SnapApp is a novel unlock concept for mobile devices that reduces authentication overhead with a time-constrained quick-access option. SnapApp provides two unlock methods at once: While PIN entry enables full access to the device, users can also bypass authentication with a short sliding gesture (Snap). This grants access for a limited amount of time (e.g. 30 seconds). The device then automatically locks itself upon expiration. Our concept further explores limiting the possible number of Snaps in a row, and configuring blacklists for app use during short access (e.g. to exclude banking apps). We discuss opportunities and challenges of this concept based on a 30-day field study with 18 participants, including data logging and experience sampling methods. Snaps significantly reduced unlock times, and our app was perceived to offer a good tradeoff. Conceptual challenges include, for example, supporting users in configuring their blacklists.

D. Buschek, F. Hartmann, E. von Zezschwitz, A. De Luca, and F. Alt, “SnapApp: Reducing Authentication Overhead with a Time-Constrained Fast Unlock Option,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, New York, NY, USA, 2016.
[PDF]

Recent research has shown that users spend considerable amounts of time on unlocking their smartphones, although their interactions after unlocking can be quite short: Half of all phone interactions last less than 30 seconds, and 90% last less than four minutes. For example, a user might just briefly check for new messages, view a public transport app or read some news. Many so-called “micro-usages” even last less than 15 seconds, which adds up to serious authentication overhead, when considering reported unlock times for PIN (appr. 4.7s) and Android unlock pattern (appr. 3s). We argue that a fast, effortless unlock option may save time during short interactions, by granting access to the device for a limited amount of time without the need for a secure unlock. We assume that, during such short interactions of less than 30 seconds, many attacks are impossible to perform, and the device should lock immediately if critical actions occur (e.g. launching a banking app during short access). We investigates such a concept for time-constrained access control on mobile devices, called SnapApp. We discuss findings from a 30-day field study. Snaps significantly reduced unlock times, but participants perceived it as slower than their usual methods. Short access was mostly used for insensitive content in uncritical contexts. It was often used for messaging, and was perceived as more secure than only using swipe, although few users configured blacklists. The blacklist is a user-defined list of apps, which cannot be opened during short access, only during full access (i.e. with PIN). Trying to open a blacklisted app during short access locks the device immediately. We contribute: 1) a concept for a time-constrained fast unlock option on mobile devices, 2) evaluated in a 30-day field study with 18 users, 3) leading to novel insights into opportunities and challenges of such a concept, and implications for future investigation and design of time-constrained unlock methods.

SnapApp Concept

The core concept of SnapApp is to provide two unlock methods at once to reduce authentication overhead for short usage sessions. In contrast to current unlock methods, our concept thus provides users with two trade-offs regarding authentication time versus actual use: either spending more time on authentication for full access, or quickly bypassing authentication for limited access. In particular, users decide how to unlock based on their expected interaction time:

    

  • PIN entry gives full access to the device, as usual.
  • A fast sliding gesture grants time-constrained access to a user-defined subset of applications.

Short access via slide (i.e. Snap) limits access to a user-specified amount of time (Snap time). The device locks itself after this time has passed. Expiration is announced via short vibration, issued at five seconds prior to the session’s end. The system allows ten Snaps in a row without entering the PIN. The current number of Snaps is displayed on the Snap bar – see Figure 1 (“10 Snaps left”). When all Snaps have been used, unlock by sliding cannot be used any more. Successful PIN entry sets the number of Snaps back to ten.