Skip to main content

Work in Progress: Can Johnny Encrypt E-Mails on Smartphones?

  • 53 Accesses

Part of the Lecture Notes in Computer Science book series (LNCS,volume 13176)

Abstract

E-mail is nearly 50 years old and is still one of the most used communication protocols nowadays. However, it has no support for End-to-end encryption (E2EE) by default, which makes it inappropriate for sending sensitive information. This is why two e-mail encryption standards have been developed—namely, Secure/Multipurpose Internet Mail Extensions (S/MIME) and OpenPGP. Previous studies found that bad usability of encryption software can lead to software that is incorrectly used or not at all. Both consequences have a fatal impact on users’ security and privacy. In recent years, the number of e-mails that are read and written on mobile devices has increased drastically. In this paper, we conduct to the best of our knowledge, the first usability study of e-mail encryption apps on smartphones. We tested two mobile apps, one uses OpenPGP on Android and one uses S/MIME on iOS. In our usability study, we tested both apps with eleven participants and evaluated the usability with the System Usability Scale (SUS) and the Short Version of User Experience Questionnaire (UEQ-S). Our study shows that both apps have several usability issues which partly led to unencrypted e-mails and participants sending their passphrase instead of their public key.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-031-10183-0_9
  • Chapter length: 12 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-031-10183-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.

Notes

  1. 1.

    https://www.openpgp.org/.

  2. 2.

    https://flowcrypt.com/.

References

  1. Atwater, E., et al.: Leading Johnny to water: designing for usability and trust. In: Proceedings of the 11th Symposium On Usable Privacy and Security (SOUPS), p. 20 (2015). https://doi.org/10.5555/3235866.3235873

  2. Bangor, A., Kortum, P., Miller, J.: Determining what individual SUS scores mean: adding an adjective rating scale. J. Usability Stud. 4(3), 10 (2009)

    Google Scholar 

  3. Brandon, J.: It’s 2018 and email is already dead. here’s who zapped it into extinction (2018). https://www.inc.com/john-brandon/its-2018-email-is-already-dead-heres-who-zapped-it-into-extinction.html. Accessed 19 Jul 2021

  4. Brandon, J.: Why email will be obsolete by 2020. Library Catalog: www.inc.com Section: Vision 2020 (2015). https://www.inc.com/john-brandon/why-email-will-be-obsolete-by-2020.html. Accessed 20 May 2020

  5. Brooke, J.: SUS - a quick and dirty usability scale. Technical Report, p. 7 (1996)

    Google Scholar 

  6. Callas, J., et al.: OpenPGP message format. RFC 4880. RFC Editor, Nov 2007. http://www.rfc-editor.org/rfc/rfc4880.txt

  7. Email Statistics Report, 2019–2023. Technical Report, The Radicati Group, Inc., (2019). https://www.radicati.com/wp/wp-content/uploads/2018/12/Email-Statistics-Report-2019-2023-Executive-Summary.pdf

  8. Garfinkel, S.L.: Johnny 2: a user test of key continuity management with S/MIME and outlook express. In: Proceedings of the 1st Symposium On Usable Privacy and Security (SOUPS), pp. 13–24 (2005)

    Google Scholar 

  9. Haselton, T.: Personal email is dead - but I still can’t quit it (2018). https://www.cnbc.com/2018/05/16/personal-email-is-dead-but-i-still-cant-quit-it.html. Accessed 19 Jul 2021

  10. IBM Watson marketing. marketing benchmark report: email and mobile metrics for smarter marketing (2018). https://www.ibm.com/downloads/cas/L2VNQYQ0. Accessed 29 Apr 2020

  11. Lewis, C.: Using the “Thinking-aloud” method in cognitive interface design. Technical Report, IBM Thomas J. Watson Research Center, p. 6, Feb 1982. Accessed 24 May 2020

    Google Scholar 

  12. Likert, R.: A technique for the measurement of attitudes. Archi. Psychol. 22, 5–55 (1932). https://legacy.voteview.com/pdf/Likert_1932.pdf. Accessed 29 May 05 2020

  13. Orman, H.: Encrypted Email. SCS, Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21344-6

  14. PlayStore: FlowCrypt: encrypted email with PGP (2018). https://play.google.com/store/apps/details?id=com.flowcrypt.email. Accessed 13 Jul 2020

  15. Rummel, B.: System usability scale - jetzt auch auf Deutsch (2015). https://experience.sap.com/skillup/system-usability-scale-jetzt-auch-auf-deutsch/. Accessed 29 May 2020

  16. Ruoti, S., et al.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS) (2013). https://doi.org/10.1145/2501604.2501609. Accessed 01 May 2020

  17. Ruoti, S., et al.: Private webmail 2.0: simple and easy-to-use secure email. In: Proceedings of the 29th Annual Symposium on User Interface Software and Technology (2016). https://doi.org/10.1145/2984511.2984580

  18. Ruoti, S., et al.: We’re on the same page: a usability study of secure email using pairs of novice users. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI 16) (2016). https://doi.org/10.1145/2858036.2858400

  19. Ruoti, S., et al.: Why Johnny still, still can’t encrypt: evaluating the usability of a modern PGP Client. (2015). arXiv: 1510.08555 [cs.CR]

  20. Schrepp, M.: UEQ - user experience questionnaire (2018). https://www.ueq-online.org/. Accessed 29 May 2020

  21. Schrepp, M., Hinderks, A., Thomaschewski, J.: Design and evaluation of a short version of the user experience questionnaire (UEQS). Int. J. Interact. Multimedia Artif. Intell. 4, 103 (2017). https://doi.org/10.9781/ijimai.2017.09.001

  22. Sheng, S., et al.: Why johnny still can’t encrypt: evaluating the usability of email encryption software. In: 2006 Symposium On Usable Privacy and Security - Poster Session (2006)

    Google Scholar 

  23. Tomlinson, R.: The first email. http://openmap.bbn.com/~tomlinso/ray/firstemailframe.html. Accessed 04 Jun 2020

  24. Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: In Proceedings of the 8th USENIX Security Symposium (1999)

    Google Scholar 

Download references

Acknowledgements

We thank Zinaida Benenson for the discussion and comments that greatly improved the manuscript.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Katharina Schiller .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Schiller, K., Adamsky, F. (2022). Work in Progress: Can Johnny Encrypt E-Mails on Smartphones?. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10183-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10182-3

  • Online ISBN: 978-3-031-10183-0

  • eBook Packages: Computer ScienceComputer Science (R0)