Abstract
E-mail is nearly 50 years old and is still one of the most used communication protocols nowadays. However, it has no support for End-to-end encryption (E2EE) by default, which makes it inappropriate for sending sensitive information. This is why two e-mail encryption standards have been developed—namely, Secure/Multipurpose Internet Mail Extensions (S/MIME) and OpenPGP. Previous studies found that bad usability of encryption software can lead to software that is incorrectly used or not at all. Both consequences have a fatal impact on users’ security and privacy. In recent years, the number of e-mails that are read and written on mobile devices has increased drastically. In this paper, we conduct to the best of our knowledge, the first usability study of e-mail encryption apps on smartphones. We tested two mobile apps, one uses OpenPGP on Android and one uses S/MIME on iOS. In our usability study, we tested both apps with eleven participants and evaluated the usability with the System Usability Scale (SUS) and the Short Version of User Experience Questionnaire (UEQ-S). Our study shows that both apps have several usability issues which partly led to unencrypted e-mails and participants sending their passphrase instead of their public key.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Atwater, E., et al.: Leading Johnny to water: designing for usability and trust. In: Proceedings of the 11th Symposium On Usable Privacy and Security (SOUPS), p. 20 (2015). https://doi.org/10.5555/3235866.3235873
Bangor, A., Kortum, P., Miller, J.: Determining what individual SUS scores mean: adding an adjective rating scale. J. Usability Stud. 4(3), 10 (2009)
Brandon, J.: It’s 2018 and email is already dead. here’s who zapped it into extinction (2018). https://www.inc.com/john-brandon/its-2018-email-is-already-dead-heres-who-zapped-it-into-extinction.html. Accessed 19 Jul 2021
Brandon, J.: Why email will be obsolete by 2020. Library Catalog: www.inc.com Section: Vision 2020 (2015). https://www.inc.com/john-brandon/why-email-will-be-obsolete-by-2020.html. Accessed 20 May 2020
Brooke, J.: SUS - a quick and dirty usability scale. Technical Report, p. 7 (1996)
Callas, J., et al.: OpenPGP message format. RFC 4880. RFC Editor, Nov 2007. http://www.rfc-editor.org/rfc/rfc4880.txt
Email Statistics Report, 2019–2023. Technical Report, The Radicati Group, Inc., (2019). https://www.radicati.com/wp/wp-content/uploads/2018/12/Email-Statistics-Report-2019-2023-Executive-Summary.pdf
Garfinkel, S.L.: Johnny 2: a user test of key continuity management with S/MIME and outlook express. In: Proceedings of the 1st Symposium On Usable Privacy and Security (SOUPS), pp. 13–24 (2005)
Haselton, T.: Personal email is dead - but I still can’t quit it (2018). https://www.cnbc.com/2018/05/16/personal-email-is-dead-but-i-still-cant-quit-it.html. Accessed 19 Jul 2021
IBM Watson marketing. marketing benchmark report: email and mobile metrics for smarter marketing (2018). https://www.ibm.com/downloads/cas/L2VNQYQ0. Accessed 29 Apr 2020
Lewis, C.: Using the “Thinking-aloud” method in cognitive interface design. Technical Report, IBM Thomas J. Watson Research Center, p. 6, Feb 1982. Accessed 24 May 2020
Likert, R.: A technique for the measurement of attitudes. Archi. Psychol. 22, 5–55 (1932). https://legacy.voteview.com/pdf/Likert_1932.pdf. Accessed 29 May 05 2020
Orman, H.: Encrypted Email. SCS, Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21344-6
PlayStore: FlowCrypt: encrypted email with PGP (2018). https://play.google.com/store/apps/details?id=com.flowcrypt.email. Accessed 13 Jul 2020
Rummel, B.: System usability scale - jetzt auch auf Deutsch (2015). https://experience.sap.com/skillup/system-usability-scale-jetzt-auch-auf-deutsch/. Accessed 29 May 2020
Ruoti, S., et al.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS) (2013). https://doi.org/10.1145/2501604.2501609. Accessed 01 May 2020
Ruoti, S., et al.: Private webmail 2.0: simple and easy-to-use secure email. In: Proceedings of the 29th Annual Symposium on User Interface Software and Technology (2016). https://doi.org/10.1145/2984511.2984580
Ruoti, S., et al.: We’re on the same page: a usability study of secure email using pairs of novice users. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI 16) (2016). https://doi.org/10.1145/2858036.2858400
Ruoti, S., et al.: Why Johnny still, still can’t encrypt: evaluating the usability of a modern PGP Client. (2015). arXiv: 1510.08555 [cs.CR]
Schrepp, M.: UEQ - user experience questionnaire (2018). https://www.ueq-online.org/. Accessed 29 May 2020
Schrepp, M., Hinderks, A., Thomaschewski, J.: Design and evaluation of a short version of the user experience questionnaire (UEQS). Int. J. Interact. Multimedia Artif. Intell. 4, 103 (2017). https://doi.org/10.9781/ijimai.2017.09.001
Sheng, S., et al.: Why johnny still can’t encrypt: evaluating the usability of email encryption software. In: 2006 Symposium On Usable Privacy and Security - Poster Session (2006)
Tomlinson, R.: The first email. http://openmap.bbn.com/~tomlinso/ray/firstemailframe.html. Accessed 04 Jun 2020
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: In Proceedings of the 8th USENIX Security Symposium (1999)
Acknowledgements
We thank Zinaida Benenson for the discussion and comments that greatly improved the manuscript.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Schiller, K., Adamsky, F. (2022). Work in Progress: Can Johnny Encrypt E-Mails on Smartphones?. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-10183-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10182-3
Online ISBN: 978-3-031-10183-0
eBook Packages: Computer ScienceComputer Science (R0)