Shoulder surfing is a byproduct of smartphone use that enables bystanders to access personal information (such as text and photos) by making screen observations without consent. To mitigate this, several protection mechanisms have been proposed to protect user privacy. However, the mechanisms that users prefer remain unexplored. This paper explores correlations between personal attributes and properties of shoulder surfing protection mechanisms. For this, we first conducted a structured literature review and identified ten protection mechanism categories against content-based shoulder surfing. We then surveyed N=192 users and explored correlations between personal attributes and properties of shoulder surfing protection mechanisms. Our results show that users agreed that the presented mechanisms assisted in protecting their privacy, but they preferred non-digital alternatives. Among the mechanisms, participants mainly preferred an icon overlay mechanism followed by a tangible mechanism. We also found that users who prioritized out-of-device privacy and a high tendency to interact with technology favoured the personalisation of protection mechanisms. On the contrary, age and smartphone OS did not impact users' preference for perceived usefulness and personalisation of mechanisms. Based on the results, we present key takeaways to support the design of future protection mechanisms.

翻译：肩窥是智能手机使用过程中的一种附带现象，旁观者可在未经同意的情况下通过观察屏幕获取个人信息（如文本和照片）。为缓解此问题，学界已提出多种保护机制以维护用户隐私。然而，用户偏好的保护机制仍未被充分探索。本文研究了个人属性与肩窥保护机制特性之间的相关性。为此，我们首先进行了结构化文献综述，识别出十类针对内容型肩窥攻击的保护机制。随后，我们对N=192名用户展开调查，探究个人属性与肩窥保护机制特性之间的关联。研究结果表明，用户普遍认可所展示的机制有助于保护隐私，但他们更倾向于非数字化的替代方案。在各类机制中，参与者主要偏好图标覆盖机制，其次是实体交互机制。我们还发现，重视设备外隐私且具有较高技术交互倾向的用户更倾向于保护机制的个性化定制。相反，年龄和智能手机操作系统并不影响用户对机制感知有用性和个性化程度的偏好。基于这些发现，我们提出了关键设计启示，以支持未来保护机制的开发。