{rfName}
An

Indexed in

License and use

Icono OpenAccess

Citations

35

Altmetrics

Analysis of institutional authors

Solera-Cotanilla S.AuthorVega-Barbas MAuthorálvarez-Campana MAuthor

Share

Publications
>
Article

Analysis of security and data control in smart personal assistants from the user's perspective

Publicated to:Future Generation Computer Systems-The International Journal Of Escience. 144 12-23 - 2023-07-01 144(), DOI: 10.1016/j.future.2023.02.009

Authors: Valero, C; Pérez, J; Solera-Cotanilla, S; Vega-Barbas, M; Suarez-Tangil, G; Alvarez-Campana, M; López, G

Affiliations

IMDEA Networks Inst, Leganes 28918, Spain - Author
IMDEA Networks Institute - Author
Univ Politecn Madrid, ETSI Telecomunicac, Madrid 28040, Spain - Author
Univ Pontificia Comillas, Inst Res Technol, ICAI Engn Sch, Madrid 28015, Spain - Author
Universidad Politécnica de Madrid - Author
Universidad Pontificia Comillas, Escuela Técnica Superior de Ingeniería, Instituto de Investigación Tecnológica - Author
See more

Abstract

Advances in the fields of the Internet of Things, Speech Recognition and Artificial Intelligence have facilitated the development of Smart Personal Assistants. As a result, Smart Personal Assistants currently allow requesting a wide range of tasks naturally and intuitively through voice interaction. Their wide popularity, together with the high technological complexity of their environments, have made them an attractive target from a security point of view. Recent works have shown some of the security and privacy issues they stand upon. In this work, we propose a methodology to carry out a systematic security analysis of Smart Personal Assistants using a comprehensive set of tests designed to measure issues around the installation, the interaction, key functionality, and overall Security and Privacy controls. We apply this methodology to analyse security and data control in predominant commercial Smart Personal Assistants (SPA), including Apple HomePod, Google Home and Nest, Amazon Echo (Show and Dot), and Facebook Portal. The main findings of our research are: (i) SPA are not resilient to voice replay attacks; (ii) their skills activation mechanisms can be significantly improved to be more reliable in multi-user households; (iii) the users’ control to restrict the collection and access of Personally Identifiable Information can be also improved; (iv) they lack configurations adapted to minors, which should be included to make them more appropriate for a segment of users who interact more and more with them and have especially high regulatory requirements regarding security and data protection. Among the many hot research topics within this area, we find voice authentication and authorization especially interesting since they may push the usability of Smart Personal Assistants further, as long as they are robust enough from the security perspective.

Keywords

data controlinternet of thingsminorssmart personal assistantstesting methodologyCybersecurityData controlInternet of thingsMinorsSmart personal assistantsTesting methodology

Quality index

Bibliometric impact. Analysis of the contribution and dissemination channel

The work has been published in the journal Future Generation Computer Systems-The International Journal Of Escience due to its progression and the good impact it has achieved in recent years, according to the agency WoS (JCR), it has become a reference in its field. In the year of publication of the work, 2023, it was in position 14/144, thus managing to position itself as a Q1 (Primer Cuartil), in the category Computer Science, Theory & Methods. Notably, the journal is positioned above the 90th percentile.

From a relative perspective, and based on the normalized impact indicator calculated from World Citations from Scopus Elsevier, it yields a value for the Field-Weighted Citation Impact from the Scopus agency: 1.76, which indicates that, compared to works in the same discipline and in the same year of publication, it ranks as a work cited above average. (source consulted: ESI Nov 14, 2024)

This information is reinforced by other indicators of the same type, which, although dynamic over time and dependent on the set of average global citations at the time of their calculation, consistently position the work at some point among the top 50% most cited in its field:

  • Field Citation Ratio (FCR) from Dimensions: 7.44 (source consulted: Dimensions Jun 2025)

Specifically, and according to different indexing agencies, this work has accumulated citations as of 2025-06-22, the following number of citations:

  • WoS: 4
  • Scopus: 13
  • Google Scholar: 18
  • OpenCitations: 7

Impact and social visibility

From the perspective of influence or social adoption, and based on metrics associated with mentions and interactions provided by agencies specializing in calculating the so-called "Alternative or Social Metrics," we can highlight as of 2025-06-22:

  • The use, from an academic perspective evidenced by the Altmetric agency indicator referring to aggregations made by the personal bibliographic manager Mendeley, gives us a total of: 88.
  • The use of this contribution in bookmarks, code forks, additions to favorite lists for recurrent reading, as well as general views, indicates that someone is using the publication as a basis for their current work. This may be a notable indicator of future more formal and academic citations. This claim is supported by the result of the "Capture" indicator, which yields a total of: 88 (PlumX).

With a more dissemination-oriented intent and targeting more general audiences, we can observe other more global scores such as:

  • The Total Score from Altmetric: 5.9.
  • The number of mentions on the social network X (formerly Twitter): 8 (Altmetric).

It is essential to present evidence supporting full alignment with institutional principles and guidelines on Open Science and the Conservation and Dissemination of Intellectual Heritage. A clear example of this is:

  • The work has been submitted to a journal whose editorial policy allows open Open Access publication.