GHC Reflections: Mobile Design & Security

This lightning panel was rather interesting, as the topics were fairly varied in point but all great to consider for mobile design and the future of data and security.

The first talk discussed a user’s “social fingerprint” – a mathematically unique sequence of how a user interacts with their mobile device on social networks, texting, calling, etc. Essentially, every user boils down to using their device in a slightly different way – when these patterns are calculated no two are exactly alike. This is an interesting concept: we often think everyone talks, texts, or checks Facebook identically – but apparently this could not be farther from the truth. Social fingerprint is more than just -how-, it is who and when: time zones, contacts frequented, and more all makeup the social fingerprint. This term is often used to describe our social usage in general, but it can be investigated deeper to create this truly unique representation of our habits.
The speaker pointed out how if our social fingerprints are indeed unique, they could be used in some capacity for security measures, such as fraud detection. Exploring secure measures beyond the password is definitely exciting territory. I worry though that social fingerprint is “too” unique – in the sense that it could consistently change. If you cut ties with someone you used to call every day, would that not raise an alarm in social fingerprint detection?Obviously social media has ways to trend anticipated life events and interactions between people based on the sheer amount of data – but can everything truly be boiled down to a mathematical signature? I’m excited by the prospect of using social fingerprints, but concerned at the actual application of them – especially if the math and inputs are as complex as they seem they may be.

Another take on security was utilizing GPS to ensure secure interactions. Specifically, the speaker discussed GPS as a means to identify “zones” in the real world that one anticipates accessing devices and the level of comfort they have that at those locations, they are indeed themselves. For instance: home and work may be level 1, where we are confident that if we are here, our device is being accessed by us. Level 2 may be the cafe or laundromat, where we would frequent, but may accidentally leave the device unattended. Level 3 could be our hometown, neighborhood, or even state: where we can be expected to be in general but could easily lose a device within. And level 4 might be anywhere else globally: access from these places would be irregular or unanticipated. The presenter discussed using these levels to give varying degrees of password/access assistance. If I’m at home and forget my password, I expect that I should be able to receive all my hints or assistance channels for logging in. On the town, I may want less options to appear, just in case someone else is on my device. And most definitely I would want heightened security to anyone attempting to access when I’m out of state/country/etc (or trying to access -from- these places), so their hints should be extremely restricted if there at all. The idea was to provide “secure spaces” to heighten security beyond just the password, but to further attempts to breach it or obtain information pertaining to it.

This topic is intriguing looking back because Microsoft has been implementing a similar feature in Outlook. While I appreciate their security at times it can be a bit too overbearing – my work’s servers ping off a cluster not near us geographically, and this triggers the “suspicious activity” login attempt any time I try to get to my email at work. The security concept is great – but something like the presenter discussed, where I have more of a choice in defining my regions, would definitely save headaches at times (like when I try to log in at work for one small thing only to have to go through a chain of security measures which the details for may be at home). Definitely interesting to see this idea being implemented, and curious where the next steps will be with it.

Another speaker in this panel discussed A/B Testing – something among many other versions of testing I’m hoping to become more familiar with in my job. They stated a strong A/B test can be made even more helpful by integrating code to retrieve data on user input or mouse movements – so patterns between sets A and B can be recognized and the user process more readily understood. Sessions and their data could be stored in buckets relative to their version and even the time/cycle or type of user for quicker retrieval and review.

The next topic was accessibility in mobile. This topic was fairly straightforward, but always refreshing to keep in mind. The presenter highly recommended considering the accelorometer – think of technologies like FitBit, and how relevantly accessible its use is beyond just software and screens. Other considerations for accessibility – touch and sound. Consider your feedback to users: a soft pulse/vibration when they press a button, a light ding when an alert appears. Remember to consider how these affordances effect the experience for users who are color-blind, deaf, etc. – are your notification color choices still visibly helpful or even viewable to someone who is color blind? Does your application give another form of feedback if a user is deaf and anticipating a ding (a glowing icon, tactile response, etc)?

The final presenter discussed flexible privacy controls. With the advancement of healthcare digital records and increasingly more sensitive information going digital, at times companies forget the affordances that could be made with physical/paper copies that need digital counterparts. The presenter used healthcare as an example: Certain health records you would like to be visible to your spouse, certain to your family, and certain to only yourself, your doctor (or only certain doctors), and so on. These preferences may also change over time: think a bank account in which a parent has access while a child is in school, but the child may need or wish to remove the parent’s access once they are grown. While these issues in the past were fixed with phone calls or paperwork, digital counterparts need flexible privacy controls to ensure users can take care of these privacy needs with the same ease (or at least, the same to less amount of headache) that they did in analog. These flexible privacy controls can even extend to securing applications themselves: if my healthcare app is linked to my phone, I may want to have additional security measures before starting the app to ensure that no one can tamper with my settings but me (and here we can even correlate to the talks before for more ways to secure our privacy!).

I loved the focus on users and their experiences interacting with their phones and how that relates to the real world in so many of these talks. They pointed out design imperatives and areas for continued development to continue to make phones and in turn technology overall an extension and addition to the “real world” – rather than purely a distraction or separate plane entirely.

“The mobile phone acts as a cursor to connect the digital and the physical” – Marissa Mayer