Skip to main content
SpringerLink
Log in

Work in Progress: Can Johnny Encrypt E-Mails on Smartphones?

  • Conference paper
  • First Online:
Socio-Technical Aspects in Security (STAST 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13176))

Included in the following conference series:

  • 502 Accesses

Abstract

E-mail is nearly 50 years old and is still one of the most used communication protocols nowadays. However, it has no support for End-to-end encryption (E2EE) by default, which makes it inappropriate for sending sensitive information. This is why two e-mail encryption standards have been developed—namely, Secure/Multipurpose Internet Mail Extensions (S/MIME) and OpenPGP. Previous studies found that bad usability of encryption software can lead to software that is incorrectly used or not at all. Both consequences have a fatal impact on users’ security and privacy. In recent years, the number of e-mails that are read and written on mobile devices has increased drastically. In this paper, we conduct to the best of our knowledge, the first usability study of e-mail encryption apps on smartphones. We tested two mobile apps, one uses OpenPGP on Android and one uses S/MIME on iOS. In our usability study, we tested both apps with eleven participants and evaluated the usability with the System Usability Scale (SUS) and the Short Version of User Experience Questionnaire (UEQ-S). Our study shows that both apps have several usability issues which partly led to unencrypted e-mails and participants sending their passphrase instead of their public key.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.openpgp.org/.

  2. 2.

    https://flowcrypt.com/.

References

  1. Atwater, E., et al.: Leading Johnny to water: designing for usability and trust. In: Proceedings of the 11th Symposium On Usable Privacy and Security (SOUPS), p. 20 (2015). https://doi.org/10.5555/3235866.3235873

  2. Bangor, A., Kortum, P., Miller, J.: Determining what individual SUS scores mean: adding an adjective rating scale. J. Usability Stud. 4(3), 10 (2009)

    Google Scholar 

  3. Brandon, J.: It’s 2018 and email is already dead. here’s who zapped it into extinction (2018). https://www.inc.com/john-brandon/its-2018-email-is-already-dead-heres-who-zapped-it-into-extinction.html. Accessed 19 Jul 2021

  4. Brandon, J.: Why email will be obsolete by 2020. Library Catalog: www.inc.com Section: Vision 2020 (2015). https://www.inc.com/john-brandon/why-email-will-be-obsolete-by-2020.html. Accessed 20 May 2020

  5. Brooke, J.: SUS - a quick and dirty usability scale. Technical Report, p. 7 (1996)

    Google Scholar 

  6. Callas, J., et al.: OpenPGP message format. RFC 4880. RFC Editor, Nov 2007. http://www.rfc-editor.org/rfc/rfc4880.txt

  7. Email Statistics Report, 2019–2023. Technical Report, The Radicati Group, Inc., (2019). https://www.radicati.com/wp/wp-content/uploads/2018/12/Email-Statistics-Report-2019-2023-Executive-Summary.pdf

  8. Garfinkel, S.L.: Johnny 2: a user test of key continuity management with S/MIME and outlook express. In: Proceedings of the 1st Symposium On Usable Privacy and Security (SOUPS), pp. 13–24 (2005)

    Google Scholar 

  9. Haselton, T.: Personal email is dead - but I still can’t quit it (2018). https://www.cnbc.com/2018/05/16/personal-email-is-dead-but-i-still-cant-quit-it.html. Accessed 19 Jul 2021

  10. IBM Watson marketing. marketing benchmark report: email and mobile metrics for smarter marketing (2018). https://www.ibm.com/downloads/cas/L2VNQYQ0. Accessed 29 Apr 2020

  11. Lewis, C.: Using the “Thinking-aloud” method in cognitive interface design. Technical Report, IBM Thomas J. Watson Research Center, p. 6, Feb 1982. Accessed 24 May 2020

    Google Scholar 

  12. Likert, R.: A technique for the measurement of attitudes. Archi. Psychol. 22, 5–55 (1932). https://legacy.voteview.com/pdf/Likert_1932.pdf. Accessed 29 May 05 2020

  13. Orman, H.: Encrypted Email. SCS, Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21344-6

  14. PlayStore: FlowCrypt: encrypted email with PGP (2018). https://play.google.com/store/apps/details?id=com.flowcrypt.email. Accessed 13 Jul 2020

  15. Rummel, B.: System usability scale - jetzt auch auf Deutsch (2015). https://experience.sap.com/skillup/system-usability-scale-jetzt-auch-auf-deutsch/. Accessed 29 May 2020

  16. Ruoti, S., et al.: Confused Johnny: when automatic encryption leads to confusion and mistakes. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS) (2013). https://doi.org/10.1145/2501604.2501609. Accessed 01 May 2020

  17. Ruoti, S., et al.: Private webmail 2.0: simple and easy-to-use secure email. In: Proceedings of the 29th Annual Symposium on User Interface Software and Technology (2016). https://doi.org/10.1145/2984511.2984580

  18. Ruoti, S., et al.: We’re on the same page: a usability study of secure email using pairs of novice users. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI 16) (2016). https://doi.org/10.1145/2858036.2858400

  19. Ruoti, S., et al.: Why Johnny still, still can’t encrypt: evaluating the usability of a modern PGP Client. (2015). arXiv: 1510.08555 [cs.CR]

  20. Schrepp, M.: UEQ - user experience questionnaire (2018). https://www.ueq-online.org/. Accessed 29 May 2020

  21. Schrepp, M., Hinderks, A., Thomaschewski, J.: Design and evaluation of a short version of the user experience questionnaire (UEQS). Int. J. Interact. Multimedia Artif. Intell. 4, 103 (2017). https://doi.org/10.9781/ijimai.2017.09.001

  22. Sheng, S., et al.: Why johnny still can’t encrypt: evaluating the usability of email encryption software. In: 2006 Symposium On Usable Privacy and Security - Poster Session (2006)

    Google Scholar 

  23. Tomlinson, R.: The first email. http://openmap.bbn.com/~tomlinso/ray/firstemailframe.html. Accessed 04 Jun 2020

  24. Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: In Proceedings of the 8th USENIX Security Symposium (1999)

    Google Scholar 

Download references

Acknowledgements

We thank Zinaida Benenson for the discussion and comments that greatly improved the manuscript.

Author information

Authors and Affiliations

  1. Institute of Information Systems (iisys), Hof University of Applied Sciences, Hof, Germany

    Katharina Schiller & Florian Adamsky

Authors
  1. Katharina Schiller
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Florian Adamsky
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katharina Schiller .

Editor information

Editors and Affiliations

  1. Delft University of Technology, Delft, The Netherlands

    Simon Parkin

  2. King's College London, London, UK

    Luca Viganò

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schiller, K., Adamsky, F. (2022). Work in Progress: Can Johnny Encrypt E-Mails on Smartphones?. In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10183-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10182-3

  • Online ISBN: 978-3-031-10183-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation