Authors, Creators & Presenters: Yusra Elbitar (CISPA Helmholtz Center for Information Security), Alexander Hart (CISPA Helmholtz Center for Information Security), Sven Bugiel (CISPA Helmholtz Center for Information Security)

PAPER The Power of Words: A Comprehensive Analysis of Rationales and Their Effects on Users' Permission Decisions

Rationales offer a method for app developers to convey their permission needs to users. While guidelines and recommendations exist on how to request permissions, developers have the creative freedom to design and phrase these rationales. In this work, we explore the characteristics of real-world rationales and how their building blocks affect users' permission decisions and their evaluation of those decisions. Through an analysis of 720 sentences and 428 screenshots of rationales from the top apps of Google Play, we identify the various phrasing and design elements of rationales. Subsequently, in a user study involving 960 participants, we explore how different combinations of phrasings impact users' permission decision-making process. By aligning our insights with established recommendations, we offer actionable guidelines for developers, aiming to make rationales a usable security instrument for users.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – A Comprehensive Analysis of Rationales and Their Effects on Users’ Permission Decisions appeared first on Security Boulevard.

Authors, Creators & Presenters: Sena Sahin (Georgia Institute of Technology), Burak Sahin (Georgia Institute of Technology), Frank Li (Georgia Institute of Technology)

PAPER Was This You? Investigating the Design Considerations for Suspicious Login Notifications

Many online platforms monitor the account login activities of their users to detect unauthorized login attempts. Upon detecting anomalous activity, these platforms send suspicious login notifications to their users. These notifications serve to inform users about the login activity in sufficient detail for them to ascertain its legitimacy and take remedial actions if necessary. Despite the prevalence of these notifications, limited research has explored how users engage with them and how they can be effectively designed. In this paper, we examine user engagement with email-based suspicious login notifications, focusing on real-world practices. We collect and analyze notifications currently in use to establish an empirical foundation for common design elements. We focus our study on designs used by online platforms rather than exploring all possible design options. Thus, these design options are likely supported by real-world online platforms based on the login data they can realistically provide. Then, we investigate how these design elements influence users to read the notification, validate its authenticity, diagnose the login attempt, and determine appropriate remedial steps. By conducting online semi-structured interviews with 20 US-based participants, we investigate their past experiences and present them with design elements employed by top online platforms to identify what design elements work best. Our findings highlight the practical design options that enhance users' understanding and engagement, providing recommendations for deploying effective notifications and identifying future directions for the security community.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Was This You? Investigating the Design Considerations for Suspicious Login Notifications appeared first on Security Boulevard.

SESSION Session 1C: Privacy & Usability 1

Authors, Creators & Presenters: Molly Zhuangtong Huang (University of Macau), Rui Jiang (University of Macau), Tanusree Sharma (Pennsylvania State University), Kanye Ye Wang (University of Macau)

PAPER Exploring User Perceptions of Security Auditing in the Web3 Ecosystem

In the rapidly evolving Web3 ecosystem, transparent auditing has emerged as a critical component for both applications and users. However, there is a significant gap in understanding how users perceive this new form of auditing and its implications for Web3 security. Utilizing a mixed-methods approach that incorporates a case study, user interviews, and social media data analysis, our study leverages a risk perception model to comprehensively explore Web3 users' perceptions regarding information accessibility, the role of auditing, and its influence on user behavior. Based on these extensive findings, we discuss how this open form of auditing is shaping the security of the Web3 ecosystem, identifying current challenges, and providing design implications.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – Exploring User Perceptions Of Security Auditing In The Web3 Ecosystem appeared first on Security Boulevard.