Biblio
Many smartphone security mechanisms prompt users to decide on sensitive resource requests. This approach fails if corresponding implications are not understood. Prior work identified ineffective user interfaces as a cause for insufficient comprehension and proposed augmented dialogs. We hypothesize that, prior to interface-design, efficient security dialogs require an underlying permission model based on user demands. We believe, that only an implementation which corresponds to users\guillemotright mental models, in terms of the handling, granularity and grouping of permission requests, allows for informed decisions. In this work, we propose a study design which leverages materialization for the extraction of the mental models. We present preliminary results of three Focus Groups. The findings indicate that the materialization provided sufficient support for non-experts to understand and discuss this complex topic. In addition to this, the results indicate that current permission approaches do not match users\guillemotright demands for information and control.