{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T19:06:47Z","timestamp":1776107207497,"version":"3.50.1"},"reference-count":0,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2022,7,1]],"date-time":"2022-07-01T00:00:00Z","timestamp":1656633600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["PoPETs"],"abstract":"<jats:p>One approach to mitigate shoulder surfing attacks on mobile devices is to detect the presence of a bystander using the phone\u2019s front-facing camera. However, a person\u2019s face in the camera\u2019s field of view does not always indicate an attack. To overcome this limitation, in a novel data collection study (N=16), we analysed the influence of three viewing angles and four distances on the success of shoulder surfing attacks. In contrast to prior works that mainly focused on user authentication, we investigated three common types of content susceptible to shoulder surfing: text, photos, and PIN authentications. We show that the vulnerability of text and photos depends on the observer\u2019s location relative to the device, while PIN authentications are vulnerable independent of the observation location. We then present PrivacyScout \u2013 a novel method that predicts the shoulder-surfing risk based on visual features extracted from the observer\u2019s face as captured by the front-facing camera. Finally, evaluations from our data collection study demonstrate our method\u2019s feasibility to assess the risk of a shoulder surfing attack more accurately.<\/jats:p>","DOI":"10.56553\/popets-2022-0090","type":"journal-article","created":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T15:49:20Z","timestamp":1658332160000},"page":"650-669","source":"Crossref","is-referenced-by-count":11,"title":["PrivacyScout: Assessing Vulnerability to Shoulder Surfing on Mobile Devices"],"prefix":"10.56553","volume":"2022","author":[{"given":"Mihai","family":"B\u00e2ce","sequence":"first","affiliation":[{"name":"University of Stuttgart, Germany"}]},{"given":"Alia","family":"Saad","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Germany"}]},{"given":"Mohamed","family":"Khamis","sequence":"additional","affiliation":[{"name":"University of Glasgow, United Kingdom"}]},{"given":"Stefan","family":"Schneegass","sequence":"additional","affiliation":[{"name":"University of Duisburg-Essen, Germany"}]},{"given":"Andreas","family":"Bulling","sequence":"additional","affiliation":[{"name":"University of Stuttgart, Germany"}]}],"member":"35752","published-online":{"date-parts":[[2022,7]]},"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"deposited":{"date-parts":[[2022,8,31]],"date-time":"2022-08-31T17:29:08Z","timestamp":1661966948000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2022\/popets-2022-0090.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,7]]},"references-count":0,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2022,7]]}},"alternative-id":["10.56553\/popets-2022-0090"],"URL":"https:\/\/doi.org\/10.56553\/popets-2022-0090","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,7]]}}}