Export Citation
Export Citation
Seymour, W, Abdi, N and Ramokapane, M (2024) Voice App Developer Experiences with Alexa and Google Assistant: Juggling Risks, Liability, and Security. In: 33rd USENIX Security Symposium . pp. 5035-5052. (33rd USENIX Security Symposium, 14th Aug - 16th Aug 2024, Philadelphia, PA, USA).
Preview |
Text
sec24summer-final261.pdf - Published Version Download (767kB) | Preview |
Abstract
Voice applications (voice apps) are a key element in Voice Assistant ecosystems such as Amazon Alexa and Google Assistant, as they provide assistants with a wide range of capabilities that users can invoke with a voice command. Most voice apps, however, are developed by third parties—i.e., not by Amazon/Google—and they are included in the ecosystem through marketplaces akin to smartphone app stores but with crucial differences, e.g., the voice app code is not hosted by the marketplace and is not run on the local device. Previous research has studied the security and privacy issues of voice apps in the wild, finding evidence of bad practices by voice app developers. However, developers’ perspectives are yet to be explored. In this paper, we report a qualitative study of the experiences of voice app developers and the challenges they face. Our findings suggest that: 1) developers face several risks due to liability pushed on to them by the more powerful voice assistant platforms, which are linked to negative privacy and security outcomes on voice assistant platforms; and 2) there are key issues around monetization, privacy, design, and testing rooted in problems with the voice app certification process. We discuss the implications of our results for voice app developers, platforms, regulators, and research on voice app development and certification.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Additional Information: | Voice App Developer Experiences with Alexa and Google Assistant: Juggling Risks, Liability, and Security. William Seymour, King’s College London; Noura Abdi, Liverpool Hope University; Kopo M. Ramokapane, University of Bristol; Jide Edu, University of Strathclyde; Guillermo Suarez-Tangil, IMDEA Networks Institute; Jose Such, King’s College London & Universitat Politecnica de Valencia https://www.usenix.org/conference/usenixsecurity24/presentation/seymour Proceedings of the 33rd USENIX Security Symposium. August 14–16, 2024 • Philadelphia, PA, USA |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Divisions: | Computer Science and Mathematics |
| Date of acceptance: | 8 April 2024 |
| Date of first compliant Open Access: | 5 September 2025 |
| Date Deposited: | 05 Sep 2025 09:13 |
| Last Modified: | 05 Sep 2025 09:13 |
| Editors: | Edu, J, Suarez-Tangil, G and Such, J |
| URI: | https://researchonline.ljmu.ac.uk/id/eprint/27080 |
 |
View Item |