtimeperparticipantandattemptis 3000 4000 2000 Method Method nt Slide nt Slide u u o Pattern o Pattern C C PIN PIN 2000 1000 0 0 −2 −1 0 1 2 0 1000 2000 3000 Preparation Time [log(s)] Successful Unlock Time [ms] Figure3. Distributionofpreparationtimebetweenlockscreentypes‡. Figure4.Distributionofsuccessfulunlockattempttimebetweendiffer- Thelog-scalex-axisshowssub-secondintervalstotheleftofzeroand entlockscreentypes‡. longerintervalstotheright. Thetimeasuccessfulunlocktakesisverydifferentbetween 22.7seconds(σ = 84.1, Mdn = 3.4)§. Asthemedianvalue lockscreentypes(K-Wχ2 =107.6, p<.0001,pairwisetests 2 suggests,themajorityofpreparationintervalsisbrieferthan all p < .0001,pairwiseeffectsizes.74 < r < .82)§: slide-to- four seconds and likely represents the cases where users do unlock users take 230ms on average (σ = 43,Mdn = 224), notchecknotificationsfirst. pattern users 910ms (σ = 625, Mdn = 739), and PIN users 1,963ms (σ = 1,665,Mdn = 1,535). The differences also Figure 3 shows a log-scale histogram of preparation times become apparent in the histogram of all successful unlock separated by lock screen types used when an unlock attempts(Figure4)‡. Giventhelongtailsofthedistributions, followed‡.Preparationtimessignificantlydifferbetweenlock Table3liststhequantilesforeachunlockmethod‡. screentype(K-Wχ2 = 22.2,p < .0001)§,withpairwisetests 2 yieldingsignificantresults(p < .05,.24 < r < .42)between Method 25% 50% 75% 90% all lock screen types. Median preparation time for slide-to- unlockis2.2s,4.3sforpattern,and9.8sforPIN. Slide 120 150 210 420 Pattern 510 660 880 1,225 One explanation for the differences we observed in prepa- PIN 920 1,200 1,729 2,380 ration times are recall processes. For instance, preparation Overall 158 480 880 1,397 times for slide-to-unlock might be so brief because there is almostnorecallinvolved;onecanslidethefingeracrossthe Table3.Quantilesofsuccessfulunlocktimesinmilliseconds‡. device in the right spot without even looking at the screen. PatternmightbequickerthanPINbecausetheuserneedsto InfluenceofCodeLengthandLineVisibility recallthePINfirst,whilewithapattern,theuseronlyneeds Another aspect worth looking at is the correlation between tofindthestartingposition. However,thereisanalternative codelengthandsuccessfulunlocktime. Unfortunately,only hypothesis:aswecannotprovecausation(anadditionalstudy 2 PIN users did not have a PIN of length four, which pre- isneeded),slowerpeoplemaysimplybemorepredisposedto cludesstatisticalanalysisforthislockscreentype. However, usingPINsratherthanpatterns. pattern users showed more variety: eight participants chose a pattern of length 4, thirteen of length 5, two of length 6, fouroflength7,twooflengtheightandsevenoflength9,al- DurationofSuccessfulUnlocks lowingustotakeacloserlookattimingdifferencesbetween Next, we look at successful unlock attempts to establish a thosegroups. Tothisend,wefitalinearmodelusingpattern baselinethatfuturemechanismscanusetoevaluatetheirper- length to explain average time for a successful unlock (Fig- formance. The data we collected includes 160,746 unlock ure5, F(1,33) = 36.53, p < .0001,adjustedR2 = .51)§. Per sessions, of which 75,298 (46.9%) involved entering an un- additionalcellusedinthepattern,thesuccessfulunlocktime lockcode. Theremaining53.1%pertainedtouserswithout increasesby147msonaverage. code-based lock screens or unlock attempts where entering thecodewasunnecessary(timeoutnotyetreached). Ofthese Finally, therewasnosignificantdifferencebetweenthesuc- code-based unlock sessions, 68,739 (91.2%) were immedi- cessful unlock times for participants with hidden pattern ately successful (i.e., unlocking the device on the first try) strokes(i.e.,“stealthmode”;8participants)andthosewithout andtook1.18secondsonaverage(σ = 33.98, Mdn = .82)‡. (27participants, W = 135, p = 0.30)§. Whilethisindicates In the remaining code-based unlock sessions, participants that our stealth mode participants did not observably take aborted their unlock attempts in 768 (1.0%) cases, and an- more time to correctly enter their patterns, this data is con- other5,790(7.7%)unlocksessionsinvolvedatleastoneer- foundedbythefactthatthesetwogroupswereself-selected: ror.Thesewillbediscussedinmoredetailinthenextsection. thereisnoevidencethatforcingallparticipantstousestealth Besides using their phones less frequently, the lower error ock [ms]3000 yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy===================================−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−5555555555555555555555555555555555533333333333333333333333333333333333 +++++++++++++++++++++++++++++++++++ 111111111111111111111111111111111114444444444444444444444444444444444477777777777777777777777777777777777***********************************xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx rPaItNe upsroevrsidsepsenadnoutnhleorckeixnpglainsastiiomnilaorfawndhyevtehneaovliettrlaelllotiwmeer nl uccessful U2000 tulhonanlnogcetkrh.ewTpihathitsteearanlscouhspesreross’vs,iiodenveseananntdhooapudpgdohitriPtouInnNaitlyuasfteotrersmitmapktpseroalolvsneogmeterankttoe: S Time for 1000 rseadvuecuinpgtothaefiefrtrhorofrattheeiorfupnalottcekrninugsteirmsewpoeurlddaaylloownatvheermagteo. ge Thismayalsomakethepatternlockmoreattractiveforusers Avera 0 currentlynotusingacode-basedlockingmechanism. 0 1 2 3 4 5 6 7 8 9 Pattern Length TypesofErrorsCommitted Figure5.Regressionmodelbuilttoexplainsuccessfulunlocktimebased Looking at the types of errors committed, PIN and pattern onpatternlength§. users show similar behaviors. Table 5 lists the most com- monerrors forbothmechanisms. Singleerrors arethemost frequent,accountingformorethan70%oferrorsinbothun- mode would not increase their unlock times. That is, those lockingmethods‡. Interestingly,forbothmethods,singleer- who chose to enable stealth mode were likely already com- rors without successful unlocks are in the top five. Those fortableenteringtheirpatterns. mostlikelyrepresentaccidentalinputswithoutthetrueinten- tiontounlock(e.g.,“pocketdialing”). Trulycriticalerrors– NumberofUnlockErrorsCommitted thoseattemptswherethelockscreenwasnotdismissedafter Inthissection, weexaminethenumberoferrorsthe67par- fivefailedattempts–arediscussedinthenextsection. ticipantsofcode-basedlockscreenscommitted. In6,558in- stances (11.5%), unlock attempts did not result in success Method Errortype Count Proportion immediately or at all. Pattern users committed errors much morefrequently(5,667of46,921attempts,12.1%)thanPIN Pattern fs 2736 48.3% users (891 of 28,376 attempts, 3.1%)‡. On average, pattern ts 1353 23.9% users needed 1.13 attempts (sd = .06, Mdn = 1.11) to suc- t 385 6.8% ffs 269 4.8% cessfully unlock their devices, while PIN users only needed tts 192 3.4% 1.04attempts(sd = .03, Mdn = 1.03,W = 1064, p <.0001, fts 135 2.4% r = .88)§. Thus, given the average number of unlocks per f 120 2.1% day presented above, a PIN user would commit 1.3 errors PIN fs 477 53.5% (σ = 1.2, Mdn = 1.0, rangingfrom.07to4.1), whileapat- ts 291 32.7% tern user would commit 8.0 (σ = 6.6, Mdn = 4.9, ranging f 30 3.4% from0.4to26.4)§. tts 27 3.0% t 21 2.4% Table5. Typesoferrorsbyunlockingmethod, explainingmorethan TimetoRecoverfromErrors 90%oftotalerrors. f=failed(codewrong),t=too-short(codetooshort Unlock errors make the unlocking process take longer, as tobecountedasproperattempt),s=success‡. the user needs to recover. This includes realizing that an error was made, potentially remembering the correct code, Too-short errors are responsible for 43.8% of pattern users’ andthenretrying. Table4givesanoverviewofthetimead- failedunlockattempts. Whilenotcountedtowardsthelock- ditional unlocks take for PINs and patterns. Pattern users outthreshold(i.e.,thenumberoffailedattemptstheusercan spend twice as much time on successive attempts, whereas make before the device prevents additional attempts), these PINusersspendonlyaboutathirdmore. Giventheaverage 2,487 (5.3%)‡ of all pattern entry attempts are delaying the errorrate,unlockingerrorscontribute13.4seconds(20.9%) unlock process, likely due to slipping up while entering the to each pattern user’s daily unlocking time of 64.1 seconds pattern by lifting the finger too early. Last, enabling stealth onaverage§. ForPINusers,thistimeamountsto3.5seconds mode(i.e.,whenthepatternstrokesareinvisible)didnotob- (6.0%)oftheoverallaverageof58.3seconds§. Patternusers servably influence the number of additional attempts neces- thus need to invest more than three times as much effort in sarytounlockthedevice(W =73, p=.17)§. termsoftimetocompensateforerrors. AccessPrevented The last aspect of our data analysis concerned whether we Method Firstattempt would actually be able to observe instances where the lock Pattern 791 σ=371 Mdn=703 screenpreventedaccesstothedevice. Suchunlockattempts PIN 1,952 σ=1,765 Mdn=1,500 have been called critical errors in previous work (e.g., [9]) Method Furtherattempts and are usually assumed to happen after three attempts. On Pattern 1,699 σ=2,805 Mdn=1,069 Android, however, critical errors occur after having entered PIN 2,668 σ=1,141 Mdn=2,413 aPINorpatternincorrectly5times, excludingattemptsthat Table4.Meanunlockingtimeperuserbasedonattemptandlockscreen are too short. The user then has to wait 30 seconds before typeinmilliseconds§. beingabletoattemptkeyentryagain.Criticalerrorsinafield Sentiments of users with code−based lockscreen Like being protected 5% 8% 87% Is fast 15% 23% 62% Is easy 26% 10% 64% Is annoying sometimes 44% 13% 44% Could be easier 38% 18% 44% Could be quicker 36% 28% 36% Get code wrong frequently 62% 15% 23% Have problems unlocking sometimes 85% 3% 13% Is difficult 74% 13% 13% Would use more secure but longer 44% 28% 28% 100 50 0 50 100 Percentage Sentiments of users without code−based lockscreen Would use lock if quicker 22% 16% 62% Would use lock if more secure 59% 25% 16% 100 50 0 50 100 Percentage Response do not agree at all 2 3 4 5 6 fully agree Figure6.Sentimentsofsurveyparticipants.Theywereaskedtoratetheiragreementtotherespectivestatementsona7-pointnumericalscale. study scenario are either cases where a legitimate user has as their lock screen. Figure 6 gives an overview of senti- troublerememberingorenteringthecode(falsepositives),or ments toward code-based lock screens that the 71 respon- anunauthorizeduserwastryingtogetaccess(truepositives). dents provided. Participants appreciate the protection that their lock screens afford them and they mostly think their WeobservednocriticalerrorsforPINusersandonlysixcrit- lockscreensarefastandeasy. However, theyalsoindicated ical errors committed by five different pattern users. These that lock screens can be annoying sometimes and that they includedalargenumberofadditionaltooshortattempts,sug- wouldliketohaveeasierandquickeralternatives. Mostpar- gestingthattheymayresultfromunintentionalinputorsome- ticipants did not feel that they get codes wrong frequently onelikeachildplayingwiththedevice. orhaveproblemsunlockingtheirdevices. Code-basedlocks On the other hand, we can look at all unlock attempts for were also not perceived as being difficult. The responses of code-based lock screens that were aborted with at least one participantswithacode-basedlockscreendidnotdiffersig- failedentryattemptasanupperboundofaccessattemptsthat nificantlybasedontheirrespectivetypeoflockscreen. wereprevented. Weobservedsuchcasesfor28patternusers Theremainingitemaskedparticipantswithcode-basedlock and for 12 PIN users. Individual PIN users had as many as screens if they were ready to invest more time into using 8sucheventswhileonepatternuserhadabortedattemptsin a more secure alternative. The majority of respondents did 30instances. Thesenumberswouldsuggestthatlockscreens notagreewiththisstatement. Similarly,respondentswithout are effective at keeping others from using the phone. How- code-based locks would not adopt a secure lock screen if it ever, it is very likely that they include instances where our wasjustmoresecure.However,mostofthemwouldbeready participants aborted themselves. Of course, this does also toadoptoneifittooklessoftheirtime. not account for cases where simply seeing an active, code- basedlockscreendetersanunwantedpersonfromusingthe We also asked participants to describe situations in which device. A dedicated investigation is necessary to determine theywereparticularlyhappytohaveacode-basedlockscreen lockscreenefficacyintermsofitssecuritygoals. on their device. The 18 respondents who gave accounts of suchinstancesmostlydescribedsituationswhereaphonewas Altogether,ourdatasetseemstosuggestthattrulycriticaler- misplacedorlostandthecodepreventedattackersfromeither rors are very rare events for most users: they do not happen abusing or keeping it in the participant’s view. One partici- withinagivenmonth. Yet,lockscreensmaystillbeeffective pant said: “Dropped my phone while walking on [a beach]. indeterringunwanteduse. Ithinkthephonewas leftonarailingbecauseitdidhavea lockfeature.” Theothertypeofsituationseveralparticipants mentionedwaswhenvisitors,suchasdates,familymembers QualitativeData or children are present and the code then affords them pro- After finishing log data collection, we sent out survey invi- tection: “When I went to visit my 5 year old cousin and he tations to all PhoneLab participants. As mentioned before, always wanted to play with my phone.” Another participant 71 completed the survey. Of those, 39 used PIN or pattern put it differently: “Always [happy to have it]. I just wish it Thus,lookingatourdata,itappearsthatthethreemostcom- worked properly.” These statements also implicitly commu- monly used mechanisms to lock smartphones allow users to nicatethetrade-offbetweensecurityandusability: whilethe makeatradeoffbetweensecurityandunlockingspeedorcon- eventsduringwhichthecodeprotectedtheirdeviceanddata veniencegiventheirunlockfrequency. Thesubjectiveviews are rare, the level of security it affords them is appreciated oftheunlockingprocessappeartosupportthis: participants while the effort is accepted. It could also be that encounter- with a code-based lock screen were generally satisfied with ingsucheventsisanimportantprecursorormotivatingfactor their unlocking experience and few considered the process foradoptingorkeepingacode-basedlockscreen. problematic. Participantswhodonotcurrentlyhaveacode- based lock screen indicated that they would be most moti- Finally,weaskedourexitsurveyrespondentstodescribesit- vatedtoadoptamoresecurealternativeifittooklesstime. uations in which they particularly struggle to unlock their devices. The 32 open-ended responses all describe contexts We also provided a code-length based model for pattern un- thatcanmakeinteractingwithmobiledevicesmoredifficult lockingthatwillallowacomparisonofthetimeittakestoun- in general. These situations involve either being distracted lock given the pattern length. Our data additionally showed (“while driving”), being in a rush (“when I want to take a that whether or not the lines are visible during pattern en- video/picture fast”), having limited dexterity (“when I have trydidnotobservablyinfluenceunlockingtimeorerrorrates tousemylefthandinsteadofmyrighthand”),orwhenenvi- (thoughthismaybeconfoundedbyself-selectionbias). Ap- ronmental conditions make recognizing touch input difficult proximationsforthiswerepreviouslyonlyavailablefromlab (“rain, sweat”, “heat, humidity”, “when I have gloves, in studies. In addition, a dedicated, more detailed deconstruc- winter”). Tworespondentsalsopointedoutlimitationsofthe tion of factors influencing the usability of the pattern lock availableuserinterface. Theymentionedthatitisdifficultto screencouldbeofinterest,astheworkofvonZezschwitzet hitthecorrectkeysindifficultlightingconditions(“whenit’s al.[22]suggeststhatseveralotherpropertiesofpatterns(for brightout”)andingeneral(“Ijustaccidentallyhit[numbers] exampleknight-movesorcorners)impactsecurity. nexttotheonesIwantfrequently”). Anothersaid, “thelast AnotherinterestingaspecttonoteisthatmostPINuserslim- digitofmypasswordandtheenterbuttonareincloseprox- itedthemselvestofourdigits. TheprevalenceofPINsofthat imitytoeachotherandIoftenpressenterinsteadofthedigit, length in other applications likely influence this. As the rel- whichisannoying.” ativelysmallsearchspaceforfour-digitPINsandthelackof Therefore, based on respondents’ subjective points of view, strongratelimitingonAndroidlockscreensaresecuritycon- thepotentialforimprovedsolutionsliesinprovidingquicker cerns, futureworkshouldlookatavenuesforimprovingthe alternatives to users who currently do not have lock screens security of these users while maintaining acceptable usabil- and improving the performance and UI of existing lock ity. One possibility could be an improved PIN lock screen screensindifficultsituationsandcontexts. thatusesspacedrepetitiontechniquestoeffortlessly“teach” users one or two additional digits over time, similar to the approachpresentedbySchechterandBonneau[16]. Intermsofunlockingerrors,theusersinourdatasetseemto DISCUSSION be well trained on their chosen locking mechanisms, as rel- Inthispaper,weprovideddeeperinsightsintotheindividual atively few errors were committed, and virtually none could parts of the smartphone unlocking process. Going beyond be considered critical. We only observed six attempts that theinsightspreviousstudieshaveprovided, wewereableto causedtheusertowaitbeforeattemptingfurtherkeyentries providedetailedbenchmarksforthecurrentlyavailablelock acrosstheonemonthdatacollectionperiod.Thisimpliesthat screens on the Android operating system. Overall, the data novellockscreenproposalsneedtobeabletoachievesimi- presentedshowsthatsmartphoneuseingeneralandunlock- larerrorratesinfieldenvironments,giventheamountoftime ing behavior in particular varies widely between and within usersarespendingunlockingtheirphonesonanaverageday. users. Thelargerangesofmeasureddataandthecorrespond- Additionally,ouranalysisdemonstratedapotentialtoreduce ingstandarddeviations, aswellasthelongtailofthedistri- thetimewastedbypatternusers: reducingthenumberofer- butionsareatestamenttothat. rors they commit every day could save them up to a fifth of However, clear patterns also emerged that show differences theirtotaldailyauthenticationtime. based on lock screen type: PIN users interact with their Thequalitativeinsightswegatheredfromourparticipantsfur- phones for longer, but less frequently. PIN users also need thermore provide starting points for improving their experi- longer to prepare unlocking and successful unlocks take ence. Oneexamplecouldbetodetectwhenthephoneisheld longer, butarealsolesserror-prone. Ontheoppositeendof intheless-usedhandandthendisplayingthepatternframein thespectrum,slide-to-unlockusersinteractwiththeirphones a smaller space to make it more readily reachable. Another morefrequentlybutforlesstime,whilealsoneedingverylit- examplewouldbetodisablelockingafterthephonewasun- tle time to unlock due to the lack of a code. Pattern users locked once while being in a car or riding a bike. Lastly, appear to be using their phones as frequently as users with- improved touch screen hardware could help to improve on outacode-basedprotectionandforsimilaramountsoftime. environmentalinfluences,suchaslimitedcontrastduetoam- However, theyspendaboutthesameoverallamountoftime bientlightingconditionsormisdetectionoftouchinputfrom unlockingtheirdevicesasPINusersbecausetheycommital- moisthands. mostsixtimesasmanyerrors. Overall, one could argue that the available mechanisms suit Another limitation concerns accuracy. The accuracy of the the needs of smartphone users. Room for improvement ap- timestampsinourlogfilesislimitedbythetemporalresolu- pearstoexistfortheerrorratesofpatternusers,whichcould tion of the AOSP runtime and by its threading and process save a considerable portion of their daily unlocking time. scheduling. While the logging infrastructure offers times- Also,therelativelyfewparticipantsinthelongtailofthetime tamps at millisecond resolution, context switches between spentunlockingdistributioncouldbeaworthwhiletargetfor threadsandprocessesmaycausethecreationofalogentryto eitherimprovedsecurity(betteruseofthetimespent)orus- bedelayedfromtheactualuseraction. Bycollectingtimes- ability (reducing the time). Finally, given the overall reluc- tamps twice in several parts of the logging instrumentation, tancytoadoptcode-basedlockscreensthathasbeenobserved we found that context switches occur during the logging of inthisandseveralotherstudiestothisday,itisunlikelythat 9.8% of events and caused an average delay in logging of anovelmechanismneedingmoretimetounlockthanthecur- 494milliseconds(sd =238,Mdn=496)‡,insimilarpropor- rentlyavailableoptionswouldseemuchadoption. tionsforalleventswecollected. Thisresultsineventsbeing outoforderiftheyareshorterthanthedelay, inwhichcase Thus, an important research challenge to tackle is to create weexcludedthemfromtheanalysisduringpreprocessing. If novel designs that take less or at most the same amount of eventsarelongerthanthedelay,theseinstancesappeartobe time as current methods, while providing protection against shorter than they actually were in our data. As the extent some of the threats current methods offer no protection for. ofthisbiasislimitedandoccurringwithsimilarfrequencies Atthesametime,researchonlockscreensneedstoshiftthe for all events and users, we argue that the conclusions we focusmoretowardsrealworldusability(authenticationtime draw are still valid, although reported averages are likely to anderrorratesinsitu)insteadof,forexample,mainlyaiming beabout50msbrieferthantheactualdurationoftheevent. to reduce the risk of shoulder surfing. Therefore, using lon- gitudinalfieldstudiestovalidateproposalsseemsparamount, CONCLUSION as we observed great variance in our baseline data. A pos- This paper provided the first detailed look at in situ perfor- siblewayforwardwouldbetofocusmoreonunderstanding mance ofAndroid lockscreenimplementations. Webelieve whatmakescurrentlockscreensfast(e.g. otherthanmotor thatwewereabletoprovideabenchmarkagainstwhichnovel memory), what real-world security problems exist, and with mechanisms can be evaluated. Given the preferences our whatfrequencytheyoccur. users expressed, it is unlikely that solutions requiring users tospendmoretimeperdayunlockingtheirdeviceswillfind significantadoption. Ourdataalsoshowedpotentialforim- LIMITATIONS provementsthatcaninspirenewsolutions. The data presented in this paper is limited in a few ways. We were able to show that unlocking itself takes much less First, due to the non-trivial nature of collecting this data in time than previously approximated. Our data also suggests thefield,allourparticipantscamefromthePhoneLabpanel. that users interacting with their devices more frequently did The panel is primarily recruited from students and staff of soforshorteramountsoftimeandchoseaquickerlockscreen theUniversityofBuffaloandisthusnotrepresentativeofall type. However,overall,bothPINandpatternusersspentthe smartphone users. Lock screen interactions and subjective sameamountoftimeunlockingtheirdevicesonaverage.Yet, viewsmaybedifferentforusersnotrepresentedbyoursam- PIN users need more than twice as long before beginning ple,althoughthereisnoindicationinpreviousworkthatthis the unlock process, possibly to recall their PIN. We found isaconcernforsmartphonesecurity. that users wearing a watch on a regular basis activate their Furthermore,allparticipantswereusingthesametypeofde- phones less frequently and that using stealth mode does not vice, an LG Nexus 5. It is likely that performance of espe- influencetheunlockingtimeofparticipantsusingthepattern ciallythepatternlockcandifferbasedondevicesize. Also, lock. Weprovideamodelfortheinfluenceofcode-lengthon ourdatacollectionwaslimitedtoa30dayinterval. Thus,we successful unlock time for the pattern lock screen and show cannotbesureoftheinfluenceofinfrequentevents–suchas how errors contribute a large amount of overall unlock time travel, mental state, or illness – on the collected data. Last, forthismethod. Finally, wefoundlittledirectevidencethat ourinsightspertainprimarilytothelockscreensavailableon lockscreenspreventsomeoneelsefromaccessingthephone Android4.4andtheNexus5inJulyandAugust2015. While and provided insights into participants’ subjective views of thepreviousworkbyHarbachetal.hasshownthattheseare theunlockingprocess. themostusedlockscreensforAndroidusers,otherplatforms providealternatives. Forexample,Apple’sTouchIDprovides ACKNOWLEDGEMENTS averyfastyetalsosecurelockingmechanism. Ifitwaspos- We would like to thank the PhoneLab team at University of sible to overcome the restrictions imposed by iOS, repeat- Buffalofortheirsupportingatheringthedata.Thisworkwas ing this study on Apple devices would certainly be worth- partlysupportedbyafellowshipwithintheFITweltweitpro- while. The performance of slide-to-unlock and PIN users gram of the German Academic Exchange Service (DAAD), likelytranslatestousersofdevicesofsimilarsizeoniOSand as well as by the U.S. National Science Foundation under Windows,astheuserinterfacesforunlockingareverysimi- awardCNS-1318680. lar. However, itisalsopossiblethatthegroupsofusersthat decide to use different operating systems also exhibit differ- entperformancecharacteristics.
Description: