Alexa, Who Am i Speaking To? Understanding Users' Ability to Identify Third-Party Apps on Amazon Alexa

David Major, Danny Yuxing Huang, Marshini Chetty, Nick Feamster

Research output: Contribution to journalArticlepeer-review


Many Internet of Things devices have voice user interfaces. One of the most popular voice user interfaces is Amazon's Alexa, which supports more than 50,000 third-party applications ("skills"). We study how Alexa's integration of these skills may confuse users. Our survey of 237 participants found that users do not understand that skills are often operated by third parties, that they often confuse third-party skills with native Alexa functions, and that they are unaware of the functions that the native Alexa system supports. Surprisingly, users who interact with Alexa more frequently are more likely to conclude that a third-party skill is a native Alexa function. The potential for misunderstanding creates new security and privacy risks: attackers can develop third-party skills that operate without users' knowledge or masquerade as native Alexa functions. To mitigate this threat, we make design recommendations to help users better distinguish native functionality and third-party skills, including audio and visual indicators of native and third-party contexts, as well as a consistent design standard to help users learn what functions are and are not possible on Alexa.

Original languageEnglish (US)
Article number3446389
JournalACM Transactions on Internet Technology
Issue number1
StatePublished - Feb 2022


  • Internet of Things
  • Smart home
  • network measurement
  • privacy
  • security

ASJC Scopus subject areas

  • Computer Networks and Communications


Dive into the research topics of 'Alexa, Who Am i Speaking To? Understanding Users' Ability to Identify Third-Party Apps on Amazon Alexa'. Together they form a unique fingerprint.

Cite this