Home Research Personal FAQ Bio
What's New?
Mar 13, 2014
Our paper entitled Styx: Design and Evaluation of a New Privacy Risk Communication Method for Smartphones was accepted to SEC 2014.

Mar 10, 2014
I gave a one hour overview of UX and UI design. See the slides here.

Feb 27, 2014
Our paper entitled QuiltView: a Crowd-Sourced Video Response System was presented at HotMobile 2014. See the paper here.

Feb 26, 2014
Our group's work on predictive analytics was listed by the World Economic Forum as one of the top ten emerging technologies of 2014. See the article here.

Feb 25, 2014
I was interviewed on CBS Morning Show regarding mobile apps, privacy, and the new Blackphone smartphone. See the interview here.

Feb 23, 2014
Our paper entitled The Privacy and Security Behaviors of Smartphone App Developers was presented at USEC 2014. See the paper here.

Feb 14, 2014
Google is kindly funding our group's research on Chelada: Integrating the Web with Context-Aware Mobile Computing.

Dec 9, 2013
Two of our group's papers were accepted to CHI 2014:

Nov 1, 2013
Samsung is kindly funding our work on context-aware mobile computing.

Oct 25, 2013
Gave a talk at PopTech 2013 on ubicomp sensing and privacy. See the slides and video here.

Oct 14, 2013
Congratulations to Jialiu Lin on successfully defending her dissertation, entitled Understanding and Capturing People's Mobile App Privacy Preferences. See her dissertation here.

Sep 18, 2013
Google has kindly sent us 10 units of Google Glass plus some funds to do research on them.

Sep 9, 2013
Our group's paper entitled Memorability of the Mundane: Exploring Capturable Everyday Memory for Autobiographical Authentication was presented at Ubicomp 2013. See the paper here.

Aug 27, 2013
Our group's paper entitled Investigating Collaborative Mobile Search Behaviors was presented at Mobile HCI 2013. See the paper here.

Aug 26, 2013
Wrote up a blog entry on Blog@CACM on Privacy and Google Glass.

Aug 11, 2013
Our group's paper entitled Why People Hate Your App — Making Sense of User Feedback in a Mobile App Store was presented at KDD 2013. See the paper here.

Aug 9, 2013
Gave a talk at ISSA CISO Executive Forum on Leveraging Human Factors for Effective Security Training. See the slides here.

Aug 1, 2013
I'm the current head of our Master's of Human-Computer Interaction program.

Jul 10, 2013
Gave a talk to middle school students on Staying Safe Online. See the slides here.

Jul 9, 2013
Our group's paper entitled CASA: Context-Aware Scalable Authentication was presented at SOUPS 2013. See the paper here.

Jul 1, 2013
The National Science Foundation has funded Laura Dabbish and my proposal on Social Cybersecurity, which looks at how to apply social psychology techniques to cybersecurity.

Jul 1, 2013
Our group's research on smartphone app privacy was featured in the CMU Today magazine.

Jun 24, 2013
Gave a talk at HCIC 2013 on HCI and Smartphone Data at Scale. See the slides here.

Jun 12, 2013
Gave a talk at International Association of Privacy Professionals annual Navigate conference. Slides and YouTube video here.

Apr 1, 2013
Our group's paper entitled RelationGram: Tie-Strength Visualization for User-Controlled Online Identity Authentication was presented at Financial Crypto 2013. See the paper here.

Feb 28, 2013
Congratulations to Guang Xiang on successfully defending his dissertation, entitled Toward a Phish Free World: A Feature-type-aware Cascaded Learning Framework for Phish Detection. See his dissertation here.

Feb 23, 2013
Our group's paper entitled Mining Smartphone Data to Classify Life-Facets of Social Relationships was presented at CSCW 2013. See the paper here.

Feb 1, 2013
Google is funding our group's research on CrowdScanning, which looks at how to combine crowdsourcing, static analysis, and dynamic analysis to improve mobile app privacy and security.

Dec 26, 2012
Our work on smartphone app privacy was featured on the CBS Morning Show.

Nov 30, 2012
Here is an extended analysis of the most unexpected behaviors we found in smartphone apps. This work is based on our Ubicomp 2012 paper on Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing.

The image below shows the level of surprise for different kinds of permissions. In our study, we operationalized privacy by looking at the difference between what people think an app does, and what it actually does. For example, the figure below shows that 80% of people in our study were surprised that Angry Birds uses location data.

Nov 5, 2012
Published a blog article in CACM entitled PhDs from the Faculty's Perspective

Oct 28, 2012
Our group's work on app scanning is mentioned in a NYTimes article about unusual behaviors of smartphone apps.

Oct 14, 2012
Had a lot of fun at the Kavli Frontiers of Science (15th Chinese-American Symposium). It really amazed me as to the range of challenges that folks in other fields were facing, the tools and methods they used, plus the sheer challenges of complexity (especially in the life sciences).

Interestingly, one common theme I heard from several folks when I asked them about the toughest challenges in their field was that they were rapidly accumulating lots of facts (thanks to breakthroughs in tools) but had a hard time distilling those facts into useful and understandable kinds of models.

Aug 21, 2012
NSF will be funding our research on combining crowdsourcing with static and dynamic analysis for evaluating the privacy of Android apps. This is work with Janne Lindqvist at Rutgers and Joy Zhang at CMU Silicon Valley.

Aug 1, 2012
Mary Baker and I have created a subreddit for Pervasive Computing, meant as a shared community resource. Please join and share news articles, your works in progress, cool videos, discussion of research papers, conference reports, calls for papers, and more. Items shared may also be incorporated into a community column that Mary and I are heading up for IEEE Pervasive Computing magazine.

Research Overview
My research group is called CHIMPS (Computer Human Interaction: Mobility Privacy Security). My main research interests are in:
  • ubiquitous computing, especially context-aware and mobile social computing
  • usable privacy and security for ubicomp and cloud computing environments

I'm an associate editor for IEEE Pervasive and for ACM TOCHI. I have participated on DARPA's Computer Science Study Panel (CS2P), am an Alfred P. Sloan Research Fellow, a Kavli Fellow, and a PopTech fellow. I'm also a co-founder of Wombat Security Technologies.

Our research group has been generously funded through a number of sources, including the National Science Foundation, DARPA, the Army Research Office, Microsoft, Nokia Research, Intel, Google, Portugal Telecom, Pitney Bowes, CMU Cylab, NQ, Samsung, Yahoo!, the Institute for the Study of Entrepreneurship, Innovation, and Technology, and the Alfred P. Sloan Foundation.

I also help run the Pervasive Computing subreddit (please join!). I also write for BLOG@CACM and Wombat Security Technologies' blog.

Current Research
Research Overview
In the near future, our smartphones will know almost everything about us. These advances will offer us significant benefits in terms of healthcare, urban planning, information retrieval and more. However, at the same time, these advances pose significant new privacy challenges. My research looks at both of these issues. How can we use this rich smartphone information in meaningful ways? At the same time, how can we improve the entire ecosystem around our personal data? You can see a short 5-minute video at PopTech summarizing my research on smartphones and privacy.

Recent Papers (See all publications here)
Augmented Social Graph
Smartphones and social networking services are both experiencing meteoric rates of adoption from people across most demographics. Combining smartphone data with social networking data creates an exciting new opportunity to observe and investigate social behavior at a level of detail and at a massive scale never before possible. Our goal is to build a better computational model of social relationships, capturing tie strength, groups, and roles.

See our CSCW 2013 paper on Mining Smartphone Data to Classify Life-Facets of Social Relationships.

Context-Aware Scalable Authentication
Passwords were a good idea when we only had a few of them, but are having serious problems scaling up, especially as more ubicomp services and cloud computing services are deployed. Our goal with this project is to understand how to simplify authentication using a number of sensors and behavioral models, while also maintaining adequate levels of security.

See our SOUPS 2013 paper on CASA and our Ubicomp 2013 paper on autobiographical authentication.

CrowdScanning Android Apps
Mobile smartphone apps can make use of a smartphone's numerous capabilities — including network access, data storage, and sensors detecting motion, location, and sound level — and personal data, such as one's call logs and contacts list. These capabilities allow developers to create rich and compelling applications, but can also lead to new kinds of spyware, malware, and privacy intrusions. Our goal is to (a) develop a series of scalable techniques that combine crowdsourcing with static and dynamic analysis, to understand what mobile apps are really doing, and (b) design and evaluate better ways of communicating these behaviors to end-users.

See our Ubicomp 2012 paper examining the feasibility of using crowdsourcing to evaluate privacy policies. Part of our work was also mentioned in a NYTimes article about unusual behaviors of smartphone apps. You can also see an extended analysis of smartphone apps here.

The CHIMPS Research Team
Our research group is CHIMPS (Computer Human Interaction: Mobility Privacy Security). We have an amazingly talented group of PhD students and post-docs:
  • Afsaneh Doryab, working on smartphones, social relationships, and mental health
  • Jun Ki Min, working on data mining social relationships from smartphone data
  • Jason Wiese, co-advised with John Zimmerman, working on understanding social relationships using smartphone and social network data
  • Eiji Hayashi, working on streamlining authentication in ubicomp and cloud computing environments
  • Shah Amini, working on privacy and security for mobile apps
  • Sauvik Das, working on social dimensions of cybersecurity
  • Song Luan, working on large-scale analysis of the privacy of smartphone apps
  • Dan Tasse, working on analytics and urban computing
Some alums of the CHIMPS group:

Some of My Writings and Other Stuff I Helped Create
Blogs and social news sites I contribute to Web Design Patterns Design Patterns for Ubiquitous Computing Rapid Prototyping and Evaluation Tools Instructor Guides and Overviews Anti-Phishing Phil Advice for PhD students and Grad School Applicants My Cybersecurity Advice (for general audiences) Some Opinions The Design of Sites
I co-authored a book on web site design, which uses the notion of web design patterns as a way for facilitating the design of customer-centered web sites. Check out the web site for our book The Design of Sites. Our book has been translated into Polish, Chinese, Korean (and possibly other languages as well).
Currently Teaching (Fall 2013)
  • None, I'm currently the director of our Master's of HCI program
Past Courses Taught
Current Service Past Service