Submission 25 Mar 2020 9:27:06am GMT·6dac3b6f0e4cb66f31bbfe32774fd98b7c780d4b461eec16ebd4c784e53591e56dac3b6f
The concept of using location information to implicitly unlock smartphones is being widely commercialized on Android phones: once a user registers a location that she is willing to trust, her phone would unlock automatically when the user physically moves to that trusted location. To date, however, security risks associated with misuse of locations to unlock phones (e.g., people registering unsafe locations) have not been studied before. To bridge this gap, we conducted an interview study with 18 participants to study users' perceptions on the location-based smartphone authentication, and identified key design requirements such as the need to support fine-grained indoor location registration. We then conducted a field study with 29 participants to study real-world usage behaviors with a fully working application that we implemented. Our findings suggest that people often register non-private (potentially unsafe) locations as trusted locations, and select large (phone unlock) coverage areas without considering security implications. As for usability benefits, however, the participants were able to reduce about 37% of manual unlock attempts on average by using our location-based implicit authentication service.