Chris Geeng, New York University; Natalie Chen, Northeastern University; Kieron Ivy Turk, University of Cambridge; Jevan Hutson, University of Washington School of Law; Damon McCoy, New York University
Vault apps and hidden albums are tools used to encrypt and hide sensitive photos, videos, and other files. While security researchers have analyzed how technically secure they are, there is little research to understand how and why users use vault apps, and whether these tools meet their needs. To understand user threat models for vault apps, we conducted semi-structured interviews (N = 18) with U.S. adult vault app users. We find our participants store intimate media, non-sexual body images, photos of partying and drinking, identification documents, and other sensitive files. Participants primarily used vault apps to prevent accidental content exposure from shoulder surfing or phone sharing, whether in public or with and around close ties. Vault apps were not used to prevent a technically proficient adversary from accessing their files. We find that vault apps prevent context collapse when sharing devices, similar to how privacy settings prevent context collapse on social media. We conclude with recommendations for research aligning with user threat models, and design recommendations for vault apps.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Chris Geeng and Natalie Chen and Kieron Ivy Turk and Jevan Hutson and Damon McCoy},
title = {"Say I{\textquoteright}m in {public...I} don{\textquoteright}t want my nudes to pop up." User Threat Models for Using Vault Applications},
booktitle = {Twentieth Symposium on Usable Privacy and Security (SOUPS 2024)},
year = {2024},
isbn = {978-1-939133-42-7},
address = {Philadelphia, PA},
pages = {433--451},
url = {https://www.usenix.org/conference/soups2024/presentation/geeng},
publisher = {USENIX Association},
month = aug
}