Andreas Gutmann   t in

I'm a Marie Sklodowska-Curie Action Fellow, a PhD Student in the Information Security Research Group of the Department of Computer Science at University College London (UCL) and a researcher at OneSpan's Cambridge Innovation Centre. My research interest is at the intersection of FinTech, usability, security, and privacy. My PhD research is focused on the usability and security of transactions, e.g. authentication and integrity for privacy sensitive tasks. I'm part of the Privacy&Us Marie Sklodowska-Curie Innovative Training Network. My supervisor is Dr. Steven J. Murdoch.

I occasionally write about my research on OneSpan's Reflections about online security blog and UCL's Bentham's Gaze blog.

I've been a visiting researcher in academia at University of Glasgow (2015, 2016), University of Tokyo (2016), Karlstad University (2016), and Goethe University Frankfurt (2017) and in industry at USECON – Experience design & consulting (2017). Previously, I've worked at Technische Universität Darmstadt and was a student assistant at Secorvo Security Consulting GmbH.

My work is supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network [grant number project 675730].


Gutmann, A.,Murdoch, S. J., 2019. ``Taken Out of Context: Security Risks with Security Code AutoFill in iOS & macOS''. In Who Are You?! Adventures in Authentication Workshop (WAY).

Gutmann, A.,Warner, M., 2019. ``Fight to be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems''. In Annual Privacy Forum (APF).

Warner, M., Gutmann, A., Sasse, M. A., Blandford, A., 2018. ``Privacy Unraveling Around Explicit HIV Status Disclosure Fields in the Online Geosocial Hookup App Grindr''. In Proceedings of the 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW).

Volkamer, M., Gutmann, A., Renaud, K., Gerber, P. and Mayer, P., 2018. ``Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios''. In Fourteenth Symposium on Usable Privacy and Security (SOUPS).

Gutmann, A., Volkamer, M. and Renaud, K., 2016. ``Memorable And Secure: How Do You Choose Your PIN?''. In Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA), pp. 156-166.

Gutmann, A., Renaud, K., Maguire, J., Mayer, P., Volkamer, M., Matsuura, K., and Müller-Quade, J., 2016. ``ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology''. In 1st IEEE European Symposium on Security and Privacy (EuroS&P), pp. 357-371. IEEE.

Marky, K., Gutmann, A., Rack, P. and Volkamer, M., 2016. ``Privacy Friendly Apps-Making Developers Aware of Privacy Violations''. In 1st International Workshop on Innovations in Mobile Privacy and Security (IMPS), pp. 46-48.

Gutmann, A., Renaud, K., and Volkamer, K., 2015. ``Nudging Bank Account Holders Towards More Secure PIN Management''. Journal of Internet Technology and Secured Transaction (JITST), Vol. 4, No. 2, pp. 380-386.

Media and talks

Blog posts by me

How Accidental Data Breaches can be Facilitated by Windows 10 and macOS Mojave
Blog of the UCL Information Security Research Group. April 2019.

When Convenience Creates Risk: Taking a Deeper Look at Security Code AutoFill on iOS 12 and macOS Mojave
Blog of the UCL Information Security Research Group. October, 17th 2018.

New iOS 12 Feature Risks Exposing Users to Online Banking Fraud
Blog of OneSpan Inc. June, 27th 2018.

Security code AutoFill: is this new iOS feature a security risk for online banking?
Blog of the UCL Information Security Research Group. June, 8th 2018.

Selected media

SMS-Autofill in iOS 12 und macOS Mojave: Bequemlichkeit bleibt unsicher
Heise Online News (German). October, 10th 2018.

Neues iOS 12 Feature bringt Bankkunden in Gefahr
Print edition Manage IT magazine (German), edition 7-8 2018, pp.48-49.

One of iOS 12's New Features Is Causing Concerns Over Online Banking Fraud
Where Consumers Come First Tech News. July, 3rd 2018.

iOS 12: Sicherheitsexperte warnt vor neuer SMS-Autofill-Funktion
Heise Online News (German). July, 3rd 2018.

iOS 12验证码自动填充很方便 但它安全吗? WeiPhone News (Chinese). July, 3rd 2018.

Researcher expresses concerns over iOS 12's new security code auto-fill feature
9to5mac Apple News. July, 2nd 2018.

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Schneier on Security Blog by Bruce Schneier. June, 20th 2018.

Invited talks and presentations

Human Factors in PIN Security. Social ICT Research Center at University of Tokyo, Japan, (Japanese). June, 22th 2016.

Teaching and supervision

University College London

Master-Thesis co-supervisior of Xiaofei Hu: `Gamification of running Tor server' (2018, UCL)

Master-Thesis co-supervisior of Sabina Sandia: `Payment Fraud Evaluation Platform' (2018, UCL)

University of Darmstadt

Organiser and primary lecturer of seminar 'Security, Usability and Society' (WS 2015/16, University of Darmstadt)

Guest speaker at seminar of Constantin A. Rothkopf 'Forschungs- und Anwedungsgebiete von Psychologie in IT' (WS 2015/16, University of Darmstadt)

Bachelor-Thesis co-supervisior of Sergej Reißig: `Sicherheits- und Benutzbarkeitsuntersuchungen von Strategien zum Merken von Passwörtern' (2015, University of Darmstadt)

University of Glasgow

Guest speaker on Insecure Communications during lecture 'Human Centred Security' by Joseph Maguire (Session 2015-2016, University of Glasgow)