Out of Your Hands: Privacy Challenges when Personal Devices are not in Users' Possession

Thumbnail Image
Ceci, Jason
Journal Title
Journal ISSN
Volume Title
University of Guelph

The vast majority of North Americans own personal devices, such as smartphones and laptops. Much research has been conducted on protecting users’ privacy while using personal devices. On the other hand, the privacy implications of common everyday cases where users hand off their personal devices to untrusted individuals has not been well explored. This thesis looks at two such cases: when users dispose of their old devices and when users get their devices repaired. Through a survey and semi-structured interviews, we determine how old devices are disposed of, how users sanitize their devices prior to disposal, and what popular misconceptions lead to data leaks in disposed-of devices. We then investigate the privacy implications of device repair transactions by conducting a holistic four-part study. This thesis provides controls, suggestions and actions for the different stakeholders and regulatory agencies to improve the state of privacy for consumers.

usable privacy, usable security, repair privacy, privacy violations, smartphone repair, privacy policy, smartphone disposal, sanitizing smartphones, factory reset, data leak, data deletion, device snooping
J. Ceci, H. Khan, U. Hengartner, and D. Vogel. Concerned but ineffective: User perceptions, methods, and challenges when sanitizing old devices for disposal. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), pages 455�??474, 2021.