A Survey about User Requirements for BiometricAuthentication on Smartphones

Nedaa ZirjawiUniversity of Hamburg

Hamburg, Germanyzirjawi@informatik.uni-hamburg.de

Zijad KurtanovicUniversity of Hamburg

Hamburg, Germanykurtanovic@informatik.uni-hamburg.de

Walid MaalejUniversity of Hamburg

Hamburg, Germanymaalej@informatik.uni-hamburg.de

Abstract—The increasing number of smartphone users stressesthe need for an improved protection of users’ personal data, suchas health information, personal identifiers and financial data. Onetrend to address this need is the adoption of biometric authentica-tion techniques such as fingerprint and iris recognition. We reporton a study that examines user requirements and preferencesfor biometric authentication on smartphones with the focus oniris recognition. We surveyed users about their perception ofdifferent biometric authentication techniques in terms of trust,information security, and data privacy. Furthermore, we assessedtradeoffs that users are willing to accept for additional security.We also examined usability requirements for iris recognitionand identified trends between different demographic groups. Wediscuss the findings and emphasize the need for an improved,data-driven, understanding of the emerging requirements forsuch biometric mobile systems.

I. INTRODUCTION

With the increasing use of smartphones users are startingto worry about their privacy and security of their data. Thesecurity of the user’s personal data is vital, especially whenit comes to medical information, personal identifiers, financialdata, or other personal information that can, e.g., be stolen,sold, or misused by an identity spoofer. Users and softwarevendors are more and more relying on other forms of authen-tication than conventional username and password or a PIN.One of the most promising approaches is the use of biometrics.

Biometrics is broadly defined as the metrics that measureusers physiological, behavioral, or genetic characteristics. Re-cently, biometrics has been receiving an extensive attention incomputer science with increasing demands for personal iden-tification and access control on smartphones. Biometric-basedauthentication can be divided into two modes: identification(Who owns this biometric?) and verification (Am I the personI claim to be?). In the literature, the term authentication issometimes used as a synonym for verification [12].

Biometric authentication aims to recognize a user by usingbiometric data such as fingerprints [3], iris [1], face [10], gait[18], signature [2], and voice [19]. Among many biometricstechniques, iris recognition is one of the most promisingapproaches due to its high reliability for verifying the identityof individuals [4], [11]. The technology has been widelyacknowledged within the biometric industry as the mostaccurate, stable, and scalable human authentication system.Iris recognition identifies a human to a degree of accuracy

surpassing even DNA matching [13]. It relies on camerasthat enable a contactless and efficient capturing of the irisimage and works with glasses and contact lenses. Furthermore,iris images are stable over lifetime and thus need only oneenrollment per user [4].

With the increasing quality of the built-in cameras of smart-phones, we expect more systems in the near future that usebiometrics in general and iris recognition in particular. This isalso encouraged by the first public iris image dataset populatedwith images captured by smartphones such as Apple’s iPhone5 and Samsung’s Galaxy IV [6]. In particular, this can facilitatenew studies on the evaluation and comparison of the differentiris recognition algorithms on smartphones.

Yet, iris recognition on smartphones has major usabilitychallenges. First, built-in back cameras are typically betterthan the front cameras but do not offer a visual feedback to theuser when taking a picture of the iris. Second, mobile devicesare more difficult to hold steady, which in turn increases thelikelihood of camera shakes and produces noisy photographsof poor quality such as out-of-focus, motion blur, occlusion,and specular reflection. Finally, mobile devices are used any-where, which makes controlling the environment unfeasible.

In this paper, we study how users perceive biometric-basedauthentication on smartphones. Our goal is to gather, analyze,and understand user requirements when designing such fea-tures. We focus part of the study on the iris recognition andits usability requirements. In Section II we briefly introducethe study design. Section III reports on the results for privacyand security requirements as well as preferences of the usersabout biometrics in general. Section IV focuses on the resultsfor the iris recognition. Section V discusses the findings andtheir limitations. Finally Section VI summarizes the relatedwork while Section VII concludes the paper.

II. STUDY DESIGN

Our study focuses on answering the following researchquestions:

• How do users think of and trust biometrics authenticationon smartphones to solve security and privacy issues?

• How do users perceive the usability and privacy tradeoffsfor iris recognition and what are their preferences?

• Do demographic factors (e.g. age and smartphone) haveimpacts on users preferences?

IEE

E c

opyr

ight

ed p

aper

- A

ccep

ted

for p

ublic

atio

n at

IEE

E R

E 2

015

- Aut

hors

' ver

sion

of t

he w

ork

Industry or public sector

Self employedAcademia or research

I'm student

Housework, childcare, unemployed or retired

(a) Affiliation

Android

BlackBerry

iPhone / iOS

Windows MobileOthers

I don’t have a smartphone

(b) Smartphones

Usually (I use it for almost everything)

Often (I use it regularly for work and private tasks)

Seldom (just when I really have to)

Never

(c) Smartphone Usage

Fig. 1: Demographics of respondents in the online survey. N=139

For answering these questions we designed an online survey,which included 20 questions and was available in two Englishand German. The survey consisted of two main parts. Thefirst part addresses users’ perception of the security andprivacy regarding the biometric authentication on smartphones.The second part focuses on users’ perception of using irisrecognition on smartphones. We also collected demographicinformation of users such as age, sex, geography, location, andemployment status. Finally we checked whether a user has anyIT-background, which smartphone she currently uses, and howoften she uses it. In total, there were 18 closed questions and2 questions allowing the user to propose additional commentsin form of free text answers.

We used a semantic scale [15] to assess general users’perceptions of security and privacy when using a smartphone,the perceptions on trust of different authentication techniques,and the criticality of using different authentication techniques.We combine the count of positive scales (e.g. “I fully trust”and “I trust”) or negative scales (“I do not trust” and “I fullydo not trust”) to report on the differences between groupsof respondents. The survey forms and the anonymized rawanswers can be downloaded from https://mobis.informatik.uni-hamburg.de/biometrics-on-smartphones/.

We ran the survey from April until June 2015. Overall,the survey took about 10 minutes to answer. We received172 responses, out of which 141 were fully answered (83%completion rate). We selected only fully answered responsesas candidates for further analysis. After filtering the invalidanswers (i.e., wrongly answered validation questions such as“sum of 2 and 2”) we had 139 valid responses.

The majority of respondents (52%) were 25 to 44 yearsold, while 39 were of age between 15 and 24 years. Theratio of males and female respondents is about 2:1. 47% ofthe respondents indicated that they had an IT-background, i.e.they study or work in a field related to IT, computer engi-neering, or computer science. Figure 1a shows respondents’affiliations. 56% of respondents were students, while almostequal proportion of users came from academia / research andindustry / public sector. Figure 1b shows the distribution ofsmartphones used by the respondents. The majority (57%)had a smartphone with an Android system. The second largest

group (32%) used iPhones and iOS systems. The frequenciesof smartphone usage are shown in 1c. Almost half of therespondents stated that they usually use their smartphones.

To check the reliability of the results, we calculated Cron-bachs α for each scale-measured concept. This measure as-sesses the internal consistency of the survey variables and isrecommended for semantic scales [14], [17]. Cronbachs α hadan average value of 0.67.

We tested the statistical significance of the differencesby using the Mann-Whitney-Wilcoxon test (also known asWilcoxon rank sum test). This allowed us to reveal statis-tical significant differences between subpopulations such asAndroid and iPhone users, or between users’ concerns onsecurity and privacy. Wilcoxon test is considered appropriatefor ordered semantic scales and subsamples of different sizes[7]. We used the Kendells τ rank correlation coefficient tofind significant correlations. We report only on statisticallysignificant results using a significance level of 0.01 as athreshold. P-values greater than 0.01 are not reported.

III. SECURITY AND PRIVACY ON SMARTPHONES

a) Security and privacy: As shown on Figure 2, respon-dents agreed on the importance of data protection and data se-curity on smartphones (e.g. encrypt data and protect the phonefrom being stolen, misused, hacked etc.). The importance ofprivacy (i.e. protecting own private data as user’s name, user’slocation, what the user is doing, etc.) was similarly high.We found a strong positive correlation between security andprivacy importance (p < 0.001, Kendell’s τ ≈ 0.44).

22%

23%

78%

77%

100 50 0 50 100Percentage

Not so important Slightly important Very importantExtremely important (I would do every possible thing for this)

Privacy

Security

Fig. 2: Respondents’ assessments for security and privacyimportance when using smartphones.

IEE

E c

opyr

ight

ed p

aper

- A

ccep

ted

for p

ublic

atio

n at

IEE

E R

E 2

015

- Aut

hors

' ver

sion

of t

he w

ork

For older respondents data protecting and information se-curity on smartphones was more important than for youngerrespondents. In particular, 85% of respondents who agedbetween 25-44 years expressed a high importance, in contrastto 67% of respondents of 15-24 years age.

b) Security Trust: We then asked the respondents abouthow much they trust different techniques for securing theirsmartphone data. We also aimed with this question to assessthe difference in trust between biometric techniques and tra-ditional authentication techniques such as password or PIN.It seems that users trust popular techniques more, as shownon Figure 3. Interestingly, iris recognition seems to be aspopular as fingerprint regarding trust. All pair-differences arestatistically significant, except for ear/face, fingerprint/iris andiris/password (p < 0.005, Wilcoxon test).

22%

41%

42%

74%

74%

78%

59%

58%

26%

26%

Iris recognition

Password or PIN

Face recognition

Fingerprint recognition

Ear recognition

100 50 0 50 100Percentage

I fully do not trust I do not trust I trust I fully trust

Fig. 3: How much do you trust the following techniques forsecuring your smartphone and protecting your data?

c) Identity Information: When asking about the criti-cality of storing sensitive data to protect smartphone data(see Figure 4), we found that the storage of iris identityinformation is perceived less critical compared to the storageof fingerprint. In fact, fingerprint identity information seemsto be the most critical information to be stored for dataprotection. In contrast, storing of the password or pin seemsleast critical for the respondents. All pairwise differences arestatistically significant, except the pairs ear/iris recognition andiris/face recognition (p < 0.005, Wilcoxon test).

31%

34%

45%

60%

63%

69%

66%

55%

40%

37%

100 50 0 50 100Percentage

Fully uncritical Uncritical Critical Very critical

Iris picture

Password or PIN

Face picture

Fingerprint

Ear picture

Fig. 4: Your smartphone has to use some information aboutyour identity to protect all your data. How critical would yourate the collection and storage of the following informationfor this purpose?

Most respondents choose “I don’t know” for how critical isthe storage of the picture of their ear as identify informationneeded for authentication. This indicates a low awarenessof respondents about this kind of authentication. Regarding

concerns about the collection and storage of the picture ofthe ear, younger respondents of age between 15 and 24(74%) seem also to be more concerned than older respondents(53%) between 25 and 44 years. Regarding concerns aboutthe collection and storage of the password or a PIN, youngerrespondents of 15-24 age seem to be more concerned thanolder respondents of 25-44 years age.

We found differences between subpopulations regardingusers’ concerns on collecting and storing the picture of the iris(p < 0.01, Wilcoxon test). The group of respondents (69%)that chose iris recognition and password for increased security(next question) was more concerned than the group that chosethe combination fingerprint and password for increased secu-rity (43%). Further, respondents who stated that the storage onsecure servers would not reduce their privacy concerns whentaking the picture of their eye were less concerned with thestorage of their iris than those who were unsure about this.Respondents who would prefer to use iris recognition as astandard feature of the smartphone (like PIN for the screenlock) are less concerned compared to those who would preferto install iris recognition as a separate app (see Section IV).

We found differences between users’ concerns on collectingand storing the picture of their face (p < 0.01, Wilcoxon test).Respondents who stated that local storage of encrypted pictureof the iris would not reduce their privacy concerns when takingthe picture of their eye were less concerned with the storage oftheir iris than those who were unsure about this. Respondentswho stated that local storage of encrypted picture of the eyewould reduce their privacy concerns are more concerned thanthose who expressed the opposite.

d) Combination: For additional security, the most pre-ferred combination of authentication systems seems to befingerprint and password authentication (Figure 5). This wasstated by 39% of the respondents. Iris recognition is part ofthe next two most preferred combinations. 21% of respondentsstated that they do not care as long as it’s not complicated.

0

10

20

30

40

1 2 3 4 5 6 7

Perc

ent

1 Fingerprint and password 2 Iris recognition and password 3 I don’t care, as long as it's not complicated4 Iris recognition and �ngerprint 5 Face recognition and password 6 Face recognition and iris recognition7 Ear recognition and password

Fig. 5: Which combination of authentication systems wouldyou be willing to use for additional security?

IV. IRIS RECOGNITION

We asked the participants to assume that their smartphonescan automatically recognize them by taking a picture of their

IEE

E c

opyr

ight

ed p

aper

- A

ccep

ted

for p

ublic

atio

n at

IEE

E R

E 2

015

- Aut

hors

' ver

sion

of t

he w

ork

eye and that this information is used to authenticate them andto secure their smartphone data.

e) Setup: We asked participants about their preferenceto use iris recognition on their smartphones (Figure 6). Themajority (58%) favored the use of iris recognition as a standardfeature of the phone. In contrast, only 17% stated they woulduse it as a separate app (closed or open source app).

0

20

40

60

Perc

ent

Install it as a separate app

Install it as a separate open source app

Use it as a standard feature of the smartphone (like PIN)

No preference

Fig. 6: How would you prefer to use iris recognition?

f) Usability: To achieve high accuracy when using irisrecognition on a smartphone, different user actions may beneeded to collect and store the image sample. This meansthat the user eventually needs to pro-actively interact with thesystem in order to get a high quality sample from the camera.We thus asked respondents about their willingness to interactwith the system and acceptance of such usability tradeoffs.The tradeoffs and results are presented in Figure 7.

The majority of respondents (54%) stated that they wouldaccept to move their eyes for an improved accuracy. In contrast,the least acceptable action was to move to get a perfect lightwith support from only 15% of respondents. All pairwisedifferences are statistically significant, except the consecutivepairs in the ranking (p < 0.008, Wilcoxon test).

14%

20%

29%

32%

48%

37%

53%

54%

48%

45%

36%

22%

22%

15%

32%

32%

26%

32%

30%

42%

32%Move to get a perfect light

Turn on the flash of the Smartphone

Use the rear camera

Move Smartphone closer to your eye

Move your eyes

Take off glasses

Make multiple photos

100 50 0 50 100Percentage

Unacceptable (won’t use) I don’t know (might use) Acceptable (will use)

Fig. 7: The following additional actions would make the irisrecognition more precise. What would be acceptable for you?

We identified significant differences between groups ofrespondents (p < 0.007, Wilcoxon test). Respondents whochose fingerprint and password as their preferred combinationfor increased security compared to those who expressed thatthey had no preference, were more willing to take of glasses ormove the smartphone closer to their eye to increase the accu-racy of iris recognition. This could mean that respondents who

express a preference to an authentication systems are morewilling to accept usability trade-off for additional security.We hypothesize that such users also have a stronger securityawareness of biometric authentication systems. The action tomove the smartphone closer to the eye is also accepted more byrespondents who stated that local storage of encrypted pictureof the eye would reduce their privacy concerns, compared tothose who stated the opposite. Respondents who prefer touse iris recognition as a standard feature of the smartphonecompared to those who don’t have a preference, tend to acceptmore the movement of their eyes to improve iris recognition.

51% of Android users accept to put off glasses for increasedprecision of the iris recognition, compared to 29% of iPhoneor iOS users. Android users also tend to accept more to movethe smartphone closer to the eye than iPhone/ iOS users.

Further, older participants tend to accept more the use ofthe rear camera than the younger ones. In particular, 70%participants of respondents of age 45-64 years accept thisaction, while only about 30% of respondents of 15-24 yearsage and 30% of 25-44 years age express their acceptance.

g) Location of Data: With the question shown on Figure8 we aimed to understand how privacy concerns are influencedby the storage location when using iris recognition. The ma-jority of respondents stated that local storage with encryptionreduces their privacy concern resulting from taking the pictureof their eye (p < 0.001, Wilcoxon test).

18%

37%

47%

27%

35%

36%

100 50 0 50 100Percentage

No (still won’t use iris recognition)

May be (might use iris recognition)

Yes (would use iris recognition)

The picture is encrypted and storedonly locally on your smartphone

The picture is encrypted and stored on a secure server (secure cloud)

Fig. 8: Would the following measures reduce your privacyconcerns resulting from taking the picture of your eye?

Respondents who stated that the storage on secure serverswould not reduce their privacy concerns when taking thepicture of their eye find security more important than those thatwere unsure about it (p < 0.01, Wilcoxon test). In particular,89% of the former group stated a high importance comparedto 72% of the latter group.

h) Scenarios: Figure 9 shows how the usage of irisrecognition is considered useful in different scenarios. Mul-tiple scenarios were allowed to be selected. As expected, themost often selected scenario was that iris recognition wouldbe useful to protect data from getting stolen and misused.This indicates that iris recognition is considered more as dataprotection mechanism, e.g. by encrypting users’ data on thephone, than as a user identification system.

i) Additional Comments: Respondents were able to giveadditional comments to iris recognition as free text answers.8 respondents indicated the importance of usability for sucha system. For instance, one respondent said ”simple and user

IEE

E c

opyr

ight

ed p

aper

- A

ccep

ted

for p

ublic

atio

n at

IEE

E R

E 2

015

- Aut

hors

' ver

sion

of t

he w

ork

36.61%

25.98%

20.08%

17.32%

0

20

40

60

Perc

ent

My data shared over the internet getting stolen and misused

Authentication for mobile services, e.g. m-banking, m-payment... with my smartphone

Someone using my smartphone without permission

My smartphone getting stolen or lost

Fig. 9: For which of the following scenarios do you think irisrecognition would be particularly useful?

friendly, not more complicated than entering password”. Sixrespondents were concerned with the threats on cheatingsuch an authentication system, e.g. one respondent said ”Idon’t trust object recognition techniques, because they canbe cheated on using a picture or video of the object”. Fiverespondents were concerned with efficiency, e.g. one respon-dent emphasized this with ”should work within seconds”. Fourrespondents expressed their concerns on the feasibility of irisrecognition on smartphones. One indicated that ”A proof ofthe technical functionality of the iris recognition is needed!”.

V. DISCUSSION AND LIMITATIONS

Our work makes three main contributions from the require-ments engineering perspective. First, requirements engineerscould use the survey form to develop customized elicitationtechniques with the aim to assess user requirements for bio-metric systems on mobile phones. In particular, requirementsengineers can reuse the survey questions or derive their ownquestions for their techniques concrete design alternatives. Theanswer options in our survey and the answer scales would alsohelp them to develop own answer options to adequately assessthe user perceptions on the options of interest.

Second, the survey results indicate some initial user re-quirements and preferences which should be considered whendesigning such systems. The results also highlight interestingconcepts that need to be further studied and give insights aboutthe potentials of biometric systems from user perspective. Theresults suggest that some user actions that can lead to animproved precision of the iris recognition are rather unaccept-able. For instance, the majority or respondents agreed thatthey will not move to get a perfect light for an improved irisrecognition. A large fraction of respondents also disfavored theusage of the flashlight of smartphones. These findings attestthe limitations of such a system on smartphone from the user

perspective, emphasize the need for an lighting-enabled phone,but also manifest the need for an improved understanding ofhow such an artificial lighting affects user satisfaction. Evenif the overall results are not representative for all users, thetrends are helpful and the correlations and dependencies arestatistically significant (e.g. differences between age groups orsmartphone platforms).

Third, the survey and the findings can be used as an inspira-tion to design experimental studies for real environments. Acontrolled experiment with users could aim at understandingthe practical limitations of iris recognition. In another study,a prototype iris recognition app could be employed to anony-mously collect recognition accuracy and context data (e.g.,sensor data) of participants to enable a data-driven analysis ofusers’ trade-offs on usability, privacy, and security.

Nevertheless, our study has several limitations. One impor-tant limitation is the sampling method that we used to reach theparticipants. We used snowball sampling, which implies thatour results are only applicable to the volunteering participantsand are not generalizable. Most of the respondents werestudents. Another limitations is the number of respondents(which is also manifested by Cohen’s alpha). We do not andcannot claim that the study results are replicable. In fact, itwould be interesting to compare our result with a similar studyhaving a larger number of respondents, who are representativeto the different population groups. We consider the results ofour study more indicative rather than representative.

We managed to get 139 valid results, which give us abasic confidence that the results are indicative and valuable. Incontrast to the question summaries, the trends and correlationsreported in this paper are statistically significant and can beseen as a pseudo-experiment with an acceptable sample size.

As for any survey, the selection of the questions and answeroptions always represent a potential threat to the internalvalidity. To mitigate this threat we designed the survey in aniterative manner and discussed its structure and content withexperienced researchers from the privacy/security, usability,and requirements engineering fields. We ran several pilot testswith colleagues and refined the survey based on their feedback.To make the survey answerable in 10 minutes, we filtered andimproved some questions. Further, we tested the survey ondifferent browsers and platforms to ensure a high usability.We allowed the respondents to suggest additional informationby comments in terms of a free text. To filter out respondentsthat tend to randomly select answer options, we used validationquestions (anti-spam) that needed to be answered correctly.Finally, the answer options were rendered to the participantsin a random order.

VI. RELATED WORK

El-Abed et al. [8] studied crucial factors of a biometricssystem as perceived by users. The authors conducted a surveyand analyzed the responses to determine if there is a significantrelationship between demographics and respondents answers.They also identified possible factors that affect people accep-tance of and satisfaction with biometric systems.

IEE

E c

opyr

ight

ed p

aper

- A

ccep

ted

for p

ublic

atio

n at

IEE

E R

E 2

015

- Aut

hors

' ver

sion

of t

he w

ork

Giarimi and Magnusson [9] analyzed users’ acceptance ofbiometrics by performing a study with students in Sweden.The results from the investigation clearly show that 93% of thestudents could imagine to use some kind of biometric methodson mobile devices. 43% of the students preferred to use abiometric method instead of a PIN or password, which couldindicate that many students perceive biometrics to be morereliable than PIN or password.

Trewin et al. [20] studied the user reactions to three bio-metric authentication methods: voice, face, and gesture. Theauthors also studied the combinations of voice, face, andgesture with a typical 8-character password. From their studythey observed that the time to provide an authentication samplefor face and voice recognition was a 2.0-2.5 seconds, whichis lower than a typical user action time in the password andgesture condition (7.5 seconds). Further, the authors foundthat the face authentication supported the highest memorytask performance while combination modalities produced sig-nificantly poorer performance. No significant difference wasfound between voice and gesture modalities. Finally, 90% ofthe participants were able to use all of the biometric methodswell enough to provide a sample that meets their qualitycriteria.

More recently, De Marsico et al. [5] developed an approachfor authentication on smartphones using face and iris recog-nition. They studied the suitability of the smartphone camerasfor capturing high quality images. In case of low quality resultsdue to user behavior, sensor problems, or incorrect deviceorientation, the authors chose between the two biometrictechniques and achieved reliable results.

Finally, Sheth et al. [16] also conducted a large onlinesurvey about the users’ perceptions of privacy issues. Theauthors discuss different dimensions of privacy, compare thepreferences of different demographic groups, and drive aprivacy requirements framework. While our survey is inspiredby theirs, unlike Sheth et al. we focus on biometric technologyand iris recognition rather than privacy in general.

VII. CONCLUSION

To improve our understanding of the user preferences forbiometric authentication on smartphones, we conducted anonline survey with 139 valid responses – about half of themwere students. We found that respondents think that data se-curity and personal privacy on smartphone are very important.Respondents seem to not trust unpopular techniques such asear and face recognition. When it comes to the criticalityof the collected authentication data, fingerprint informationseems most critical for respondents. We focused on users’preferences for iris recognition systems and compared it withother authentication techniques. We found that some restric-tions such as “moving the eye”, “moving the smartphone”,or “taking off the glasses” seem acceptable to users whileothers such as “move to get a perfect light” seem ratherunacceptable. We think that our results will help designersto solve security-usability-privacy tradeoffs when designingmobile systems with biometrics features.

ACKNOWLEDGMENTS

We thank all the respondents for filling out our onlinesurvey. The first author is funded by the German AcademicExchange Programme (DAAD). This work is funded in partby the EU research project MUSES (grant FP7-318508).

REFERENCES

[1] A. F. Abate, M. Nappi, F. Narducci, and S. Ricciardi. Fast irisrecognition on smartphone by means of spatial histograms. In BiometricAuthentication, pages 66–74. Springer, 2014.

[2] R. Blanco-Gonzalo, O. Miguel-Hurtado, A. Mendaza-Ormaza, andR. Sanchez-Reillo. Handwritten signature recognition in mobile sce-narios: Performance evaluation. In Security Technology (ICCST), 2012IEEE International Carnahan Conference on, pages 174–179. IEEE,2012.

[3] H. Bojinov, Y. Michalevsky, G. Nakibly, and D. Boneh. Mobile deviceidentification via sensor fingerprinting. arXiv preprint arXiv:1408.1416,2014.

[4] K. W. Bowyer, K. P. Hollingsworth, and P. J. Flynn. A survey of irisbiometrics research: 2008–2010. In Handbook of iris recognition, pages15–54. Springer, 2013.

[5] M. De Marsico, C. Galdi, M. Nappi, and D. Riccio. Firme: face andiris recognition for mobile engagement. Image and Vision Computing,32(12):1161–1172, 2014.

[6] M. De Marsico, M. Nappi, D. Riccio, and H. Wechsler. Mobile irischallenge evaluation (miche)-i, biometric iris dataset and protocols.Pattern Recognition Letters, 57:17–23, 2015.

[7] J. C. F. de Winter and D. Dodou. Five-point likert items: t test versusmann-whitney-wilcoxon. Practical Assessment, Research & Evaluation,15(11):1+, 2010.

[8] M. El-Abed, R. Giot, B. Hemery, and C. Rosenberger. A study of users’acceptance and satisfaction of biometric systems. In Security Technology(ICCST), 2010 IEEE International Carnahan Conference on, pages 170–178. ieee, 2010.

[9] S. Giarimi and H. Magnusson. Investigation of user acceptance forbiometric verification/identification methods in mobile units. Masterof Computer and Systems Sciences, Department of Computer SystemsSciences, Stockholm University, 2002.

[10] A. Hadid, J. Heikkila, O. Silven, and M. Pietikainen. Face and eye de-tection for person authentication in mobile phones. In Distributed SmartCameras, 2007. ICDSC’07. First ACM/IEEE International Conferenceon, pages 101–108. IEEE, 2007.

[11] A. K. Jain, A. Ross, and S. Prabhakar. An introduction to biometricrecognition. Circuits and Systems for Video Technology, IEEE Transac-tions on, 14(1):4–20, 2004.

[12] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar. Handbook offingerprint recognition. Springer Science & Business Media, 2009.

[13] R. Newman. Security and Access Control Using Biometric Technologies:Application, Technology, and Management. Course Technology Press,Boston, MA, United States, 1st edition, 2009.

[14] J. Reynaldo and A. Santos. Cronbach’s alpha: A tool for assessing thereliability of scales. Extension Information Technology, Apr. 1999.

[15] R. L. Rosnow. Beginning behavioral research: a conceptual primer.Pearson/Prentice Hall, Upper Saddle River, N.J, 6th ed edition, 2008.

[16] S. Sheth, G. Kaiser, and W. Maalej. Us and them: A study of privacyrequirements across north america, asia, and europe. In Proceedings ofthe 36th International Conference on Software Engineering, ICSE 2014,pages 859–870, New York, NY, USA, 2014. ACM.

[17] M. Tavakol and R. Dennick. Making sense of cronbach’s alpha.International Journal of Medical Education, 2:53–55, June 2011.

[18] H. M. Thang, V. Q. Viet, N. D. Thuc, and D. Choi. Gait identificationusing accelerometer on mobile phone. In Control, Automation and In-formation Sciences (ICCAIS), 2012 International Conference on, pages344–348. IEEE, 2012.

[19] P. Tresadern, C. McCool, N. Poh, P. Matejka, A. Hadid, C. Levy,T. Cootes, and S. Marcel. Mobile biometrics (mobio): Joint face andvoice verification for a mobile platform. IEEE pervasive computing, 99,2012.

[20] S. Trewin, C. Swart, L. Koved, J. Martino, K. Singh, and S. Ben-David.Biometric authentication on a mobile device: a study of user effort,error and task disruption. In Proceedings of the 28th Annual ComputerSecurity Applications Conference, pages 159–168. ACM, 2012.

IEE

E c

opyr

ight

ed p

aper

- A

ccep

ted

for p

ublic

atio

n at

IEE

E R

E 2

015

- Aut

hors

' ver

sion

of t

he w

ork