Snooping on Snoopers: Logging as a Security Response to Physical Attacks on Mobile Devices

When users leave their mobile devices unattended, or let others use them momentarily, they are susceptible to privacy breaches. Existing technological defenses, such as unlock authentication or account switching, have proven to be unpopular. We conducted interviews to uncover practices users currently engage in to cope with the threat, and found that it is common for users to try to keep their devices under close supervision at all times. One obstacle to this strategy is that displaying such protective behavior can be detrimental to social relationships. To address these concerns, we built a software tool that gathers activity logs in the background. Logs can later be reviewed as a timeline of opened apps and the actions performed within each, with events decorated with pictures captured inconspicuously with the front-facing camera. We evaluated this approach in a user study, and found participants to be generally eager to adopt the technology, although in different ways. Most users foresaw using it as a deterrent, or to check if they were snooped on, if that suspicion were ever to arise. Yet, some voiced the intention of creating "honey traps". The results highlight both the opportunities and the potential dangers of the logging approach.