PDL Abstract

Lessons Learned From the Deployment of a Smartphone-Based Access-Control System

Symposium On Usable Privacy and Security (SOUPS) 2007, July 18-20, 2007, Pittsburgh, PA, USA.

Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kami Vaniea

Carnegie Mellon University
Pittsburgh, PA 15213


Grey is a smartphone-based system by which a user can exercise her authority to gain access to rooms in our university building, and by which she can delegate that authority to other users.We present findings from a trial of Grey, with emphasis on how common usability principles manifest themselves in a smartphone-based security application. In particular, we demonstrate aspects of the system that gave rise to failures, misunderstandings, misperceptions, and unintended uses; network effects and new flexibility enabled by Grey; and the implications of these for user behavior.We argue that the manner in which usability principles emerged in the context of Grey can inform the design of other such applications.