Graphical designs preferred for authorising application access

Published by at

Noted security technologist Bruce Schneier has pointed to a Microsoft research paper on the design of software applications that ask for user authority to access certain functions. While primarily looking at web based apps, this is a relevant area for mobile design, and ties in with the security model employed by Symbian.

The paper surmises that users prefer to have the authorisations presented in a graphical format, rather than dialog boxes, paragraphs or text or bullet points of information

We performed a laboratory study to evaluate different de-signs for disclosing the actions and resources that an application will be authorized to perform once installed. We used a within-participants design to observe thirty-three Facebook users' ability to absorb and search information in seventeen different disclosure designs, all of which were presented in the context of a fictional Facebook application.

You can download the PDF from Microsoft here.