From Secure to Military-Grade: Exploring the Effect of App Descriptions on User Perceptions of Secure Messaging

Abstract

Although end-to-end encryption (E2EE) is more widely available than ever before, many users remain confused about its security properties. As a result, even users with access to E2EE tools turn to less secure alternatives for sending private information. To investigate these issues, we conducted a 357-participant online user study analyzing how explanations of security impact user perceptions. In a between-subjects design, we varied the terminology used to detail the security mechanism, whether encryption was on by default, and the prominence of security in an app-store-style description page. We collected participants' perceptions of the tool's utility for privacy, security against adversaries, and whether use of the tool would be seen as "paranoid.'' Compared to "secure,'' describing the tool as "encrypted'' or "military-grade encrypted'' increased perceptions that it was appropriate for privacy-sensitive tasks, whereas describing it more precisely as "end-to-end encrypted'' did not. However, "military-grade encrypted'' was also associated with a greater perception of tool use as paranoid. Overall, we find that --- compared to prior work from 2006 --- the social stigma associated with encrypted communication has largely disappeared.