I'm a Marie Sklodowska-Curie Fellow, a PhD Student in the Information Security Research Group of the Department of Computer Science at University College London (UCL), and a researcher at OneSpan's Cambridge Innovation Centre. I was part of the Privacy&Us Marie Sklodowska-Curie Innovative Training Network. My PhD supervisor is Dr. Steven J. Murdoch.
I'm interested in usable privacy and security research, with strong focus on the (empirical) analysis of the UX of large-scale, mass-market software. Some of my past work includes the discovery of novel privacy risks from the UI design surrounding delete and erase functionalities in Windows and macOS, and novel security risks in iOS and macOS from the design of the `Security Code AutoFill' feature. I've also conducted user studies to analyse the UX of the online banking environment of several European banks for residual risk from malware infections (a.k.a. Man-in-the-Browser attack) despite the implementation of PSD2-conform SCA (strong customer authentication), with yet unpublished results.
I've been a visiting researcher in academia at University of Glasgow (2015, 2016), University of Tokyo (2016), Karlstad University (2016), and Goethe University Frankfurt (2017) and in industry at USECON – Experience design & consulting (2017). Previously, I've worked at Technische Universität Darmstadt and was a student assistant at Secorvo Security Consulting GmbH.
My work is supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network [grant number project 675730].
Gutmann, A.,Murdoch, SJ., 2019. ``Taken Out of Context: Security Risks with Security Code AutoFill in iOS & macOS''. In Who Are You?! Adventures in Authentication Workshop (WAY 2019).
Gutmann, A.,Warner, M., 2019. ``Fight to be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems''. In Annual Privacy Forum (APF 2019).
Warner, M., Gutmann, A., Sasse, M. A., Blandford, A., 2018. ``Privacy Unraveling Around Explicit HIV Status Disclosure Fields in the Online Geosocial Hookup App Grindr''. In Proceedings of the 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW).
Volkamer, M., Gutmann, A., Renaud, K., Gerber, P. and Mayer, P., 2018. ``Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios''. In Fourteenth Symposium on Usable Privacy and Security (SOUPS).
Gutmann, A., Volkamer, M. and Renaud, K., 2016. ``Memorable And Secure: How Do You Choose Your PIN?''. In Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA), pp. 156-166.
Gutmann, A., Renaud, K., Maguire, J., Mayer, P., Volkamer, M., Matsuura, K., and Müller-Quade, J., 2016. ``ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology''. In 1st IEEE European Symposium on Security and Privacy (EuroS&P), pp. 357-371. IEEE.
Marky, K., Gutmann, A., Rack, P. and Volkamer, M., 2016. ``Privacy Friendly Apps-Making Developers Aware of Privacy Violations''. In 1st International Workshop on Innovations in Mobile Privacy and Security (IMPS), pp. 46-48.
Gutmann, A., Renaud, K., and Volkamer, K., 2015. ``Nudging Bank Account Holders Towards More Secure PIN Management''. Journal of Internet Technology and Secured Transaction (JITST), Vol. 4, No. 2, pp. 380-386.
Next version of Android might introduce new security risks for online banking, 2FA, and more
Blog of the UCL Information Security Research Group. August, 6th 2019.
How Accidental Data Breaches can be Facilitated by Windows 10 and macOS Mojave
Blog of the UCL Information Security Research Group. April, 4th 2019.
When Convenience Creates Risk: Taking a Deeper Look at Security Code AutoFill on iOS 12 and macOS Mojave
Blog of the UCL Information Security Research Group. October, 17th 2018.
New iOS 12 Feature Risks Exposing Users to Online Banking Fraud
Blog of OneSpan Inc. June, 27th 2018.
Security code AutoFill: is this new iOS feature a security risk for online banking?
Blog of the UCL Information Security Research Group. June, 8th 2018.
SMS-Autofill in iOS 12 und macOS Mojave: Bequemlichkeit bleibt unsicher
Heise Online News (German). October, 10th 2018.
One of iOS 12's New Features Is Causing Concerns Over Online Banking Fraud
Where Consumers Come First Tech News. July, 3rd 2018.
iOS 12: Sicherheitsexperte warnt vor neuer SMS-Autofill-Funktion
Heise Online News (German). July, 3rd 2018.
iOS 12验证码自动填充很方便 但它安全吗?
Feng.com WeiPhone News (Chinese). July, 3rd 2018.
Researcher expresses concerns over iOS 12's new security code auto-fill feature
9to5mac Apple News. July, 2nd 2018.
Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Schneier on Security Blog by Bruce Schneier. June, 20th 2018.
Human Factors in PIN Security. Social ICT Research Center at University of Tokyo, Japan, http://www.sict.i.u-tokyo.ac.jp/ (Japanese). June, 22th 2016.
University College London
Master-Thesis co-supervisior of Xiaofei Hu: `Gamification of running Tor server' (2018, UCL)
Master-Thesis co-supervisior of Sabina Sandia: `Payment Fraud Evaluation Platform' (2018, UCL)
University of Darmstadt
Organiser and primary lecturer of seminar 'Security, Usability and Society' (WS 2015/16, University of Darmstadt)
Guest speaker at seminar of Constantin A. Rothkopf 'Forschungs- und Anwedungsgebiete von Psychologie in IT' (WS 2015/16, University of Darmstadt)
Bachelor-Thesis co-supervisior of Sergej Reißig: `Sicherheits- und Benutzbarkeitsuntersuchungen von Strategien zum Merken von Passwörtern' (2015, University of Darmstadt)
University of Glasgow
Guest speaker on Insecure Communications during lecture 'Human Centred Security' by Joseph Maguire (Session 2015-2016, University of Glasgow)