abstract

Will You Log into Tinder using your Facebook Account? Adoption of Single Sign-On for Privacy-Sensitive Apps

Authors:

Eugene Cho,

Jinyoung Kim,

S. Shyam SundarAuthors Info & Claims

CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

Pages 1 - 7

https://doi.org/10.1145/3334480.3383074

Published: 25 April 2020 Publication History

Get Access

Abstract

When signing up for new mobile apps, users are often provided the option of using their Facebook or other social media credentials (i.e., single sign-on services; SSO). While SSO is designed to make the login process more seamless and convenient, recent social media data breaches may give pause to users by raising security concerns about their online transactions. In particular, users logging into sensitive services, such as dating apps, may feel hesitant to adopt SSO due to perceived potential data leakage to their social networks. We tested this proposition through a user study (N = 364) and found that individual differences in online security perceptions predict the use of SSO for certain sensitive services (e.g., affair apps), but not others (e.g., matchmaking apps). Informed by theory, potential mediators of this relationship (perceived security, ease of sharing, and usability) were also explored, thus shedding light on psychologically salient drivers of SSO adoption.

References

[1]

Reuben M. Baron and David A. Kenny. 1986. The moderator-mediator variable distinction in social psychological research: Conceptual, strategic and statistical considerations. Social Psychology 51: 1173--1182.

Google Scholar

[2]

Saraswathi Bellur and S. Shyam Sundar. 2014. How can we tell when a heuristic has been used? Design and analysis strategies for capturing the operation of heuristics. Communication Methods and Measures 8, 2: 116--137. https://doi.org/10.1080/19312458.2014.903390

Crossref

Google Scholar

[3]

Matt Burgess. 2018. Facebook's massive hack exposes the flaws with social logins. Wired.com. Retrieved from https://www.wired.co.uk/article/facebook-hackbeach-single-sign-on-social-login

Google Scholar

[4]

Serge Egelman. 2013. My profile is my password, verify me!: the privacy/convenience tradeoff of facebook connect. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13, 2369. https://doi.org/10.1145/2470654.2481328

Digital Library

Google Scholar

[5]

Alison P. Lenton and Angela Bryan. 2005. An affair to remember: The role of sexual scripts in perceptions of sexual intent. Personal Relationships 12, 4: 483--498. https://doi.org/10.1111/j.14756811.2005.00127.x

Crossref

Google Scholar

[6]

Donie O'Sullivan. 2018. Tinder, Pinterest and others struggle to determine how Facebook hack affects their users. CNN. Retrieved from https://www.cnn.com/2018/10/01/tech/facebookhack-tinder-pinterest/index.html

Google Scholar

[7]

Donna Salas and Kay E. Ketzenberger. 2004. Associations of sex and type of relationship on intimacy. Psychological Reports 94, 3_suppl: 1322--1324. https://doi.org/10.2466/pr0.94.3c.1322--1324

Crossref

Google Scholar

[8]

W. David Salisbury, Rodney A. Pearson, Allison W. Pearson, and David W. Miller. 2001. Perceived security and World Wide Web purchase intention. Industrial Management & Data Systems 101, 4: 165--177. https://doi.org/10.1108/02635570110390071

Crossref

Google Scholar

[9]

San-Tsai Sun and Konstantin Beznosov. 2012. The devil is in the (implementation) details: An empirical analysis of OAuth SSO systems. In Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12, 378. https://doi.org/10.1145/2382196.2382238

Digital Library

Google Scholar

[10]

Rui Wang, Shuo Chen, and XiaoFeng Wang. 2012. Signing me onto your accounts through Facebook and Google: A traffic-guided security study of commercially deployed single-sign-on web services. In 2012 IEEE Symposium on Security and Privacy, 365--379. https://doi.org/10.1109/SP.2012.30

Digital Library

Google Scholar

[11]

Bo Zhang, Mu Wu, Hyunjin Kang, Eun Go, and S. Shyam Sundar. 2014. Effects of security warnings and instant gratification cues on attitudes toward mobile websites. In Proceedings of the 32nd annual ACM conference on Human factors in computing systems - CHI '14, 111--114. https://doi.org/10.1145/2556288.2557347

Digital Library

Google Scholar

Cited By

View all

Maceiras MSalehzadeh Niksirat KBernard GGarbinato BCherubini MHumbert MHuguenin K(2024)Know their Customers: An Empirical Study of Online Account Enumeration AttacksACM Transactions on the Web10.1145/366420118:3(1-36)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3664201
Petrie HSreekumar GShahandashti S(2024)Understanding Users’ Mental Models of Federated Identity Management (FIM): Use of a New Tangible Elicitation MethodHuman Aspects of Information Security and Assurance10.1007/978-3-031-72559-3_21(308-322)Online publication date: 28-Nov-2024
https://doi.org/10.1007/978-3-031-72559-3_21
Sun YDrivas MLiao MSundar S(2023)When Recommender Systems Snoop into Social Media, Users Trust them Less for Health AdviceProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581123(1-14)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581123
Show More Cited By

Index Terms

Will You Log into Tinder using your Facebook Account? Adoption of Single Sign-On for Privacy-Sensitive Apps
1. Security and privacy
  1. Software and application security
    1. Social network security and privacy

Recommendations

Android single sign-on security: Issues, taxonomy and directions
Abstract
Single Sign-On (SSO) is a mechanism that allows a user to log in to other applications using his identity registered with an identity provider. One of the most popular protocols for SSO is OAuth 2.0, which is an open standard for ...
Highlights
- We present OAuth 2.0 authorization code grant flow and implicit grant flow in detail and summarize the differences between the Web environment and the ...
Security, privacy and trust in Internet of Things

Internet of Things (IoT) is characterized by heterogeneous technologies, which concur to the provisioning of innovative services in various application domains. In this scenario, the satisfaction of security and privacy requirements plays a fundamental ...
Access Control for Apps Running on Constrained Devices in the Internet of Things
SIOT '14: Proceedings of the 2014 International Workshop on Secure Internet of Things

The increasing interest in applications for the Internet of Things (IoT) has led to the widespread use of efficientbut limited operating systems like Contiki OS. Applicationsrunning on constrained devices in the IoT should only beable to access those ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CHI EA '20: Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems

April 2020

4474 pages

ISBN:9781450368193

DOI:10.1145/3334480

General Chairs:
Regina Bernhaupt
Eindhoven University of Technology, Netherlands
,
Florian 'Floyd' Mueller
Monash University, Australia
,
David Verweij
Newcastle University, UK
,
Josh Andres
RMIT, Australia
,
Program Chairs:
Joanna McGrenere
University of British Columbia, Canada
,
Andy Cockburn
University of Canterbury, New Zealand
,
Ignacio Avellino
University of Maryland Baltimore County, USA
,
Alix Goguey
Grenoble Alpes University, France
,
Pernille Bjørn
University of Copenhagen, Denmark
,
Shengdong (Shen) Zhao
National University of Singapore, Singapore
,
Briane Paul Samson
Future University Hakodate, Japan & De La Salle University, Philippines
,
Rafal Kocielnik
University of Washington, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 April 2020

Check for updates

Author Tags

Qualifiers

Abstract

Funding Sources

U. S. National Science Foundation

Conference

CHI '20

Sponsor:

SIGCHI

CHI '20: CHI Conference on Human Factors in Computing Systems

April 25 - 30, 2020

HI, Honolulu, USA

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
394
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)6

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Maceiras MSalehzadeh Niksirat KBernard GGarbinato BCherubini MHumbert MHuguenin K(2024)Know their Customers: An Empirical Study of Online Account Enumeration AttacksACM Transactions on the Web10.1145/366420118:3(1-36)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3664201
Petrie HSreekumar GShahandashti S(2024)Understanding Users’ Mental Models of Federated Identity Management (FIM): Use of a New Tangible Elicitation MethodHuman Aspects of Information Security and Assurance10.1007/978-3-031-72559-3_21(308-322)Online publication date: 28-Nov-2024
https://doi.org/10.1007/978-3-031-72559-3_21
Sun YDrivas MLiao MSundar S(2023)When Recommender Systems Snoop into Social Media, Users Trust them Less for Health AdviceProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581123(1-14)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581123
Grüner AMühle ARümmler NKadric AMeinel C(2023)Quo Vadis, Web Authentication? – An Empirical Analysis of Login Methods on the InternetAdvanced Information Networking and Applications10.1007/978-3-031-28694-0_45(471-479)Online publication date: 15-Mar-2023
https://doi.org/10.1007/978-3-031-28694-0_45
Pratama AFirmansyah FRahma F(2022)Security awareness of single sign-on account in the academic community: the roles of demographics, privacy concerns, and Big-Five personalityPeerJ Computer Science10.7717/peerj-cs.9188(e918)Online publication date: 11-Mar-2022
https://doi.org/10.7717/peerj-cs.918

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Index Terms

Recommendations

Android single sign-on security: Issues, taxonomy and directions

Security, privacy and trust in Internet of Things

Access Control for Apps Running on Constrained Devices in the Internet of Things

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations