Expert review: Briar, a P2P messaging app

Briar is a peer-to-peer encrypted messaging app for Android. It is currently in private beta.

Activity: User testing and expert heuristic review on a peer-to-peer mobile messaging app.
Takeaway:
In order to make effective use of an app, users need to know what the app is doing. Make system status visible.

Researchers who want to evaluate software interfaces have a number of tools at their disposal. One option for identifying obvious and significant problems is an expert review, which is often used to catch low-hanging fruit before performing any kind of user testing. Expert reviews employ usability heuristics, which systematically explore potential problems with a piece of software by applying patterns for good design.

With some guidance from UX-research veteran Susan Farrell, we recently performed expert reviews of a few open source tools for encrypting communications. Each expert review included evaluation by myself and at least one additional researcher; many thanks to Arne Renkema-Padmos, Robert Stribley, and Bernard Tyers for their work on this project. During the review we described issues and took screenshots to illustrate them. After prioritizing the issues by severity and picking our top 15, we compared our findings with one another and synthesized them into a single report.

One of the tools we reviewed was Briar, an open source peer-to-peer communications application for Android. Briar uses a range of communications methods — Bluetooth, Wi-Fi, or Tor — to provide users end-to-end encryption for messaging.

We picked Briar to review because the development team expressed readiness (and eagerness!) to get and incorporate feedback. Below is our full report.

What’s going well?
Generally, the reviewers found the interface simple and effective, and were confident they got the app working, successfully sending messages. While frustrated that Briar turned Bluetooth on by default, reviewers were pleased this was easily configurable in settings.

Issues
Here is a list of the issues we found in Briar, graded for the importance we felt it was to address them.

Briar’s main screen currently does not provide a flag to make visible when new messages have arrived, requiring the user to dig into ‘Contacts’ or ‘Forums’ to discover them.

A) Visibility — High priority

The UX team agreed that the most important issues we found related to visibility, primarily visibility of system status and visibility of message status. The team also felt we did not fully understand how Briar worked, which interacted with our need for more visible indicators. Lack of visibility impacted our ability to understand things like when messages had been delivered or whether the app was connected.

The researchers were confused and curious — does Briar cache messages anywhere but your own device? If not in the cloud, where? We were unclear whether this meant both devices had to be available in order to send or receive a message. That shaped how we thought about connection and message status indicators.

1. Connection status

2. Message status

3. No notification of new messages on main screen

There is no notification of new messages on the main Briar screen, making it unclear to users when they have missed a message.

B) Bluetooth issues — high priority

Reviewers all had issues with Bluetooth, though they were of different types. All of them presented troubling obstacles.

The researcher on Cyanogenmod found that the app paired via Bluetooth without prompting. He found this problematic, because was not made clear to the user what the potential risks are of turning on Bluetooth. Besides security issues, turning on of Bluetooth by default can also lead to battery drainage. It is a good thing that this can be configured in the settings, but most users tend not to change the default settings. Defaulting to “off” in the Bluetooth connection might be safer.

By contrast, the other researchers had to go outside the app and pair within their devices’ native Bluetooth managers in order to get Briar to work. Better messaging within the app to let users know this is necessary would be helpful.

C) Confirmation code screen confusion — high priority

The first screen a user sees when adding a contact.

Users may not realize that the state of the machine has changed between the “invitation code” and the “confirmation code” screens, as some researchers did not during our test. Color, font size, and layout are nearly exactly the same on the two screens, making it difficult to notice a change if you are distracted or the process takes a while. Consider showing a step indicator or using color or text attributes to make it clear that the user has moved on to a second screen.

The screen a user sees when the code has been entered successfully. It was so similar to the previous screen that more than one researcher did not notice the screen had changed!

D) No login timeout — high priority

There is no timeout of logged-in status, which one researcher noted could lead to users forgetting their passwords. This is particularly problematic given that users must be face to face to pair; losing access to their account or app could mean permanently losing access to important contacts. Consider periodically logging users out, or finding a way to back up pairings in a privacy/security-preserving manner, so that when a password is forgotten, the pairing is not.

E) “Passwords don’t match” is still a green indicator — Bug — High priority

In setup, if a user enters two passwords which don’t match, the indicator is still green rather than yellow or red. This is likely to slow users down as they have to look harder to figure out why the setup will not complete. Change the indicator to red for “passwords don’t match.”

F) How-to page — medium priority

Currently the only way to install is using the APK, but the how-to page only says “Coming soon!” Remove the install content or add a how-to until the app is available in app stores.

G) Problems installing due to a screen brightness bug on Cyanogenmod — Bug — Low priority

In Cyanogenmod (and possibly in other Android flavors), a bug makes it impossible to install apps outside the app store when screen brightness control is on. We expect this will be fixed by offering the app through the App Store, so while this is a showstopper in some cases we did not feel it was high priority.

H) Give the option to start app by default — Low priority

Some UX team members wanted the app to start by default when the phone started, but the team was not in agreement about this. We thought it made sense to have this be a setting which could be the default on first launch. More user feedback on this option would make it clearer how to handle this.

I) Sign out does not have undo functionality — Low priority

For the sake of reducing accidental sign-outs, the team wanted to see a “Do you really want to sign out?” popup before logout was completed. However, we were not certain whether “panic-button”-scenario users might not want that additional step.

J) No information on why permissions are needed — Low priority

The team wanted to see more information on why the app asks for the permissions it does on install. The App Store doesn’t really give much opportunity to include additional information of this sort on install, but it might be nice to have available to users on the website or App Store page.

K) App store availability — Low priority

The app is not currently in the app store. This makes installation more difficult. The reviewers understand there may be reasons not to include the app in the app store, and that it still being in beta is one of these. However, this leads to the following security concern:

L) APK signatures are not available — Low priority

So long as the app is not in the app store, APK signatures are important for more-skilled users, who may want to ensure the package has not been tampered with. These should be made available.

Follow-up

We have passed this list of issues along to Michael Rogers, Briar’s developer. Michael had great insights and comments in response, and we are confident he can address these issues effectively.

--

--

Researcher, educator, and speaker on human factors in tech. My policy work has been relied on by the EFF and US State Department. Author of keepcalmlogon.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gus Andrews

Researcher, educator, and speaker on human factors in tech. My policy work has been relied on by the EFF and US State Department. Author of keepcalmlogon.com