Heuristic Usability Inspection Of Facebook Assignment
1.0 Introduction of Heuristic Evaluation Methods
The definition of heuristic evaluation can be stated as a usability testing method which is used to identify the problems that users may face while using software. This is one of the most popular methods of usability testing of UX for software to understand the security and usability-related problems in a software. Observing the UX of the software thoroughly is the best way to understand the problems regarding the UX of the software (Bedjaoui et al 2018). Facebook is the software that will be used in this report to evaluate the usability security issues in Facebook using the heuristic evaluation methods. The Facebook software will be thoroughly inspected for this process to evaluate four main usability security problems. Appropriate diagrams, problem descriptions, and severity ratings will be provided for each problem for the heuristic evaluation of Facebook. “Nielsen’s heuristic model” will be taken as an inspiration for this task while applying other methods also to evaluate four main problems of usability and security in the interface of the Facebook application. Facebook is the biggest social media platform in the world with more than 2.8 billion monthly users. Given the sheer magnitude of the organization it is important that the application provides the best possible experience to their users. This is the reason why Facebook has been chosen as the company for this heuristic evaluation and testing task. The advantage of heuristic testing is that the users do not need to get directly involved for the observation or inspection process. The inspection process that has been taken for the heuristic testing of Facebook is as followed: first of all in the phase 1 an overall observation was made to get a general idea of the application from an inspector’s perspective, in the second stage based on the experience of the first stage a thorough examination was made, in the third stage the problems were evaluated, and in the last stage the problems were prioritized.
2.0 Product Inspection
After thoroughly observing Facebook for heuristic observation it has been identified that clickjacking is the most severe form of usable security problem in Facebook. Clickjacking in Facebook is a “UI redress attack” where a user clicks on a typical website link which has been disguised as a possible threat. The link can be typically disguised as a html link and if a user opens the link and visits the website the effect can be severe including stealing of Facebook credentials, hacking of the account, hacking of the whole computer network, and stealing money. This is completely against the established user experience of Facebook (Golondrino et al 2020). The user's security is compromised due to the clickjacking, including hacking of the Facebook to hacking of the whole system through malicious software and extension.
The user system can be hacked, money can be stolen, and sensitive data can be stolen. This is the reason why this is the most severe and the 9 severity rating is justified.
2.2 Cross site Reference forgery
This is also one of the most severe problems for the Users in the UI of Facebook. Along with the clickjacking this is also a problem where the user unintentionally enters into a website where the user did not intend to enter (Harari et al 2018). The result of this is severe where the user’s personal data can be stolen from the website along with unauthorized transfer of money, changing of password etc. The users do not have the technical knowledge to mitigate this problem, this is the reason why this is a severe problem in the UI in Facebook.
Similar to the first problem, CSRF related issues can cause the user profile to get hacked and data can be stolen. This is the reason why this is the most severe and the 9 severity rating is justified.
2.3 Security of data and identity theft
One of the major problems that have been evaluated through the heuristic inspection is the security of data and identity theft related issues. The user’s personal information is visible to other persons in Facebook as this is interaction based software. However, the pictures and personal information can be stolen and used by thieves to open a new account by7 that same name and picture. Facebook has recently introduced the feature where the profile picture cannot be saved or screenshotted and a profile lock system where the users can lock their profile so that the people who are not in the friend list cannot visit the profile (Hussain et al 2018). The limitations of these features are that other photos can be used by the thieves other than the profile picture or the friends in the profile can also steal those pictures and act as an identity thief.
The user information can get stolen and the image of the user can get shattered. Based on the severity the 7.5 rating is justified.
2.4 Consistency and Standards
In the news feed of the Facebook application it has been identified that the consistency and standard are not maintained properly. The news feed looks significantly different between computer devices and mobile devices. The navigation of Facebook gets tougher due to frequent updation of the UI. Every update of the application provided another layout of the application and made the usability difficult. One of the major standard related issues is the significant amount of advertisements the user needs to watch. The users get habituated with a UI design and they understand which links they should not open, while frequent updating restricts this user understanding completely and in turn increases the security related risks.
This is not a major problem like the previous problems however the lack of consistency makes the use of Facebook tougher. Based on the severity the 6 rating is justified.
3.0 Swot Analysis Heuristic Evaluation Technique
1. The main strength of this technique is that this is cost efficient compared to other techniques (Kumar et al 2020). The heuristic testing technique can be used during the development step of the software so the cost can be reduced.
2. In this technique advanced complex planning are not required before evolution. That signifies both students and experts can use this technique to test. The basic ten rules can be used for the evaluation without more planning (Vieira et al 2019).
1. One of the major weaknesses of this technique is that the evaluator does not give any mitigation strategies of the problems that have been identified. This means this is only a technique which can be used for identification of problems rather than solving the problem (Roscoe et al 2020).
2. The technique cannot be used for complex interfaces due to the use of small and inexperienced evaluators.
1. Due to the lack of user interaction during this evaluation technique, the evaluation of user needs can get mistaken (Monkman 2021).
2. Other advanced usability inspection models such as cognitive model, pluralistic model are the primary threats of the model. The researchers are using those other models for evaluation of the usability experience of software in recent years.
1. As the problems have already been identified using this technique then the mitigation strategies of those problems can also be evaluated after analyzing those problems.
2. In future the user interaction can be introduced for better understanding of the problems and the needs of the users (Rusu et al 2018). The active participation of user means a set of questionnaires can be given to them for better evaluation of the user need.
Table 1: Swot Analysis
4.0 Further Evaluation Methods
This is one of the most important sections of the whole research where the future inspection methods will be discussed. Using the heuristic evaluation method the problems regarding the user experience of Facebook have been identified however the mitigation strategies have not been discussed or evaluated. Identifying the mitigation strategies for those problems must be the first priority in the future. As the problems have already been discussed using those analyses the solution will be found (Santos et al 2020). The first step in the future will be to contact some experts in software engineering and along with them the problems will be thoroughly studied and reviewed. The objective will be to evaluate the most efficient strategies of mitigation of those problems.
Facebook is one of the biggest organizations in the world with more than 3 billion customers. From the sheer magnitude of the users it can be said the best usability technique will only be understood by interacting with the users (Senap 2019). The heuristic approach does not emphasize collaborating with the users while the cognitive approach allows the inspector to contract the users. For the future the merging of heuristic approach and cognitive approach will be the best way to go through. The users will be asked a set of questionnaires based on the questions regarding their experience while using Facebook and what types of problems they have already faced. This approach will give the best understanding of the user’s needs and the task of understanding the problems of the user will get easier and in turn the evaluation of mitigation strategies will also be easier to solve. Other than asking a set of questions, in the future the employees of Facebook can also be asked for a survey about their opinion regarding these issues. Understanding of the user’s need is the main thing that this study could not compare. Using this method the usability of Facebook has been evaluated only from the point of view of the inspector rather than from the user (Tondello et al 2019). Involving the user in the technique will make the understanding of the problems much easier. For example the identity theft related problems have been a major problem and Facebook has taken some steps to mitigate that. However, the heuristic evaluation method has not given an effective answer to what the users actually want from the Facebook authorities to change in their UI design so that the identity theft can be solved. The reason behind the cognitive approach and the heuristic approach will be merged is to understand the user’s point of view about the Facebook news feed.
5.0 Conclusion to the report on Heuristic Evaluation Method
To conclude the report, the main aim of the report was to understand the approach of Heuristic evaluation method thoroughly and apply the technique to the software Facebook to evaluate the usability security related problems. The activities that have been taken for the heuristic approach of Facebook have been discussed including the phase 1 inspection, phase 2 inspection, evaluating the problems, and prioritizing the problems. Major four problems of Facebook usable security were evaluated using this method in the study which was clickjacking, Cross site reference forgery, identity theft, and consistency and standard. All of those problems were thoroughly discussed in the report in depth and appropriate diagrams were provided for each of those issues. Problems were sorted based on the severity rating and the most severe issue was discussed first. According to the study crackjacking has been the most severe problem of security usability in Facebook. Most interesting finding from the study is that Facebook has tried to mitigate those problems by applying new updates but the complete solution has not been found. Most of the issues are still visible. The swot analysis of Heuristic testing approach has also been made in the report to evaluate the strengths, weaknesses, threats and opportunities of the method. The limitations of this study and approach have also been discussed in the report and the further improvements for the testing technique have also been identified. Merging the cognitive approach and heuristic approach has been identified as the main way going forward. Collaboration of both methods will help the inspectors to understand the user experience from their perspective which should be much more effective compared to the traditional heuristic approach.
Bedjaoui, M., Elouali, N. and Benslimane, S.M., 2018, November. User time spent between persuasiveness and usability of social networking mobile applications: a case study of Facebook and YouTube. In Proceedings of the 16th International Conference on Advances in Mobile Computing and Multimedia (pp. 15-24).
Golondrino, G.E.C., Sanabria, L.F.M. and Muñoz, W.Y.C., Proposal of an Automated Tool for Conducting Usability Inspections based on Nielsen Heuristics.
Harari, I., Díaz, F.J. and Baldasarri, S., 2018. Adapting usability heuristics to evaluate Facebook according to elderly. Human Factors in Design, 7.
Hussain, A., Saare, M.A., Jasim, O.M. and Mahdi, A.A., 2018. A Heuristic Evaluation of Iraq E-Portal. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(1-10), pp.103-107.
Kumar, B.A., Goundar, M.S. and Chand, S.S., 2020. A framework for heuristic evaluation of mobile learning applications. Education and Information Technologies, 25(4), pp.3189-3204.
Monkman, H. and Griffith, J., 2021. A tale of two inspection methods: comparing an eHealth literacy and user experience checklist with heuristic evaluation. Studies in Health Technology and Informatics, 281, pp.906-910.
Quiñones, D., Rusu, C. and Rusu, V., 2018. A methodology to develop usability/user experience heuristics. Computer standards & interfaces, 59, pp.109-129.
Roscoe, R.D., McNicol, S., Raghav Bhat, K. and Craig, S.D., 2020, December. A heuristic evaluative framework for self-regulated learning design. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 64, No. 1, pp. 1775-1779). Sage CA: Los Angeles, CA: SAGE Publications.
Santos Pergentino, A.C.D., Canedo, E.D., Lima, F. and Mendonça, F.L.L.D., 2020, July. Usability heuristics evaluation in search engine. In International Conference on Human-Computer Interaction (pp. 351-369). Springer, Cham.
Senap, N.M.V. and Ibrahim, R., 2019. A review of heuristics evaluation component for mobile educational games. Procedia Computer Science, 161, pp.1028-1035.
Tondello, G.F., Kappen, D.L., Ganaba, M. and Nacke, L.E., 2019, July. Gameful design heuristics: a gamification inspection tool. In International Conference on Human-Computer Interaction (pp. 224-244). Springer, Cham.
Vieira, E.A.O., SILVEIRA, A.C.D. and Martins, R.X., 2019. Heuristic evaluation on usability of educational games: A systematic review. Informatics in Education, 18(2), pp.427-442.