Andreas Gutmann  

t in

I'm a Marie Sklodowska-Curie Fellow, a PhD Student in the Information Security Research Group of the Department of Computer Science at University College London (UCL), and a UX researcher at OneSpan's  Innovation Centre in Cambridge. I received training from the Privacy&Us Marie Sklodowska-Curie Innovative Training Network. My PhD supervisor is Dr. Steven J. Murdoch.

I'm interested in usable privacy and security research, with strong focus on the (empirical) analysis of the UX of large-scale, mass-market IT products. Some of my past work includes the discovery of novel privacy risks from the UI design surrounding delete and erase functionalities in Windows and macOS, and novel security risks in iOS and macOS from the design of the `Security Code AutoFill' feature. I currently investigate the UX of transaction authentication in online banking environments for residual risks.

I've been a visiting researcher in academia at University of Glasgow (2015, 2016), University of Tokyo (2016), Karlstad University (2016), and Goethe University Frankfurt (2017) and in industry at USECON – Experience design & consulting (2017). Previously, I've previously worked at Technische Universität Darmstadt and was a student assistant at Secorvo Security Consulting GmbH in Karlsruhe, Germany.

My work is supported by the EU Horizon 2020 Marie Sklodowska-Curie Innovative Training Network [grant number project 675730].


Peer-reviewed Publications

Gutmann, A.,Murdoch, SJ., 2019. ``Taken Out of Context: Security Risks with Security Code AutoFill in iOS & macOS''. In Who Are You?! Adventures in Authentication Workshop (WAY 2019).

Gutmann, A.,Warner, M., 2019. ``Fight to be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems''. In Annual Privacy Forum (APF 2019).

Warner, M., Gutmann, A., Sasse, M. A., Blandford, A., 2018. ``Privacy Unraveling Around Explicit HIV Status Disclosure Fields in the Online Geosocial Hookup App Grindr''. In Proceedings of the 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW).

Volkamer, M., Gutmann, A., Renaud, K., Gerber, P. and Mayer, P., 2018. ``Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios''. In Fourteenth Symposium on Usable Privacy and Security (SOUPS).

Gutmann, A., Volkamer, M. and Renaud, K., 2016. ``Memorable And Secure: How Do You Choose Your PIN?''. In Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA), pp. 156-166.

Gutmann, A., Renaud, K., Maguire, J., Mayer, P., Volkamer, M., Matsuura, K., and Müller-Quade, J., 2016. ``ZeTA - Zero-Trust Authentication: Relying on Innate Human Ability, Not Technology''. In 1st IEEE European Symposium on Security and Privacy (EuroS&P), pp. 357-371. IEEE.

Marky, K., Gutmann, A., Rack, P. and Volkamer, M., 2016. ``Privacy Friendly Apps-Making Developers Aware of Privacy Violations''. In 1st International Workshop on Innovations in Mobile Privacy and Security (IMPS), pp. 46-48.

Gutmann, A., Renaud, K., and Volkamer, K., 2015. ``Nudging Bank Account Holders Towards More Secure PIN Management''. Journal of Internet Technology and Secured Transaction (JITST), Vol. 4, No. 2, pp. 380-386.

Blog Posts

Android Update: Could New Auto-fill Functionality Impact Users' Security?
Blog of OneSpan Inc. September, 17th 2019.

Next version of Android might introduce new security risks for online banking, 2FA, and more
Blog of the UCL Information Security Research Group. August, 6th 2019.

How Accidental Data Breaches can be Facilitated by Windows 10 and macOS Mojave
Blog of the UCL Information Security Research Group. April, 4th 2019.

When Convenience Creates Risk: Taking a Deeper Look at Security Code AutoFill on iOS 12 and macOS Mojave
Blog of the UCL Information Security Research Group. October, 17th 2018.

New iOS 12 Feature Risks Exposing Users to Online Banking Fraud
Blog of OneSpan Inc. June, 27th 2018.

Security code AutoFill: is this new iOS feature a security risk for online banking?
Blog of the UCL Information Security Research Group. June, 8th 2018.

In the News and Invited Talks

In the News

SMS-Autofill in iOS 12 und macOS Mojave: Bequemlichkeit bleibt unsicher
Heise Online News (German). October, 10th 2018.

Neues iOS 12 Feature bringt Bankkunden in Gefahr
Print edition Manage IT magazine (German), edition 7-8 2018, pp.48-49.

One of iOS 12's New Features Is Causing Concerns Over Online Banking Fraud
Where Consumers Come First Tech News. July, 3rd 2018.

iOS 12: Sicherheitsexperte warnt vor neuer SMS-Autofill-Funktion
Heise Online News (German). July, 3rd 2018.

iOS 12验证码自动填充很方便 但它安全吗? WeiPhone News (Mandarin). July, 3rd 2018.

Researcher expresses concerns over iOS 12's new security code auto-fill feature
9to5mac Apple News. July, 2nd 2018.

Perverse Vulnerability from Interaction between 2-Factor Authentication and iOS AutoFill
Schneier on Security Blog by Bruce Schneier. June, 20th 2018.

Invited Talks

Human Factors in PIN Security. Social ICT Research Center at University of Tokyo, Japan. June, 22th 2016.

Teaching and Supervision

University College London

Master-Thesis supervisior of John Peter Nkeragasani: `How Tech-savvy People Discuss Security' (2019, UCL)

Master-Thesis co-supervisior of Xiaofei Hu: `Gamification of running Tor server' (2018, UCL)

Master-Thesis co-supervisior of Sabina Sandia: `Payment Fraud Evaluation Platform' (2018, UCL)

University of Darmstadt

Organiser and primary lecturer of seminar 'Security, Usability and Society' (2015/16, University of Darmstadt)

Guest speaker at seminar of Constantin A. Rothkopf  'Forschungs- und Anwedungsgebiete von Psychologie in IT' (2015/16, University of Darmstadt)

Bachelor-Thesis co-supervisior of Sergej Reißig: `Sicherheits- und Benutzbarkeitsuntersuchungen von Strategien zum Merken von Passwörtern' (2015, University of Darmstadt)

University of Glasgow

Guest speaker on Insecure Communications during lecture 'Human Centred Security' by Joseph Maguire (2015, University of Glasgow)