research-article

Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills

Authors:
Aafaq Sabir

Computer Science, North Carolina State University, United States

Computer Science, North Carolina State University, United States
View Profile

,
Evan Lafontaine

Computer Science, North Carolina State University, United States

Computer Science, North Carolina State University, United States
View Profile

,
Anupam Das

Computer science, North Carolina State University, United States

Computer science, North Carolina State University, United States
View Profile

CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing SystemsApril 2022Article No.: 447Pages 1–15https://doi.org/10.1145/3491102.3517510

Published:29 April 2022Publication History

CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems

Pages 1–15

ABSTRACT

The Amazon Alexa voice assistant provides convenience through automation and control of smart home appliances using voice commands. Amazon allows third-party applications known as skills to run on top of Alexa to further extend Alexa’s capability. However, as multiple skills can share the same invocation phrase and request access to sensitive user data, growing security and privacy concerns surround third-party skills. In this paper, we study the availability and effectiveness of existing security indicators or a lack thereof to help users properly comprehend the risk of interacting with different types of skills. We conduct an interactive user study (inviting active users of Amazon Alexa) where participants listen to and interact with real-world skills using the official Alexa app. We find that most participants fail to identify the skill developer correctly (i.e., they assume Amazon also develops the third-party skills) and cannot correctly determine which skills will be automatically activated through the voice interface. We also propose and evaluate a few voice-based skill type indicators, showcasing how users would benefit from such voice-based indicators.

Supplemental Material

3491102.3517510-talk-video.mp4

mp4

157.9 MB

Download

3491102.3517510-video-preview.mp4

mp4

2.7 MB

Download

References

2015. Handbook of Biological Statistics. http://www.biostathandbook.com/chiind.htmlGoogle Scholar
2019. Smart spies: Alexa and Google Home expose users to vishing and eavesdropping. https://www.srlabs.de/bites/smart-spiesGoogle Scholar
Review.com 2020. The Best Voice Assistants. Review.com. https://www.reviews.com/home/smart-home/best-voice-assistant/Google Scholar
2021. Alexa, Call Santa. https://www.amazon.com/Amazon-Call-Santa/dp/B07Z9KCZSLGoogle Scholar
2021. Amazon Alexa. https://www.reddit.com/r/alexa/Google Scholar
2021. Amazon Echo | A voice command system that brings the Internet Of Things to your home. https://www.reddit.com/r/amazonecho/Google Scholar
2021. Amazon Echo (Alexa) users. https://www.facebook.com/groups/ECHOBYAMAZONGoogle Scholar
2021. Amazon Skill Certification Requirements. https://developer.amazon.com/en-US/docs/alexa/custom-skills/certification-requirements-for-custom-skills.htmlGoogle Scholar
2021. Amazon Storytime. https://www.amazon.com/Amazon-Education-Consumer-Team-Storytime/dp/B073X5FYVFGoogle Scholar
2021. Baby Names. https://www.amazon.com/stringfree-Baby-Names/dp/B07SXR3D1VGoogle Scholar
2021. Baby Names. https://www.amazon.com/Piperal-Technology-Baby-Names/dp/B07QYW7LHXGoogle Scholar
2021. Baby Names. https://www.amazon.com/Hatem-Elseidy-Baby-Names/dp/B07L1KFZ6QGoogle Scholar
2021. Certification Requirements. https://developer.amazon.com/en-US/docs/alexa/custom-skills/certification-requirements-for-custom-skills.html#submission-checklistGoogle Scholar
2021. Currency Converter. https://www.amazon.com/implemica-Currency-Converter/dp/B083Q24TVRGoogle Scholar
2021. Currency Converter. https://www.amazon.com/Sam-Sepiol-Currency-Converter/dp/B07MY49DQXGoogle Scholar
2021. Currency Converter. https://www.amazon.com/Logical-Enigma-Currency-Converter/dp/B01MS27WLRGoogle Scholar
2021. Daily Horoscope. https://www.amazon.com/marks_matters-Daily-Horoscope/dp/B073ZQV61RGoogle Scholar
2021. Daily Horoscope. https://www.amazon.com/a-myers-inc-Daily-Horoscope/dp/B074WMR3M2Google Scholar
2021. Daily Horoscope. https://www.amazon.com/GV-Skills-Daily-Horoscope/dp/B0872SDHY5Google Scholar
2021. Echo & Alexa User Discussions and Support Forums. https://www.echotalk.org/index.phpGoogle Scholar
2021. HomeAutomation. https://www.reddit.com/r/homeautomation/Google Scholar
2021. Incredible Amazon Alexa Statistics You Need to Know in 2021. https://safeatlast.co/blog/amazon-alexa-statistics/Google Scholar
2021. Let’s Discuss Alexa Skills!https://www.reddit.com/r/Alexa_Skills/Google Scholar
2021. MyFitnessPal Lite. https://www.amazon.com/Under-Armour-Inc-MyFitnessPal-Lite/dp/B07QN179C5Google Scholar
2021. Restaurant Finder. https://www.amazon.com/TheHumbleOne-Restaurant-Finder/dp/B074K9MPNXGoogle Scholar
2021. Restaurant Finder. https://www.amazon.com/Garrett-Vargas-Restaurant-Finder/dp/B01N76G9H5Google Scholar
2021. SmartHome. https://www.reddit.com/r/smarthome/Google Scholar
2021. Song Quiz. https://www.amazon.com/Volley-Inc-Song-Quiz/dp/B06XWGR7XZGoogle Scholar
2021. Translated. https://www.amazon.com/Translated-Labs/dp/B01N9BZJPZGoogle Scholar
2021. wikiHow. https://www.amazon.com/wikiHow/dp/B01NAI70T7Google Scholar
Noura Abdi, Kopo M Ramokapane, and Jose M Such. 2019. More than smart speakers: Security and privacy perceptions of smart home personal assistants. In Proceedings of the 15th Symposium on Usable Privacy and Security (SOUPS).Google Scholar
Noura Abdi, Xiao Zhan, Kopo M. Ramokapane, and Jose Such. 2021. Privacy Norms for Smart Home Personal Assistants. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI). Article 558, 14 pages.Google ScholarDigital Library
Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness. In Proceedings of the 22nd USENIX Security Symposium (USENIX Security). 257–272.Google Scholar
Efthimios Alepis and Constantinos Patsakis. 2017. Monkey Says, Monkey Does: Security and Privacy on Voice Assistants. IEEE Access 5(2017), 17841–17851. https://doi.org/10.1109/ACCESS.2017.2747626Google ScholarCross Ref
Tawfiq Ammari, Jofish Kaye, Janice Y. Tsai, and Frank Bentley. 2019. Music, Search, and IoT: How People (Really) Use Voice Assistants. ACM Transactions on Computer-Human Interaction 26, 3(2019), 1–28.Google ScholarDigital Library
Chaitrali Amrutkar, Patrick Traynor, and Paul C. van Oorschot. 2015. An Empirical Evaluation of Security Indicators in Mobile Web Browsers. IEEE Transactions on Mobile Computing 14, 5 (2015), 889–903.Google ScholarDigital Library
Si Chen, Kui Ren, Sixu Piao, Cong Wang, Qian Wang, Jian Weng, Lu Su, and Aziz Mohaisen. 2017. You Can Hear But You Cannot Steal: Defending Against Voice Impersonation Attacks on Smartphones. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). 183–195. https://doi.org/10.1109/ICDCS.2017.133Google ScholarCross Ref
Long Cheng, Christin Wilson, Song Liao, Jeffrey Young, Daniel Dong, and Hongxin Hu. 2020. Dangerous Skills Got Certified: Measuring the Trustworthiness of Skill Certification in Voice Personal Assistant Platforms(CCS ’20). Association for Computing Machinery, New York, NY, USA, 1699–1716. https://doi.org/10.1145/3372297.3423339Google ScholarDigital Library
Jide S Edu, Xavier Ferrer-Aran, Jose M Such, and Guillermo Suarez-Tangi. 2021. SkillVet: Automated Traceability Analysis of Amazon Alexa Skills. arxiv:2103.02637Google Scholar
Jide S. Edu, Jose M. Such, and Guillermo Suarez-Tangil. 2020. Smart Home Personal Assistants: A Security and Privacy Review. ACM Comput. Surv. 53, 6, Article 116 (dec 2020), 36 pages. https://doi.org/10.1145/3412383Google ScholarDigital Library
Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI). 1065–1074.Google ScholarDigital Library
Huan Feng, Kassem Fawaz, and Kang G. Shin. 2017. Continuous Authentication for Voice Assistants. In Proceedings of the 23rd Annual International Conference on Mobile Computing and Networking (Snowbird, Utah, USA) (MobiCom ’17). Association for Computing Machinery, New York, NY, USA, 343–355. https://doi.org/10.1145/3117811.3117823Google ScholarDigital Library
Zhixiu Guo, Zijin Lin, Pan Li, and Kai Chen. 2020. Skillexplorer: Understanding the behavior of skills in large scale. In 29th {USENIX} Security Symposium ({USENIX} Security 20). 2649–2666.Google Scholar
Hang Hu, Limin Yang, Shihan Lin, and Gang Wang. 2020. A case study of the security vetting process of smart-home assistant applications. In 2020 IEEE Security and Privacy Workshops (SPW). IEEE, 76–81.Google ScholarCross Ref
Hang Hu, Limin Yang, Shihan Lin, and Gang Wang. 2020. Security Vetting Process of Smart-home Assistant Applications: A First Look and Case Studies. arxiv:2001.04520 [cs.CR]Google Scholar
Yue Huang, Borke Obada-Obieh, and Konstantin (Kosta) Beznosov. 2020. Amazon vs. My Brother: How Users of Shared Smart Speakers Perceive and Cope with Privacy Risks. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–13. https://doi.org/10.1145/3313831.3376529Google ScholarDigital Library
Vinay Koshy, Joon Sung Sung Park, Ti-Chung Cheng, and Karrie Karahalios. 2021. “We Just Use What They Give Us”: Understanding Passenger User Perspectives in Smart Homes. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3411764.3445598Google ScholarDigital Library
Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, and Michael Bailey. 2018. Skill squatting attacks on Amazon Alexa. In 27th {USENIX} Security Symposium ({USENIX} Security 18). 33–47.Google Scholar
Veton Këpuska and Gamal Bohouta. 2018. Next-generation of virtual personal assistants (Microsoft Cortana, Apple Siri, Amazon Alexa and Google Home). In 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). 99–103. https://doi.org/10.1109/CCWC.2018.8301638Google ScholarCross Ref
Josephine Lau, Benjamin Zimmerman, and Florian Schaub. 2018. Alexa, Are You Listening?: Privacy Perceptions, Concerns and Privacy-seeking Behaviors with Smart Speakers. ACM Transactions on Computer-Human Interaction 2, CSCW (Nov. 2018), 102:1–102:31.Google ScholarDigital Library
Xinyu Lei, Guan-Hua Tu, Alex X Liu, Kamran Ali, Chi-Yu Li, and Tian Xie. 2017. The Insecurity of Home Digital Voice Assistants–Amazon Alexa as a Case Study. arXiv preprint arXiv:1712.03327(2017).Google Scholar
Christopher Lentzsch, Sheel Jayesh Shah, Benjamin Andow, Martin Degeling, Anupam Das, and William Enck. 2021. Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem. In 28th Annual Network and Distributed System Security Symposium (NDSS 2021). The Internet Society.Google ScholarCross Ref
Song Liao, Christin Wilson, Long Cheng, Hongxin Hu, and Huixing Deng. 2020. Measuring the effectiveness of privacy policies for voice assistant applications. In Annual Computer Security Applications Conference (ACSAC). 856–869.Google ScholarDigital Library
Jialiu Lin, Shahriyar Amini, Jason I. Hong, Norman Sadeh, Janne Lindqvist, and Joy Zhang. 2012. Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing (UbiComp). 501–510.Google ScholarDigital Library
Irene Lopatovska, Katrina Rink, Ian Knight, Kieran Raines, Kevin Cosenza, Harriet Williams, Perachya Sorsche, David Hirsch, Qi Li, and Adrianna Martinez. 2019. Talk to me: Exploring user interactions with the Amazon Alexa. Journal of Librarianship and Information Science 51, 4 (2019), 984–997. https://doi.org/10.1177/0961000618759414 arXiv:https://doi.org/10.1177/0961000618759414Google ScholarCross Ref
David Major, Danny Yuxing Huang, Marshini Chetty, and Nick Feamster. 2021. Alexa, Who Am I Speaking To?: Understanding Users’ Ability to Identify Third-Party Apps on Amazon Alexa. ACM Trans. Internet Technol. 22, 1, Article 11 (sep 2021), 22 pages. https://doi.org/10.1145/3446389Google ScholarDigital Library
Atif M. Memon and Ali Anwar. 2015. Colluding Apps: Tomorrow’s Mobile Malware Threat. IEEE Security Privacy 13, 6 (2015), 77–81. https://doi.org/10.1109/MSP.2015.143Google ScholarDigital Library
Richard Mitev, Markus Miettinen, and Ahmad-Reza Sadeghi. 2019. Alexa lied to me: Skill-based man-in-the-middle attacks on virtual assistants. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. 465–478.Google ScholarDigital Library
Atsuko Natatsuka, Ryo Iijima, Takuya Watanabe, Mitsuaki Akiyama, Tetsuya Sakai, and Tatsuya Mori. 2019. Poster: A First Look at the Privacy Risks of Voice Assistant Apps. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (London, United Kingdom) (CCS ’19). Association for Computing Machinery, New York, NY, USA, 2633–2635. https://doi.org/10.1145/3319535.3363274Google ScholarDigital Library
Alex Sciuto, Arnita Saini, Jodi Forlizzi, and Jason I. Hong. 2018. ”Hey Alexa, What’s Up?”: A Mixed-Methods Studies of In-Home Conversational Agent Usage. In Proceedings of the 2018 Designing Interactive Systems Conference (Hong Kong, China) (DIS ’18). Association for Computing Machinery, New York, NY, USA, 857–868. https://doi.org/10.1145/3196709.3196772Google ScholarDigital Library
Guogen Shan and Shawn Gerstenberger. 2017. Fisher’s exact approach for post hoc analysis of a chi-squared test. PloS one 12, 12 (2017).Google Scholar
Faysal Hossain Shezan, Hang Hu, Gang Wang, and Yuan Tian. 2020. VerHealth: Vetting Medical Voice Applications through Policy Enforcement. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 4 (2020), 1–21.Google ScholarDigital Library
Faysal Hossain Shezan, Hang Hu, Jiamin Wang, Gang Wang, and Yuan Tian. 2020. Read between the lines: An empirical measurement of sensitive applications of voice personal assistant systems. In Proceedings of The Web Conference 2020. 1006–1017.Google ScholarDigital Library
Dan Su, Jiqiang Liu, Sencun Zhu, Xiaoyang Wang, and Wei Wang. 2020. ”Are you home alone?” ”Yes” Disclosing Security and Privacy Vulnerabilities in Alexa Skills. arxiv:2010.10788 [cs.CR]Google Scholar
Nan Zhang, Xianghang Mi, Xuan Feng, XiaoFeng Wang, Yuan Tian, and Feng Qian. 2019. Dangerous skills: Understanding and mitigating security risks of voice-controlled third-party functions on virtual personal assistant systems. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1381–1396.Google ScholarCross Ref
Yangyong Zhang, Lei Xu, Abner Mendoza, Guangliang Yang, Phakpoom Chinprutthiwong, and Guofei Gu. 2019. Life after speech recognition: Fuzzing semantic misinterpretation for voice assistant applications. In Proc. of the Network and Distributed System Security Symposium (NDSS’19).Google ScholarCross Ref

Index Terms

Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills
1. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
April 2022
10459 pages
ISBN:9781450391573
DOI:10.1145/3491102
Editors:
Simone Barbosa
PUC-Rio, Brazil
,
Cliff Lampe
University of Michigan, USA
,
Caroline Appert
Université Paris-Saclay, France
,
David A. Shamma
Toyota Research Institute, USA
,
Steven Drucker
Microsoft Research, USA
,
Julie Williamson
University of Glasgow, UK
,
Koji Yatani
University of Tokyo, Japan
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 29 April 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Security indicators
Third-party skills
Voice assistant
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate6,199of26,314submissions,24%
Upcoming Conference
CHI '24

Sponsor:

sigchi

CHI Conference on Human Factors in Computing Systems

May 11 - 16, 2024

Honolulu , HI , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 715
  Total Downloads
- Downloads (Last 12 months)260
- Downloads (Last 6 weeks)34
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Hey Alexa, Who Am I Talking to?: Analyzing Users’ Perception and Awareness Regarding Third-party Alexa Skills

CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

100% Simplified Alexa Guide: Learn How To Explore The Full Capabilities & Functionalities Of Amazon Alexa On Your Alexa Enabling Devices Like Amazon ... 2018 Edition Of New Tips & Tricks Of Alexa!

Alexa User Guide: 2018 Latest Edition All The Tricks & Tips Of Alexa Expose! Unlocking The Full Potentials, Functions & Capabilities Of Amazon Fire ... Windows & Other Alexa Enabling Devices.

ALEXA?S BRAIN: 2018 Ultimate User Guide Learn How To Explore The True Capabilities, Functionalities & Potentialities Of Alexa On iPhone Or iPad, ... Devices. Alexa Tips & Tricks Explorer!