Tap protection UX problems
The current UX of the tap protection isn't good enough
Test 1
Three "regular" users: None of the users had a IT/CS background but all were familiar with Apps and their smartphones.
- All users were left insecure about their devices security after reading the pop-up (all users got pop-ups, I've actually not seen a device yet that doesn't have at least one app which appears on the list.). Some wondered if they should even use Briar at all due to a security breach of their device.
- One user didn't recognise all the apps listed despite all of the being safe (I checked). This made the user very insecure about his phone's general security, got questions like "Did someone install something on my phone without my knowledge ?", "Do I need to virus scan my phone?", "Does this mean I shouldn't use Briar ?"
- Two testers weren't aware that it was even possible for other apps to steal taps and had to be educated in what this means exactly.
Test 2
Three software developers
- All three were a bit confused about the meaning (all three read it in German). All three understood roughly what it was about in the end but it was not smooth and the final understanding varied quite a bit.
- One user thought Briar was warning against screen-shot copying (the german text actually doesn't say "tap" anywhere, only "overlaying apps".
- One user felt that Briar had scanned his phone without permission to display the list of overlaying apps.
- All three wondered if the security risk really warranted such a dominating UI response from Briar and one suggested a warning triangle you could press for more information.
End result
We need re-design this on the UX level, we also need to bear in mind the variation in how security conscious the users are. I feel we should split this into basic information, which is always displayed, and advanced information when user requests it. I also felt the warning triangle idea was a good one.