Adam Beskow

Internet of Things
A qualitative study about people’s knowledge of
IoT and concerns in using IoT devices

The network of physical objects

Bachelor’s degree
Term: Autumn-20
Supervisor: Bridget Kane
Date: 2021-01-04
Abstract
Internet of Things (IoT) devices often described as Smart products for consumers consists of
physical things that inherit an Internet connection and therefore enable physical things to talk
between each other and with people. IoT is a growing market with products existing in e.g.,
consumers' homes, healthcare, or industries. These physical things have sensors that can
gather information about users which later on can be used to adapt the behaviors of IoT
devices or create profiles of users. As with any device that is connected to the Internet, IoT
devices can fall victim to attacks from outside parties that try to steal private information or
observe users of the devices.

With the growing market, it is of importance to understand what people know about IoT
devices and that a Smart home does not come with comfortability without its rough edges.
This Bachelor thesis answers what people know about IoT, how they handle security issues,
and the sharing of people’s personal information.
The data was gathered through a survey that had 133 participants, the survey was shared
in Facebook groups and spread through the snowball effect. After a participant was done
with the survey, they were urged to continue to share the survey with people they knew.

The result shows that the majority of people have not heard the term IoT before and that it is
not common to take steps in protecting private information when using IoT devices. IoT is a
term that is unfamiliar to many, the result shows that the term Smart devices is more
commonly used than IoT devices among people.

Keywords: IoT (Internet of Things), Survey study, People’s knowledge of IoT, Privacy

ii
Table of contents
Abstract ...................................................................................................................................................
ii
1. Introduction ........................................................................................................................................
vi
1.1 Problem area .................................................................................................................................
1
1.2 Target groups ................................................................................................................................
2
1.3 Purpose ..........................................................................................................................................
2
1.4 Scope .............................................................................................................................................
2
2. Theory .................................................................................................................................................
4
2.1 Search terms ..................................................................................................................................
4
2.2 Literature overview .......................................................................................................................
4
2.3 Machine-to-machine .....................................................................................................................
4
2.4 Internet of Things ..........................................................................................................................
5
2.4.1 Introduction to IoT .................................................................................................................
5
2.4.2 Benefits of IoT ....................................................................................................................... 6
2.4.3 IoT enables Smart homes .......................................................................................................
6
2.5 Big Data ........................................................................................................................................
7
2.6 Open APIs .....................................................................................................................................
7
2.7 Security and privacy issues ...........................................................................................................
7
2.7.1 Identification and reliability ...................................................................................................
7
2.7.2 Cyberattacks ...........................................................................................................................
8
2.8 Minimizing privacy issues of IoT devices in homes .....................................................................
8
2.8.1 Regulation of data collection ................................................................................................. 9

iii
 2.9 Prior studies on general IoT knowledge and privacy concerns ...................................................
10
2.9.1 General knowledge and usage of IoT devices ......................................................................
10
2.9.2 IoT devices in homes per region ..........................................................................................
11
2.9.3 Knowledge of privacy concerns using an IoT device ..........................................................
12
2.9.4 IoT in enterprises and organizations ....................................................................................
13
2.10 Research Question .................................................................................................................... 14
3. Method ..............................................................................................................................................
15
3.1 Design .........................................................................................................................................
15
3.1.1 Flexible and fixed design. ....................................................................................................
15
3.1.2 Chosen design ...................................................................................................................... 16
3.2 Scientific methods .......................................................................................................................
16
3.2.1 Survey .................................................................................................................................. 16
3.2.2 Online survey .......................................................................................................................
17
3.3 Selection of respondents .............................................................................................................
17
3.4 Environment ................................................................................................................................
18
3.5 Reliability and validity ................................................................................................................
18
3.5.1 Reliability and validity in an online survey ......................................................................... 19
3.6 Ethics ..........................................................................................................................................
20
3.6.1 Terms and Conditions ..........................................................................................................
20
3.6.2 Handling gathered data ........................................................................................................ 20
3.7 Development of survey ...............................................................................................................
21
3.7.1 Pilot ......................................................................................................................................
21
3.7.2 Result of the first pilot study ................................................................................................
21
3.7.3 Result of the second pilot study ...........................................................................................
24

iv
 3.7.4 The survey ............................................................................................................................
26
3.7.5 How gathered data was summarized and analyzed ..............................................................
26
4. Empirical result .................................................................................................................................
28
4.1 Peoples knowledge of IoT ..........................................................................................................
28
4.1.1 Perception of IoT ................................................................................................................. 28
4.1.2 IoT & Smart devices in households .....................................................................................
29
4.1.2 Statements about IoT technology .........................................................................................
30
4.2 Privacy concerns in using IoT devices ........................................................................................
33
4.2.1 Perception of privacy concerns ............................................................................................
33
4.2.2 Measures taken in protecting the privacy .............................................................................
35
4.2.3 Security in IoT devices ........................................................................................................ 36
5. Analysis ............................................................................................................................................ 37
5.1 Age group....................................................................................................................................
37
5.2 IoT knowledge ............................................................................................................................
37
5.3 Smart devices and ownership ......................................................................................................
38
5.4 Privacy concerns .........................................................................................................................
39
5.5 Security heightening actions .......................................................................................................
40
5.6 Security software in IoT devices .................................................................................................
41
6. Discussion & conclusion ...................................................................................................................
42
6.1 Discussion of the result ...............................................................................................................
42
6.2 Method discussion ......................................................................................................................
43
6.3 Theory reflection .........................................................................................................................
43
6.3.1 Future work ..........................................................................................................................
44

v
 6.4 Conclusion ..................................................................................................................................
44
7. Bibliography ..................................................................................................................................... 46
8. Appendices ........................................................................................................................................
48 Appendix A
....................................................................................................................................... 48
A.1 First image of the first pilot study ..........................................................................................
48
A.2 Second image of the pilot survey ...........................................................................................
49
A.3 Third image of the first pilot study ........................................................................................ 50
A.4 Fourth image of the first pilot study .......................................................................................
51
A.5 Fifth image of the first pilot study ..........................................................................................
52
A.6 Sixth image of the first pilot study .........................................................................................
53
Appendix B ....................................................................................................................................... 54
B.1 First image of the second pilot study ......................................................................................
54
B.2 Second image of the second pilot study .................................................................................
55
B.3 Third image of the second pilot study ....................................................................................
56
B.4 Fourth image of the second pilot study .................................................................................. 57
B.5 Fifth image of the second pilot study .....................................................................................
58
Appendix C ....................................................................................................................................... 59
C.1 First image of the survey ........................................................................................................
59
C.2 Second image of the survey ....................................................................................................
60
C.3 Third image of the survey ...................................................................................................... 61

List of figures

Figure1. Summarize and comparison of Metova (2018) & Metova (2019) 10

Figure 2. Summarize of Kumar et al (2019) 11

vi
Figure 3. Summarize of Pescatore (2014) 13
Figure 4. Age group of respondents 28
Figure 5. The term IoT 29
Figure 6. Perception of IoT knowledge 29
Figure 7. IoT ownership 30
Figure 8. IoT in homes 30
Figure 9. Statement: IoT connection 31
Figure 10. Statement: Information collecting 31
Figure 11. Statement: Smartphone 31
Figure 12. Statement: Smart TV 32
Figure 13. Statement: Cloth-based IoT 32
Figure 14. Statement: Password 32
Figure 15. Statement: Approval 33
Figure 16. Statement: Conversations between IoT devices 33
Figure 17. Security/sharing of private information 34
Figure 18. Protecting personal data 34
Figure 19. Store or share private information 35
Figure 20. Take steps to protect privacy 35
Figure 21. Security heightening measures 36
Figure 22. IoT software updates 36
Figure 23. Manufacturers of IoT devices 36

vii
1. Introduction
2007 was the year when people moved into cities and left the rural, now more than 50 percent
of people in the world live in cities. According to the United Nations (2018), the trend does
not seem to change, reports suggest 55% of the earth's human inhabitants lived in urban
territories in 2018 and the number is estimated to grow to 68% by 2050.
The technology in cities is evolving rapidly to adapt to the numbers of urban living people,
the use of tech in different fields such as healthcare, manufacturing but also in mundane
things which are meant to target consumers is a large and growing market. This means that
people more and more can adapt their lives by introducing Smart products in their homes.
These Smart products which can be a variety of physical objects can help the user in different
tasks and create a connection between the user itself and all the Smart devices.
While physical things more and more can create connections it also opens doors that are hard
to see. These doors are meant to be shut and protected, but the connections which are enabled
through the Internet, these physical things now stand under the threat of cyber-attacks. The
cost of using IoT devices is the user’s privacy.

1.1 Problem area

“The same incredible growth of people using the Internet in the 1990s is now being
repeated by things using the Internet in the 2010s.” (Shelby in Holler et al. 2014,
p.XI)

On the 13 of April 2010, Hans Vestberg, new in his position as CEO and president over
Ericsson visioned that there would exist 50 billion connected devices in 2020 (Ericsson,
2010). This statement was made in a time when the IoT terms were not widely used yet, even
though the term itself was coined in 1999 by Kevin Ashton. The 50 billion devices included a
variety of products, even laptops, and Smartphones which are not usually accounted for as
being IoT devices.
IoT devices are all around us for the most part, it can be the car you pass on the street, the
smart lights in your home, the manufacturing devices in a factory, or the lock on a door. All
these devices share a thing, and that is the connection to the Internet, the ability for devices to
speak to each other, they are devices that usually do not have an Internet connection (Holler
et al. 2014, p14). These devices can often be reached through a Smartphone and an app that
act as a controller. If a person wants to be sure that there is hot water in the boiler when they
arrive home or enable the heating in their car on a cold day, the person can do that through
their phone.
In recent years there have been reports of privacy and security issues with smart devices,
users who feel observed, devices that record their surroundings or collect and share data with
other companies. Users should be advised what a product does with collected data and in the
same way, be able to consent to it. When using IoT devices, the user needs to consent to share
their data through the devices, these terms that need consent can often be complex and
sometimes hard to find for the user. The user sometimes accepts the terms without even
knowing by using the device. By being connected to the Internet the IoT devices open for
others to access in ways that were not available before.
The 50 billion connected devices vision might not have turned out as Vestberg thought back
in 2010 (Ericsson, 2010), in 2015 Ericsson changed the forecast to 26 billion devices by 2020

1
(Ericsson 2015). 26 billion is still a large number that will affect people's lives, either
selfselected or not, people will still handle devices that are connected in some way.

Because of the growing market of IoT devices, more people will encounter these devices in
their daily life. What people might not know is that all of these devices can communicate
with each other, share the data that is collected and send it to be stored in cloud storage to be
used in advertisements or tailoring the experiences when using IoT devices based on earlier
usage. This thesis will answer the questions of what people know about IoT devices, if they
are concerned about IoT devices sharing their private information and if people use measures
to secure their privacy.

1.2 Target groups

The target group of this thesis is broad in the aspect of the research that is done. By answering
what people know about IoT and if the technology is concerning from a privacy perspective
the result can be of value to different people. The target group is therefore people who find it
interesting to see people’s knowledge about IoT. It can also be informative for other
researchers who have some of the same questions and/or people who want to know more
about IoT and/or companies.

1.3 Purpose
The purpose of the thesis is to research people's knowledge of IoT, the perception of sharing
private information, and if people are taking measures in protecting their private information
when using IoT devices.

1.4 Scope
IoT is a large and complex topic that includes many aspects that can be of interest to
industries, politicians, or consumers. By narrowing down and focusing on fewer aspects of
IoT the thesis presents a result with reliable discussions and a valid result.
The scope is based on the RQ since the empirical result is the answers to the RQ. By
questioning if people have heard of the term IoT, what they know about IoT devices, if they
are concerned about their privacy when using an IoT device, and if people are taking actions
to ensure their privacy safety, the result consists of people’s knowledge of IoT technology,
their experience, and their concerns of their privacy.

IoT devices are used in different environments such as in society, healthcare, industries, and
agriculture. These are meaningful additions that enable new ways of thinking and adapting to
situations.
The scope is demarcated to the bullet points below

• The basics of IoT

• Some of the technologies that enable it IoT devices in homes e.g., Smart
devices.
• Security and privacy issues.
• How security and privacy issues are and can be minimized.

2
With this scope, the result is more concentrated and clearer, the spread is less due to the
significance between each limitation. As the technology evolves and new ideas come to
fruition the technology behind IoT and the aspects that belong to it grows and gets harder to
detail.
The thesis, therefore, avoids focusing on the future of IoT and the usages of IoT outside of
homes. Some exceptions can be seen in the Theory chapter.

3
2. Theory
This chapter will introduce IoT, the tech that enables IoT, common threats to IoT devices,
prior studies on people’s knowledge of IoT, and the search terms which were used.
Guidelines by Robson (2014, p71) were used in search of reference literature and information
about IoT technology and prior studies. Robson suggests that the literature first should be
sorted into three different piles, the Key sources pile where essential literature is placed. This
literature might inspire the model which the researcher follows. Useful sources that usually
end up as research. The last pile is the Useless sources where literature that seemed to be
useful but later turned up as useless is placed.
By first skimming through literature to find out if it is useful, it can be read more thoroughly
when needed.

2.1 Search terms

When searching for literature, databases through Karlstad and Örebro university have been
used. The used search terms were:

• Internet of Things
• Internet of Things introduction
• Internet of Things security issues
• Internet of Things privacy issues
• Internet of Things general knowledge
• Internet of Things knowledge study
• IoT knowledge study

The reasoning why there are three search terms that consist of the word knowledge is that it
was difficult to find prior studies on people’s knowledge of IoT. Google Scholar and Google
search have also been used to some extent, the sources found through Google have been
taken into consideration due to reliability and validity. YouTube was also used for Ted Talks
about IoT.

2.2 Literature overview

IoT is a technology that has been around for some years, the knowledge about the term and
the technology itself can, however, be questioned due to the growth of the technology. This
thesis is about to study people’s knowledge of IoT and how they use IoT devices. The
literature overview is an introduction to the RQ and therefore also to the result and
discussion. The literature overview also works as a summarize of IoT which is researched,
and even though some of these concepts are not directly part of the purpose or the result, the
information is needed to create a picture of IoT.

2.3 Machine-to-machine
M2M is the technology that enables machines to speak to each other through a connection but
without the use of the Internet, it is instead a more limited connection that enables only the
machines on the same connection to speak to each other.

4
According to Holler et al. (2014, p.11), the M2M connection and work are often associated
with industries because of their ability to monitor productivity, increase security, and reduce
costs in production. This is related to limited connection, due to the lack of Internet the
security is higher because the machines will not be able to share their data online through the
Internet.
M2M solutions generally have a special purpose where they have a single task or managing a
single problem, instead of multitasking the M2M solution does a single thing for a single
company (Holler et al. 2014, p36). This is one of the bigger differences to IoT devices which
are more commonly doing multiple actions.

2.4 Internet of Things

“Now in a digital world, we can make everything talk to each other. We can make our phones talk to
each other and we can make Facebook talk to each other. And in the physical world, not so much.
This is where our lives and technological development kind of stopped, but now we are able to build a
network, so, multiple of physical objects, your chair, your table, your lounge, those tim tams in the
fridge that are connected to the Internet” (Duffy 2016).

IoT is a technology that evolved through the growing market of Internet and connection.
M2M was the start of what further on became IoT. Machines could work together through the
M2M technology, but with a limited connection, the machines were halted in their abilities.
This came to a change when IoT devices were introduced, the variety of things that now
could create connections through the Internet could now also create connections to people.
Below is an introduction to the IoT and information about the Smart devices in people’s
homes.

2.4.1 Introduction to IoT

Due to people being more introduced to technology in ordinary life the demand grows,
nowadays there are a lot of people who own multiple products that are connected to the
Internet, there is a growing market for devices that enables data collection from the user (Fu
et al. 2017, p2).
IoT devices are physical entities that have not been connected to the Internet before but now
have entered a stage where they can speak to each other. IoT is an extension that enables
physical things to interact with people in new ways, it enables people to have control and the
ability to monitor from afar. These devices can now access data from other places and in that
way benefit the user, even if the user is a private person, a business, or the government
(Holler et al. 2014, p14).

Duffy (2016) describes the IoT as an opportunity for the user to be able to speak to physical
objects and for objects to speak to each other. A smart fridge that knows if someone is
running low on a product can then tell the owner to stock up, the owner can, in the same way,
tell the fridge to place an order or to lower the degrees through e.g., a Smartphone. The Smart
fridge is also available to speak to other devices that share an Internet connection, the fridge
can tell vendors or other companies that the fridge's owner likes a certain product more than
other products.

5
The Internet gave people the ability to stay connected over distances and time differences,
IoT on the other hand gave devices the ability to stay connected and exchange information all
by themselves without the impact of humans (Xiang 2018).
IoT has exploded over the years and the development and sustaining costs are forecasted to
be as much as 11.1 trillion dollars by 2025 and the reasoning behind this is:

• Lower costs of hardware.

• High availability of resources.
• The connected and digital world we live in.
• And the ease and simplicity to put the devices together.
According to Duffy (2016)

The IoT devices can be found in a lot of different branches such as agriculture, health care,
consumer electronics, and infrastructures. Water supply can be adapted through the help of
sensors that monitor the crops and robots, or other entities can be remotely controlled. One of
the most common uses of IoT devices is in tracking goods through manufacturing according
to Weber (2014, p618).
A big difference to M2M is that an IoT device can collect data from a broader perspective
(Holler et al. 2014, p17). Contradictory to the M2M solution which usually works in a
smaller context and has limits on which data it can collect, an IoT device can follow a person
and not only get information such as how many steps a person has taken or the person's heart
rate but also personal information such as how many phone calls a person have gotten
through the day and what a person does for leisure. The IoT device will also be able to send
this information at any time due to its connection to the Internet (Xiang 2018).

One point of the IoT devices is the ability to gather data for analysis, but another point is to
gather information from other sources on the Internet according to Holler et al. (2014, p15).
In this way a device can adapt due to information from another source than its user, it can get
the weathercast on demand for its user and at the same time check-in on Facebook and see
what other people think of the weathercast.

2.4.2 Benefits of IoT

With the urbanization that is happening technology is used more and more to control cities
and their systems to organize and measure where the need is.
In the same way that a mundane physical thing like a fridge can be Smart, a building or city
can also be Smart. A building with sensors on it can check if the weathercast is promising
rain in the following days, if there is rain on its way the building can wait with the watering
of plants and water them with the rain that is forecasted.
In the mining industries, the IoT devices can help with reducing energy consumption due to
their ability to calculate and know which ventilations that need to be used in the mines.
According to Holler et al. (2014, p.17), ventilations are to blame for upwards of 50% of the
energy consumption in mining operations.
As mentioned earlier, IoT devices can also help with monitoring in the agriculture field, both
crops and animal farms can get benefits because of the device's abilities to adapt the water
supply, food supply, and monitoring on how healthy the animals are.

6
According to Hougland (2014), Google used its search engine to collect data about flu
searches to try and pinpoint where new outbreaks would happen. This started before the
broad introduction to IoT, but as more and more devices enabled internet connection the data
to analyze grew.

2.4.3 IoT enables Smart homes

A Smart Home, described by Al-Mutawa, Eassa (2020, p260), is a home that has a
connection that connects different devices and enables them to be controlled remotely
through a central control unit which can be a Smartphone. These devices can be the speakers,
the lights, or the surveillance system which is incorporated with the lock on the door.
Hougland (2014) speaks of a scenario that can occur in a Smart home, he continues by
describing that the morning starts when his bracelet wakes him up through vibrating and by
shining lights, when the bracelet wakes him up it speaks to the thermostat in his home which
checks the temperature. If it is needed, the thermostat speaks to the air conditioner which
starts to pump in the fresh air, the coffee machine starts to brew coffee, and his sprinklers on
his lawn might start watering the lawn if it recognizes it as needed.
This is something that can be done through connection, the device's abilities to communicate
with each other and start a chain reaction. When Hougland leaves his home in his car the
carport sends him a message and tells him that the door has closed after him.

2.5 Big Data

The concept of Big Data is the size of data that companies nowadays have access to and can
analyze, due to IoT devices which inherit connection and the ability to collect data, the
amount of data has rapidly increased and therefore introduced the concept of Big Data. Most
of the data that is collected is from industries, devices that can detect errors and therefore
ensure safety and keep up the productivity. The ability to collect data and analyze exists also
exists in consumer-friendly devices, these devices use the data to adapt and learn how they
best can suit consumer’s needs through sharing of the users' data (Holler et al. 2014, p26).

2.6 Open APIs

IoT is built on connection and the ability to share, Open APIs which enables IoT devices to
create a connection to each other, is built on the same theory. Holler et al. (2014, p24)
describe Open API as a gateway for different developers to share a connection where they
can combine other solutions with their solution. In this way, a device of a different brand can
still use solutions that are made by a different manufacturer. This technology creates an
opportunity for developers to not waste time in developing their solution and without signing
a contract with the developer behind the “borrowed” solution (Holler et al. 2014, p25). This is
one aspect of the growing market of IoT devices, mostly because of the ease in
manufacturing new devices and solutions.

2.7 Security and privacy issues

The usage of IoT devices can enable people’s everyday life to be more connected and
controllable through e.g., Smartphones. The ability to connect and control is, however,

7
nothing that comes free of risks. When physical things get connected to the Internet, their
ability to collect data can fall into the wrong hands. IoT devices can also be under the
influence of cyber-attacks and used by outside parties.

2.7.1 Identification and reliability

With the growing market of consumer-friendly devices, the privacy concern is growing. With
every new device, there is a new sensor that can trace and collect data from the user, with this
information a profile can be created which identifies the user through an analysis of the data.
The profile of a user can consist of name, address, movement patterns, search history, and
about which products the user owns (Weber 2015, p.619).
Every new sensor is a potential for new risks to manifest, as the technology is evolving so are
the risks. When one door shuts other doors open and the security measures need to be able to
handle all the doors and all threats.
A simple thing as at which time the coffee machine makes coffee can tell someone when the
user wakes up. (Weber 2015, p.623).

Holler et al. (2014, p31) mention that the reliability of the collected data is also a topic of
concern due to the concept of Big Data. As the amount of data and the sources which collect
data is growing, it becomes harder to form an accurate consensus. The result might not be
truthful or liable due to the lack of quality of the data. Weber (2015, p624) sees risk in both
low quality because of the lack of information and that the profile which is created is false
and that miss interpretations can be made, but also in high-quality data where the profile of a
person can be spot on and tell every detail.

2.7.2 Cyberattacks
The connection to the Internet opens doors that did not exist before. As much as a computer
needs an antivirus program an IoT device also needs protection from malware, the boiler
which can be turned on through the smartphone now has a risk of being the target of a
cyberattack (Holler et al. 2014, p31). For example, a baby monitor with a camera that is
connected to the Internet can fall victim to an attack where someone else can access the
camera, the fact that a lot of consumers do not change the password on their monitor only
makes it more vulnerable (Fu et al.2017, p1).
The data which is collected through devices is always moving through access points before it
is stored in databases or cloud services. Weber (2015, p621) points out these access points,
which can be a smartphone, as targets of cyber-attacks since most data has not been
encrypted at this point.

The acceleration of data collecting sources is a part of the technological push for consumers
to have more and more devices in their homes and to replace their prior technique with new
Smart products. All these devices are often connected through the same connection and
therefore more easily a target, Fu et al. (2017, p1) describes that the FBI issued an
announcement where they urged people to isolate their IoT devices on protected networks to
single them out. These devices or controller apps on Smartphones all have a privacy policy
that the consumer consent to, the problem lies in that these policies are often hard to
understand and can overburden the consumer.

8
The manufacturer of a device is responsible for maintaining the support and security of the
product, if the manufacturer goes out of business their support of the device will end, this
means that the device will still go on without getting updated (Fu et al. 2017, p4).

2.8 Minimizing privacy issues of IoT devices in homes

Al-Mutawa, Eassa (2020, p260) describes a Smart home as a vulnerable place where security
and privacy issues need to be accounted for to achieve a safer home with IoT devices.
According to Al-Mutawa, Eassa (2020, p261) there are limits to what a security system can
do, by authenticating the user in several ways, either through a password and biometric
authentication methods like face-recognizing or fingerprints the security is higher. However,
the systems must work, therefore should passwords be stored in secure ways with encryption
as a minimum, the face scans or voice detectors need to be better at checking for signs of life,
this is because biometric authentication methods have been fooled by pictures or dummies
and thought them to be living and real persons.
As described earlier, Fu et al. (2017, p6) explain that the user policies for IoT devices can be
hard to understand because of their length and complexity, the lack of explanation on how
different devices on the same connection connects is also a topic which needs to be addressed
by manufacturers and regulatory boards. By creating an application for users where they can
monitor their collection of IoT devices together and be able to see how they work with each
other and what data they share, users can get an understanding of their products. A study by
Kumar et al. (2019) researched the most common IoT devices in homes in different regions.
The study was done in collaboration with the software company Avast Software and the data
was gathered through a Wi-Fi inspector which was created by Avast Software. This inspector
scans the subnet, the home network, to look for connected devices and notify the user if the
devices are vulnerable to cyberattacks.
The recommendation that FBI urged people, to have their IoT devices on their connections to
not enable them to work together (Fu et al. 2017, p1), by doing this, users can achieve a safer
home with less connectivity between devices. The downside to this is that the Smart home is
not achievable anymore due to the lack of connectivity.

Weber (2015, p621) describes PET which is privacy-enhancing technologies, these

technologies aim to keep data about the user as private as possible, for example, when a
company collects data and does not necessarily need details on the user it should not be able
to collect that part of the data. This is also something that the EU Data Protection Regulation
has considered, it describes that organizations that control the data need to protect the privacy
of a user through the lifetime of the data. Weber (2015, p622) mentions that there are ways to
anonymize the user by dividing the data into different sub-users, therefore the identification
of someone cannot be read from a single user. According to Weber (2015, p.622), this is not
the full extent of the technology, there are ways to identify users even if the information is
separated.

2.8.1 Regulation of data collection

All IoT devices stand under regulation on how data are collected and where the data ends up.
Weber (2015, p619) explains that there is not one single regulation because of the complexity
of IoT technology, instead, there are multiple legal descriptions that tell what the device can
do. For example, the EU Data Protection Directive (DPD) regulates how personal data can be

9
processed. What personal data is can be hard to distinguish however, the raw data that are
collected is mostly not identifying someone, and therefore the data can be collected and
processed even if it ends up as personal data.

Weber (2015, p619) continues by explaining that The European Commission ordered a team
of experts to study the IoT network and look for potential security risks. The conclusion
reported by the team which was disbanded afterward was that the industry reported that the
current security framework was enough, the consumers, on the other hand, did not agree.
They meant that the security and privacy risks should be handled better.
As more and more manufacturers can produce cheap IoT devices the regulations need to be
broad and unite as many countries as possible to create a more secure and controllable usage
of IoT devices.
2.9 Prior studies on general IoT knowledge and privacy
concerns
The search for prior studies in people’s knowledge and concerns of sharing private
information when using IoT devices yielded interesting leads and the result is presented in
this chapter. However, there are some concerns over reliability since one study method and
details cannot be accessed and some other studies are not entirely part of the scope of this
thesis. The studies have still been used to analyze the empirical result, this is because they all
have some information that is part of the scope and answers to the RQ.

2.9.1 General knowledge and usage of IoT devices

Metova is a tech firm that works with IoT, connected cars, mobile applications, and more
techs that involve the Internet and connections. In 2019 they did a follow-up study and
comparison on an earlier study they did in 2018 of IoT knowledge among their customers.

Metova's (2019) result is only available in limited information through an infographic on

Metova’s website, the study is not open to see and Metova has not answered questions about
getting access to more details.
The 2019 study had over 1000 customers who answered the survey, while Metova is an
American company the infographic is not clear on where their customers who partook in the
study are stationed.
The reason why the study was used is that the study has been referred to in several articles
and the result of the study seems reliable.

10
Figure1. Summarize and comparison of Metova (2018) & Metova (2019) The
figure is drawn from Metova (2019).

According to Metova (2019), IoT knowledge among their customers is low, and less than
25% fully understand the term IoT. In 2018, Metova reported that 20% of customers knew
about IoT but 70% of participants already owned an IoT device. It is not clear if these
numbers are considered Smartphones which is a Smart product that a lot of people already
own and usually is not considered as an IoT device.
Metova’s (2019) study infographic on the other hand contains new results that were not
present in the 2018 study. For example, Metova (2019) shows that about 75% of consumers
streamed programs on their Smart TVs through the Internet. It also describes that the most
popular Smart device among the participants is Bluetooth trackers which can be attached to
keys or other things in case of disappearance. However, both studies show that the two most
popular Smart products are Retrofit devices, which are older devices that inherit additions or
new features which enhance the usage, and Smart thermostats.

2.9.2 IoT devices in homes per region

Kumar et al.'s (2019) research is based on IoT device adoption in homes in three different
global regions in the world. The data in Kumar et al. (2019) was gathered through a Wi-Fi
inspector by Avast Software which is a security software company. The scope was also
limited to Windows as there are differences in Windows and Mac operating systems, the data
was could only be gathered if the Wi-Fi inspector were installed on the home computer.
One part of Kumar et al. (2019) is summarized in the following diagram

11
Figure 2. Summarize of Kumar et al(2019).
The figure is drawn from Kumar et al. (2019)

This diagram shows in which context homes in different regions own IoT devices. In North
America about 70% of homes had an IoT device, meanwhile, in South Asia, there was only
9% of the homes inherited an IoT device. The 70% ownership in North America can be
compared to the almost 74% ownership in the Metova study (2019), as stated before, the
Metova infographic is not clear on where the participants are based.
Kumar et al. (2019, p1174) also describe which kinds of IoT devices are most popular in
different regions. The most common IoT device in North America was part of the Media/TV
category and 43% of the households had one or more Media/TV IoT devices. The Media/TV
category stands for 45% of all the IoT devices in North America.
In South Asia, the most common IoT device in households belonged to the Surveillance
category, about 9% of the homes had an IoT surveillance device and the category stood for
55% of all IoT devices in South Asia.
The result of Kumar et al. (2019) shows that the Media/TV category of IoT devices are the
most used devices in homes, especially in North and South America, Europe, and Oceania.
Metova (2019) describes the most common Smart device as the Bluetooth tracker, Metova
also states that 75% of participants streamed programs through their Smart TV which shows
that there were a lot of devices in the Media/TV category.

2.9.3 Knowledge of privacy concerns using an IoT device

Stefan Allirol-Molin and Xheniza Gashi (2017) did a study on what people know about IoT
and their knowledge of privacy concerns in using IoT devices. The study was done using a
survey which was initiated by a pilot study. The biggest age group of respondents were
between 18-34 years old according to Allirol-Molin & Gashi (2017), and the selection of
participants was done among friends and acquaintances.

12
The data which was gathered by Allirol-Molin & Gashi (2017) shows that.

• 90% of the participants have heard about the term IoT,

• 50% have some knowledge of IoT
• 20% have full knowledge of the technology.

When it comes to security and privacy issues the results were as follows.

• With 41% thinking that the security of IoT devices is enough.

But when asked about how good the security is:

• 41.9% answered that they do not know.

The participants also answered the question if they knew how to secure their IoT devices,

• 48,4% answered that they do not know 41,9% answered maybe 9,7% answered
yes.

When giving room to participants to write their answers the result to the question of what
they do to secure their data in IoT devices were,

• Two people answered that they cryptate their data One answered Anti-virus
software on pc One answered that they only use HTTPS.

This question was only answered by 4 people out of the 31 participating.

The result of Allirol-Molin & Gashi (2017) is that people's perception of the existence of
security and privacy issues related to IoT devices are high but the perception of how to secure
IoT devices was low.

2.9.4 IoT in enterprises and organizations

Securing the Internet of Things Survey is a research done by John Pescatore in 2014 in
collaboration with SANS which is an education and research organization where individuals
in their respected fields can share their experience or studies.
Pescatore (2014) used a survey that was open for three months during 2013 to gather data, the
number of participants was 391 and the research focused on workplaces and businesses. The
result of Pescatore (2014) is summarized in the diagram below.

13
Figure 3. Summarize of Pescatore (2014).
The figure is drawn from Pescatore (2014)

By seeing the result of the study, Pescatore (2014) figured out that the majority of the
participants had experience in IoT technology, this was also be seen in the statistics of
workplaces where 19% answered that they work for the government which, according to
Pescatore, had grown their IoT divisions recently.
The above summary shows that a lot of the participants knew IoT, but there was a large group
who do not have the same kind of knowledge. About 28% said that they had a vague idea of
IoT and 29% answered that their organization was not actively working with IoT, it was
likely that the organizations would be active with IoT in five years. Almost everyone saw the
growth of connected things in their enterprise and only 6% said that they were not aware of
any growth.
The conclusion which Pescatore (2014, p20) made of the result is that IoT is overhyped and
that the growth of devices was not as high as many had foreseen. The awareness of security
issues with IoT devices was high among the participants, 90% answered that some changes
would be done in their organization to lower the threat of connected device
2.10 Research Question
The RQ is based on the gathered theory and the result of the questions reflects people’s
knowledge about IoT technology and if there is concern about sharing private information
when using an IoT device. The result of the questions was gathered through surveys which
were designed after the four following RQ.

RQ 1. Have people heard about the term IoT?

RQ 2. What do people know about IoT?
RQ 3. Are people concerned about their privacy when using IoT devices?
RQ 4. Are people using measures to protect their privacy when using IoT devices?

14
15
3. Method
This chapter is all about the design and method used in the research, how data was collected
but also about the selection of respondents, reliability, validity, and ethics concerning the
collection and result of data.
This chapter ends on the result of the two pilot studies that were made and how the data
gathered through a survey was analyzed and summarized.

3.1 Design
Different methods can be used in data gathering, they all suit different needs, and it all
depends on the RQ and scope. The design was decided before the method that was used for
collecting data.
Robson (2014, p22) writes about the importance of design and why a researcher should
acknowledge it before moving on to methods. Robson explains that by pondering on what
would suit the research, it becomes easier to choose a method. A house built without an
architect with only builders is not a good thing, which is according to Hakim (Robson 2014,
p22), the same as not following a design. The first thing that must be done is to decide if
there is a need to collect new data or if the data already exists.
By collecting new data, which is known as primary data collection, enables the possibility to
summarize and analyze the data in a new study and reach a conclusion based on the findings.
Comparison to other studies on the same topic can also be done, in that way, data that already
exists can be used, which is known as collecting secondary data.
By collecting secondary data, the need for prior studies and results becomes more important
and the analysis will contain its interpretation of other studies.
Robson (2014, p22) urges the researcher to make their decision based on their interest and
what method is most comfortable for them. If the researcher struggles with a method, it might
not be the right choice.

According to Robson (2014, p23), two commonly used research designs are known as
flexible and fixed designs.

3.1.1 Flexible and fixed design.

When deciding on the design of the thesis, different aspects need to be taken into
consideration.
The flexible design also called qualitative design is according to Robson (2014, p23) the idea
that the researcher can be more flexible, data is gathered in an early stage with less planning
before. The flexibility in this design is more fitting with qualitative data because of the more
in-depth knowledge. Goldkuhl (2011, p28) speaks about the depth and broad knowledge,
where depth often calls for a qualitative method. A flexible design often tends to incorporate
Case Studies or interviews as methods when collecting data, this is because of the more
indepth knowledge and the ability to adapt to the situation or the answers.
The fixed design, also known as quantitative design, is in comparison to flexible design more
structured and it becomes more important to plan out the research before data is gathered
(Robson 2014, p23). Instead of gathering data at an early stage, the researcher does pilot
studies which act as tests to see if questions for participants are clear and not confusing.
When doing a pilot, bad data can be avoided in the gathering process according to feedback
16
from the pilot. By doing a quantitative study the knowledge gained is broader and usually
more general than with a qualitative study according to Goldkuhl (2011, p28). The study is
narrower, and the researcher often limits what the survey is focused on.

3.1.2 Chosen design

Both Goldkuhl (2011, p28) and Robson (2014, p23) mention that qualitative and quantitative
design is not always used as they commonly have been, a qualitative method can be used in a
fixed design and vice versa. It is the same with in-depth and broad knowledge, they are not
fixed to one design but can co-exist in both.

A fixed design was followed through the research and the data that was gathered was
qualitative. The reasoning behind this was that by following a fixed design the project and
research were planned out from the beginning. The chosen method see (3.2), which data was
collected through, can be used when collecting both quantitative and qualitative data. It is
usually more often associated with quantitative data. The reasoning why the gathered data
was qualitative is that the data represents opinions and not measurements in the form of a
numerical scale.

3.2 Scientific methods

The decision to acquire qualitative data through a survey grew from the design choice and the
format of the RQ. When asking for people's knowledge, perception, and actions a survey was
the best way of reaching a broader group of people, this decision was taken instead of doing
interviews which was the initial thought. Interviews would have gathered more in-depth data
which would yield a different result and answers to the RQ than doing a survey.

3.2.1 Survey
When choosing a method, the cons and pros need to be weighted to each other to ensure that
the right method was used (Goldkuhl 2011, p32).
Surveys are usually done by collecting data from a larger group and the result is often
considered as more general (Goldkuhl 2011, p28). Robson (2014, p30) describes the survey
method in the same way as Goldkuhl (2011), Robson continues by listing the usual pros and
cons of the survey method

The pros in using a survey are that they are predictable by the amount of time that is needed
to create, hand out and in some way analyze the data. The amount of time that is needed for
analysis is depending on how many participants there are, and which questions are asked. If
questions are answered through tick boxes the analysis will be easier than questions asking
for written answers. The result is often quantitative data that can be turned into diagrams, the
data can also be qualitative and still summarized through diagrams or bars.
The result can be general though, it depends on the target group and number of participants,
the knowledge that is gathered is generalizable but not in-depth. Surveys are a method that is
well-liked among different people according to Robson (2014, p30).

The cons, on the other hand, is that even if the result can be general the reliability can be
questioned, this is because of the difficulty of knowing if the response is honest or not. A

17
respondent might have marked the wrong answer or lacked seriousness when answering the
survey. The result can be questioned when the response number is low. This is because the
result often lacks in-depth knowledge and therefore a higher response is needed. When doing
a survey, a sample of participants needs to be gathered. While this can be done at random, by
allowing larger groups of unknown people to answer the survey, it can be hard to do a
selection that does not impact the result. Friends or relatives might not be the most reliable
respondents in a study because of the difficulty of being impartial. Surveys are a bad method
if the researcher wants more in-depth data, this is because Survey Questions (SQ) with many
details are often lengthy and complex which in the end will affect the number of respondents
according to Robson (2014, p30).

Robson (2014, p32) means that in choosing a method that is already established the
researcher can navigate through the known cons and pros.

Being aware of the pros and cons, actions have been taken to ensure that the result was
gathered truthfully without affecting or altering the answers, and at the same time,
preparations for the survey were done without rushing the analysis.

3.2.2 Online survey

The survey was done through Survey & Report (S&R). The S&R software enabled the usage
of an online survey which was easier than handing out papers and was more fitting with the
current state of the world (at writing time) due to the pandemic Covid-19.
S&R is a web-based survey tool where the user can design their survey, the program also
helps to summarize the data for the result.

The main survey was done both in Swedish and English which let the respondent choose their
preferred language.

3.3 Selection of respondents

To gather data on people’s knowledge of IoT, privacy concerns in using IoT devices and if
measures are taken by people, requires the respondents to be part of the general population.
They should not be part of a singular group or category. According to Robson (2014, p83) the
when, what, where, and who questions are of essential importance when sampling for the
study. The selection of respondents depends on the scope of the RQ.
A general study such as which political party the general population would vote on needs a
lot of participants and preferably people in different age groups that have different
occupations and social status.
Robson (2014, p84) writes about random selection, which is when respondents have been
narrowed down to, for example, school students, the selection can be done by choosing
everyone who starts their name with an A. From the list of names, the narrowing down of
participants can be done through a lottery approach where every person has a number
attached to him/her. The last selection of respondents can then be commenced by rolling a die
and see which persons who start their name with an A is selected.

With a smaller scale study, but still in-depth, the selection of respondents does not need to be
selected through a random method and the result is usually not accounted for as general.
18
Robson (2014, p85) mentions that some respondents are chosen because of their prior
knowledge or in some cases occupation, this means that the respondents are experienced in
their field and that the research which they take part in might be in-depth research. The
respondent can in some cases be family members or friends of the one researching. Robson
does however not recommend this since known people can be bias and the data that is
gathered is therefore not reliable. If family members or friends are used it is better to have
them as respondents on pilot tests and not include them when gathering data.

The ideal way of selecting respondents to gather people’s knowledge of IoT would have been
to use the random method. The ideal respondents would consist of people who represent
different groups and have different experiences of IoT. With limitations in time and
resources, the limitations on the selection of respondents were taken.
Initial thoughts on the selection of respondents were to go through Örebro university and/or
Karlstad university to find respondents, either through sending out messages to work and
student platforms or informing students before a lecture about the survey. However, with the
response from personal and the advice from the Supervisor, the selection of respondents was
done through Facebook groups and the snowball effect instead.

Due to the pandemic COVID-19 and the usage of an online survey through S&R, the
selection of respondents was done through the Facebook group “Dem kallar oss studenter”
which is a Swedish Facebook group created by Örebro University and the Facebook group
“Survey sharing 2020” which consist of people of different nationalities who help each other
out with answering surveys.
The selection was also done by sharing the survey with friends and family who were urged to
not take the survey themselves, they were instead urged to continue to share the survey with
friends or family members of them. This is called the snowball effect. By reaching out to
people who continued to share the study the number of respondents grew.

3.4 Environment
The physical environment of the survey was answered in ways dependent on the respondent’s
choice. Doing an online survey enabled people to answer the survey anywhere as long as they
had access to the Internet.
The environment changed from a physical place to an online space which means that there
are differences in things that might affect the respondent when doing the survey. More
about the choice in doing an online survey through S&R and the aspects that were taken
into consideration can be read about in (3.5.1).

3.5 Reliability and validity

Reliability is to make sure that the gathered data are truthful data, that the result is based on
data that represents the person's knowledge. Ensuring that data is reliable can be hard
according to Robson (2014, p54). The process of ensuring data can be done in different ways
depending on the chosen data gathering method. Interviews or tests can be done again,
however, the participant might be in a different mood or something might have happened
since the first time and therefore the response can be different from the first time. Robson

19
(2014, p55) points out that the response to a question might alter just because the interviewee
gets the same question again.
If data collection is done through observation there can be two observers who then compare
their results to make it reliable.
Robson (2014, p56) mentions that researchers who chose flexible design often do not think
about reliability because qualitative studies are often done in a deeper sense and reach for
different aspects. The qualitative design is commonly used to study real-life scenarios that
can be messy and are hard to do again in the same way.

It is not enough to have reliable data if it is not valid in the end. Validity is if the data
represents what it intends to represent (Robson 2014, p56) e.g., in this case, data should
represent what people know about IoT.

3.5.1 Reliability and validity in an online survey

The data was gathered through a survey which was made in S&R. The first intention was to
use Google forms but with a recommendation from Karlstad university to use S&R instead
the change was made. The reasoning was also that Google Forms do not comply with GDPR
and S&R is a better option.
In using an online survey there are aspects to take into consideration when accounting for
reliability and validity of the result.

• The first aspect is: An open survey without a login option.

The survey was done without an obligation to login. The choice of making the survey open
and more susceptible for the respondents was that by locking the survey and demanding a log
in the respondent might have been more unwilling to complete the survey. However, S&R
does save the survey in the cookies section of the web browser which limits the participants
to do the survey one time in the same browser.
Cookies can be deleted and if the user opens the survey in another web browser, they can do
the survey again. The negative aspect of this is that anyone that had the link to the study
could have used it multiple times, this aspect can change the look of the result, and therefore
it is of virtue to be accounted for.

• The second aspect is: With the Internet as an environment.

By doing an online survey people can be affected and disturbed by other things than in a
physical environment such as a lecture hall. The Internet itself and applications on a desktop
pc, laptop, or smartphone can catch the participants' attention and the ability to look up
answers or descriptions about topics in the survey can alter the answer and, in some way,
general knowledge.
This is not a problem that only exists with online surveys, there are opportunities to look up
answers as long as the respondent has access to the Internet when doing a paper survey,
however, when surveying in a browser or an application the respondent is already in the
digital and online environment.
Because of this, the decision to include a description and introduction of IoT in the survey
was taken. The reason for this was to give people some knowledge and hopefully, people did
not feel the urge to research more about IoT during the survey was taken. Some of the
information in the introduction was used in SQ in the survey, this was not a test to see if the
participant had read the introduction, its purpose was still to see what people knew about IoT.

20
 • The third aspect is: Usability and design of the survey
The ease of using an online survey and for the respondents to understand where to click with
was taken into consideration. Difficulty and problems should not affect the respondent, if the
respondent could not figure out the questions or how the survey was supposed to be done in a
digital format the answers might be affected.
By doing two pilot studies the interaction options and readability were tested with
respondents that left feedback which shaped the survey.

In summary, the result of the thesis should be reliable due to actions that have been taken and
the knowledge of reliability aspects.
The result also needs to be valid. Without validity, the resulting data will not represent the
intention of the RQ, therefore the result cannot be reliable if it is not valid.
With working through a fixed design, the result has been anticipated in an early stage by
focusing on the RQ and the scope of the thesis. Robson (2014, p57) means that anticipating
the result enables the susceptible to see the evidence which is contrary to the anticipation.
This means that even with anticipations, an open mind to evidence which does not support
the earlier thoughts is of importance. By ignoring the contrary evidence, the result cannot be
reliable.
By examining and planning into the choice of research method, the selection of respondents,
and the scope of the thesis the result should be truthful and valid. This was also done through
doing pilot studies (3.7) before the survey and gathering of data.

3.6 Ethics
When analyzing and presenting data from the survey, which are based on the respondents'
answers, and ethical effort must be made to ensure that people are represented ethically. This
is because the participants in a study should be protected. Respondents should not be put in
harm's way or be ridiculed. Robson (2014, p75) means that the participant should know what
is expected of them, what the answers will be used for, and that the respondents had a chance
to accept terms on how their personal information will be handled before data is gathered.
The result of the study should not come as a shock for participants, the participants should
have been properly informed from the beginning. If the scope of the research were altered the
participants also need to know of the changes, participants need to be able to withdraw their
earlier given consent if they no longer agree to the research.

3.6.1 Terms and Conditions

The respondents of the main survey had the opportunity to read the Terms and Conditions
before doing the survey, the respondent could then either consent to the terms or decline. The
respondents that declined the terms could not commence on the survey and they were thanked
for their interest.
The respondents who gave their consent continued with the SQ.

The Terms and Conditions consisted of information about which data was gathered and how
the data was processed. The respondent was also informed about how long the data would be
stored and that the data would be deleted at a given date.

21
By doing the survey through S&R, some mandatory information from Karlstad university
was also part of the information.

3.6.2 Handling gathered data

The personal information and answers given by respondents were or will be deleted at the
latest 31 January 2021, this information was part of the Terms and Conditions, and all who
submitted the survey had to accept the terms.
Gathered data was stored through cloud services which are part of S&R software and
framework.

Personal information that was handled consisted of the age of the participants, the alternatives
of stating age were divided into groups, as follows:

• 18-30
• 31-45
• 46-65
• 65+
• Does not want to disclose

In having the option to not disclose the age the respondents of the survey had the opportunity
to be fully anonymous, as no other personal data was gathered.

3.7 Development of survey

This section is about the development of the survey and the piloting process. The pilot was
done to test the SQ with test respondents before the survey and gathering of data for the result
was commenced. This was done to ensure that the survey was easy to understand, use and
that the questions felt relevant to the respondent and the RQ. The respondents of the pilot
study were also able to give feedback on other things than the SQ that bothered them with the
survey.

3.7.1 Pilot
According to Robson (2014, p97), the pilot study is crucial when working with a fixed
design, this helps in designing the method, where the real data gathering is done to go as
smooth as possible. The pilot study is an opportunity for the researcher to test the study
material on participants and get their valuable feedback. Robson means that the researcher
should avoid picking the same respondent during the method, the survey in this case if the
respondent were part of the pilot. This is because the result might be altered, the respondents
are already aware of the study and the method might not be that different from the pilot.
With the response from the pilot, the researcher can alter descriptions or change questions,
but if there would be major issues with the study, the researcher should do around more pilot
studies to see if the issues are fixed before moving forward with gathering data.

22
3.7.2 Result of the first pilot study
The selection of respondents for the pilot study was done by asking friends and relatives to
take the test survey. The pilot study was done in Google Forms and the number of
respondents who took the pilot study was 12.
The pilot was conducted through Swedish.
The reasoning behind using Google Forms for the pilot was due to the initial plan of using
Google Forms for the survey. This meant that the test survey was already done when the
choice to change to S&R was taken, therefore was the pilot done with Google Forms to check
what respondents thought of the questions.
The respondents of the first pilot were not part of the respondents who took the survey.
The test survey, which can be seen in Appendices (8.1), was designed to give respondents the
ability to comment on every question in the test survey. In that way, it was clearer for
respondents on which question they were commenting on and it was easier to read the
feedback.

For example:

Question 1, which is found in Appendices (A.1)

The question is about the age of the respondent and the answers are sorted into different age
groups; the last answer is the option to not state age.
Below the first question is the second question which was an opportunity for the respondent
to leave a comment about the question above. This is how the test survey for the pilot was
designed.
The result of the pilot showed that there were some grammatical errors and that some
questions were not specific enough, and the response options were varied in a way that was
confusing to some respondents.
Another example:

23
Question 5, which is found in Appendices (A.2)

This question is about how much the respondent appreciates their knowledge of IoT devices
between 1 (Do not understand at all) and 5 (fully understands).
One comment from a respondent thought that it was both hard to appreciate the knowledge on
a scale between 1-5 and that the response option through a scale differed from other questions
in the survey which were done through bullet points. The comment suggested that the
questions should be asked in the same way as other questions with prewritten options in
words, the respondent also argued that it would be easier to gather the result if all questions
are asked in the same way.
Robson (2014, p111) means response options which consist of numbers that represent
describing words can be arbitrary because of the difficulty of understanding the value of the
response. Robson gives the example that a 6 can be treated as a value that is twice the amount
of 3. However, the 6 might stand for Very good and the 3 might stand for neither good nor
bad.
In making the responses to the questions prewritten instead of using the scale between 1-5 the
design of the thesis was more coherent and it was clear for the user how to answer the
question, it also resulted in an easier way to see the result as suggested by the comment.

Question 13, which is found in Appendices (A.5)

This question handles how respondents estimate how good the security of IoT devices is. One
respondent was not sure in which way the question was referring to with the word security.
Because of the goal of designing an easy to use survey, the question was tweaked for the
survey and instead asked if the respondent thinks that IoT devices have enough security to
keep their personal information safe. This meant that the response options for the respondents
in the survey were more limited than in the test survey. The respondent was able to answer
‘Yes’, ‘No’, and ‘Do not know’.

24
Question 15, which is found in Appendices (A.5).

This question is asking if the respondent is actively doing measures to secure their personal
information when using IoT devices. Comments on this question showed that respondents
thought that it was hard to answer the question, the reason being that they could not figure out
any measures now. The comments suggested that instead of writing their response,
respondents should be able to choose among prewritten answers. This would enable
respondents to see examples of measures that they might already do but have forgotten about.
The comments showed that several people had this problem with the questions and therefore
the question was redesigned to make it easier for the respondents to answer.

Some respondents also questioned the order of responses that were available in the test study,
e.g.,

• No
• Occasionally
• Do not know
• Often

The order of response options varied on every question, the decision to vary the response
options were consciously made to see what respondents thought of it. The feedback of the
pilot showed that the response options should be in order and look the same on every
question to make the design coherent and clear. Comments also stated that they missed
neutral response options. That resulted in the following order and response option addition.

• Always
• Often
• Occasionally
• Sometimes
• Do not know

3.7.3 Result of the second pilot study

The second pilot was done both in S&R and Google Forms. The reason why Google Forms
was still used was that the questions were the same as in S&R, the survey was already created
in Google Forms framework and ready to send out.

25
The number of responses on the second pilot was 7 and the pilot was accessible through
Swedish and English.

The feedback from the second pilot described that there were still problems with grammar,
the language in the introduction, and the format of some questions. The changes that had been
done since the first pilot were positively met and the respondents were satisfied with the
altered questions and larger width of response options.

The main problem that respondents found was question 5, which is found in Appendices
(B.2)

This question, where the respondent is asked to tick the checkboxes of the statements, they
think are true, e.g., “Smartphone is a Smart device”, was confusing to many respondents. The
feedback showed that respondents got stuck on the question, the reason being that the
respondents thought it was hard to select answers that only are true.
By discussing this with the Supervisor the questions were changed before the survey was sent
out. The result is shown below in English and with S&R instead of Google Forms, which is
found in Appendices (C.2).

26
Appendices (C.2). Question 1 and 6 were the same and was not detected until later during the survey. Question 6
was then removed.

Fixes were also done to the grammar and introduction part of the survey, by switching to
S&R it was easier to include information about personal data gathering and the ability for the
respondent to decline or accept the Terms and Conditions.

3.7.4 The survey

“What is the simplest and easiest way that I can collect the data that I need to get
answers to the research questions?” (Robson in Robson 2014, p.98)

Conducting the method should not be a complicated task, or rather, it should not be
overcomplicated with the gathering of data, the focus should instead be on what is necessary
to be done according to Robson (2014, p98). The gathering should be as easy as possible and
that is achieved by planning. Knowing where to reach out and whom or where to gather data
from, the analysis of the data will be easier.

Robson (2014, p109) mentions that by doing statistics and summaries of quantitative and in
some cases qualitative data it becomes easier for the reader to see and understand the result.
By following a fixed design, the researcher should have already decided on which data was
gathered in an earlier stage and how it would be analyzed according to Robson (2014, p108),
this is something that helps the researcher to have an overview of the analysis process.
Flexible design is usually the contrast to fixed design as mentioned before, the researcher
might not have known what kind of data he/she would get from the research method and how
to analyze it. Robson describes that (2014, p109) analysis of quantitative data can be complex
because of the possibility of large amounts of data present in statistics

27
The result of the survey, which can be found in Empirical result (5), was analyzed in the
following way.

3.7.5 How gathered data was summarized and analyzed

The survey consisted of only radio buttons or checkboxes as response alternatives to the SQ.
This meant that the respondent did not have to write or formulate their answers. This enabled
the analysis of gathered data to go smoother because all data was in the same form of
numbers. The gathered data was qualitative, but it was analyzed through quantitative methods
because of the ease of using statistical diagrams which were more fitting with a survey.

The gathered data were sorted into different categories, this was due to the format of the
questions which allowed respondents to categorize themself. When asked how old the
respondent is, the answer put them in a category, even if they answered, “Does not want to
disclose”. By Robsons (2014, p109) definition of categorical variables, allowed calculating
how many answers that fall into a category. Robson (2014, p110) also means that data can be
analyzed to categories with “Satisfaction ratings” e.g.,

The figure can be found in (C.1)

With the use of categorical variables for all questions, there was no need to analyze and
display through average which is often used with continuous data. Robson (2014, p.114)
describes that this can be avoided by categorizing the answers instead of allowing the
respondent to answer freely, this will make the summarizing and analysis easier because the
data can be managed in the same way for all questions.

By categorizing the data, it enabled the result to be summarized and displayed in tables, bars,
or circle diagrams. By using bars or circle diagrams to display the result it became easier to
understand it and to see the differences between the categories. Displaying the result with a
table would have enabled the result to be combined through displaying and combining
multiple questions in the same table according to Robson (2014, p112), however, this would
have been more complex and the result might not have been as easy to understand. By
displaying in bars, the result can be divided into the SQ and shown one at a time.
There is also a lot of software that helps with converting numbers to bars, and by using S&R,
the summarization and analysis became easier due to the help of the software which enabled
automatic handling and generating of response data.

28
The Empirical Result chapter contains the gathered data which has been summarized and
analyzed. While the results are displayed through bars there is also a summary before each
figure which details the result.
The Analysis chapter contains comparisons between the empirical result and the result of

4. Empirical result
The result was gathered through an online survey done in S&R. The survey was open for two
weeks and posted in Facebook groups and shared through the snowball effect, see (3.3.2).
The survey introduced participants to the basics of IoT through an informative text before the
questions were asked. This was done to avoid confusion about the subject of IoT and to let
each participant have some knowledge before answering questions.
As IoT is a broad and sometimes complex subject, the SQ was designed to let anyone be able
to answer them by not asking for details and lot letting the participants write their answers.

As shown in Figure 4, the number of respondents was 133 and the largest age group with
apprx. 65% (87) were between 18-30 years old.

Figure 4. Age group of respondents

4.1 Peoples knowledge of IoT

This section presents the result of what people know about IoT technology and IoT devices.

4.1.1 Perception of IoT

Question, “Have you heard of the term Internet of Things or IoT before?”.
When people were asked if heard of the term IoT before, 50% (67) answered ‘No’ which is
the majority, 48% (64) said that they have heard of the term IoT before and 2% (2) answered
that they do not know. With only 2 participants answering, ‘Do not know’, the participants
are clear in their answer. (Figure 5)

29
Figure 5. The term IoT

Question, “How well would you appreciate your understanding of IoT technology?”.
35% (46) appreciate that their understanding of IoT technology is ‘Neither good nor bad’.
About 36% (48) appreciate that they understand IoT, and 23% (31) appreciate that they do
not understand IoT. Lastly, the lowest answer measured in percentage did not know with 6%
(8). (Figure 6)

Figure 6. Perception of IoT knowledge

4.1.2 IoT & Smart devices in households

Question, “Do you or someone in your household have a Smart Device?”.
With 83% of respondents (110) answering ‘Yes’, most claim that their household possesses at
least one Smart device. 13% (17) answered ‘No’ and 4% (6) say that they ‘Do not know’ if
they or someone in their household have a Smart device. (Figure 7)

30
Figure 7. IoT ownership

The question “Check one or more options of Smart Devices in your household”, follow up
question to question above if the answer was ‘Yes’.
The result in Figure 8 of this question is based on the result of participants who answered,
‘Yes’ on the previous question, “Do you or someone in your household have a Smart
Device?”. This means that 83% (110) of the total survey respondents took this question.
The most common Smart device category is the Smart media device category, 95% (103)
checked the option Smart media device. The second most common category is Game
consoles with 44% (48) and the third most common category is Voice assistants / Smart
speakers with 29% (32). The least common categories are Smart alarm and Other which both
had 11% (12) who checked these categories.

Figure 8. IoT in homes

4.1.2 Statements about IoT technology

The question “Below are several statements about IoT technology”, consisted of several
statements/questions about IoT and IoT devices where respondents picked ‘Yes’ or ‘No’
when answering.
The result shows that the majority agreed that IoT devices need to be connected to the
internet to work, 70% (93) answered ‘Yes’ and 30% (40) chose ‘No’ on the question “Do IoT
devices need to be connected to the Internet to work?”.

31
Figure 9. Statement: IoT connection

98% (130) answered ‘Yes’ to the question “Can IoT devices collect information about you as
a user?”, 2% (3) answered ‘No’.

Figure 10. Statement: Information collecting

The question “Is a Smartphone an IoT device” had 78% (104) who answered ‘Yes’ and 22%
(29) answered ‘No’. When instead asked, “Is a Smart TV an IoT device?” 88% (117) chose
‘Yes’ as their answer and 12% (16) answered ‘No’.

Figure 11. Statement: Smartphone

32
Figure 12. Statement: Smart TV

51% (68) people do not believe that cloth-based IoT tech exists due to their choice in
answering ‘No’ to the question “Does clothing-based IoT technology exists?”, 49% (65)
answered ‘Yes’. When asked “Do ALL IoT devices need a password to work?” 16% (21)
said ‘Yes’ and 84% (112) said ‘No’.

Figure 13. Statement: Cloth-based IoT

Figure 14. Statement: Password

The question “Can data collection be approved on use with certain IoT devices without the
formal consent of the user?” had 75% answering ‘Yes’ (100), the percentage of ‘No’ answers
was 25% (33).

33
Figure 15. Statement: Approval

The last question was “Can IoT devices talk to other IoT devices on the same network?”,
90% (120) answered ‘Yes’, that IoT devices on the same network can communicate with each
other. 10% (13) do not believe that IoT devices can communicate with each other on the same
network and answer ‘No’.

Figure 16. Statement: Conversations between IoT devices

4.2 Privacy concerns in using IoT devices

This section presents the result of how people appreciate the security of IoT devices, people’s
concerns about sharing private information, and if people are taking actions to protect their
private information.

4.2.1 Perception of privacy concerns

Question, “Have you ever considered security/sharing of private information when using a
Smart Device?”.
The result shows that 41% (54) combined consider the security/sharing of private information
when using Smart devices ‘Often’ or ‘Always’ and 41% (44) sometimes consider their
security. Some fewer people do not consider their security when using Smart devices. 16%
(22) answered ‘Occasionally’, and 2% (3) chose ‘Never’ as their answer.

34
Figure 17. Security/sharing of private information

Question, “Do you consider that IoT devices have sufficient security to protect your personal
data?”.
10% (13) answered ‘Yes’ to the question while 43% (57) answered ‘No’, meaning that a lot
of people think that IoT devices do not have sufficient security. The number how people who
answered ‘Do not know’ is 63 (47%).
The result shows that respondents are uncertain of how well security features in IoT devices
are.

Figure 18. Protecting personal data

Question, “Do you allow Smart Devices to store and/or share your private information with
others?”.
66 people (50%) answered that they ‘Sometimes’ allow Smart Devices to store or share
private information with others. 23% (31) answered ‘No’ and 21% (28) answered ‘Do not
know’.
The response option with the least percentage was ‘Yes’ with 6% (8). This shows that a lot of
people decide when they want to share or store personal information with Smart devices.

35
Figure 19. Store or share private information

4.2.2 Measures taken in protecting the privacy

Question, “Do you take steps to protect your personal information when using IoT devices?”
68 participants (51%) answered ‘No’ which means that a majority do not take steps or
measures to protect their personal information when using IoT devices. 29% (38) answered
‘Yes’ and 20% answered ‘Do not know’ which means that 27 people do not know if they take
actions that ensure a more protected usage of IoT devices.

Figure 20. Take steps to protect privacy

The question “Tick one or more options of actions you take”, follow up question to question
above if the answer was ‘Yes’.
The result of this question is based on the result of participants who answered, ‘Yes’ on the
previous question, “Do you take steps to protect your personal information when using IoT
devices?”. This means that 29% (38) of the total survey respondents took this question.
The most common action in securing personal information when using IoT devices is ‘Do not
provide your location information’ which was chosen by 71% (27). The second most
common action is ‘Uses separate passwords’ with 66% (25) and the third most common
action is ‘Uses VPN’ with 45% (17).
The least common actions in protecting private information are ‘Uses individual networks for
different devices’ and ‘Other’, both with 8% (3).
No response option was not ticked on this question. This shows that respondents are using
different actions to maintain their protection when using IoT devices.

36
Figure 21. Security heightening measures

4.2.3 Security in IoT devices

The question “Do you know that IoT devices need to be constantly updated to continue to
have current protection?”
47% (62) answered ‘Yes’ that they are aware that updates are needed for IoT devices to
continue to have stable and current protection. With 32% (43) answering ‘No’ and 21% (28)
answering ‘Do not know’.

Figure 22. IoT software updates

The question “Do you know that many IoT devices whose manufacturer went bankrupt or
shut down no longer receive security updates?”
The response to this question resulted in 49% (65) answering ‘No’.
The percentage who answered ‘Yes’ is 23% (30), 28% (38) answered ‘Do not know’ that IoT
devices might not receive updates if the manufacturer is not around anymore.

Figure 23. Manufacturers of IoT devices

37
5. Analysis
This section accounts for the analysis of the empirical result.
The analysis was done by examining the result and by comparing it to other studies which are
mentioned in the theory chapter (see 2.9).

5.1 Age group

The majority of participants (65%) who took the survey state that they belong to the age
group 18-30 years old. The probable reason for this is the fact that the survey was posted in
two groups on Facebook. One group “Dem kallar oss studenter” consists of students
belonging to Örebro university.

According to Ekonomifakta (2020) and the OECD which is an organization created after
World War II to support the rebuilding of Europe, the average age of Swedish students is:

• At age 24, students start their university education.

• Age 28, students who examine from the university.
Data from 2018

The survey was also shared among friends where the majority are between 18-30 years old.
The friends were urged to not take the survey themselves and instead asked to share the
survey with friends and families to take the survey and continue the spread of the survey. The
probability that friends shared with friends that also were 18-30 years old is big.

The result corresponds to Allirol-Molin & Gashi (2017) where the largest age group is
between 18-34 years.

5.2 IoT knowledge

According to the result of this research 64 (48%) of 133 respondents say that they have heard
of the term IoT before taking the survey. The result falls just short of 50% and the majority of
participants (50.5%) state that they have not heard of the term IoT before taking the survey.
Allirol-Molin & Gashi (2017) asked a similar question in their survey, the question was
phrased “Do you know about/have heard of the term Internet of Things?”, 90% answered
‘Yes’ and 10% answered ‘No’. The question asked by Allirol-Molin & Gashi (2017) was
followed by asking how well the respondent’s knowledge of IoT were, 19% answered that
they fully understand IoT, 48% said that they have some knowledge of IoT, 29% answered
that they know a little of IoT and rest said that they did not know anything of IoT. The result
of Allirol-Molin & Gashi (2017) shows that most have heard of the term IoT before and that
the majority understand IoT tech in some capacity. According to Metova (2019), less than
25% fully understand IoT which corresponds with Allirol-Molin & Gashi (2017) but not with
Pescatore (2014).
Pescatore's (2014) survey describes that 58% fully understand IoT, at the same time,
Pescatore state that the participants who took the survey were likely well experienced in IoT
and if the survey sampling were broader the result would probably show that fewer people
understand IoT. This is something that Allirol-Molin & Gashi (2017) also mentions, their

38
pilot study resulted in 32% of respondents answering that they ‘Have not heard of the term
IoT’. According to Allirol-Molin & Gashi, they believe that if they had done broader research
the result would have shown less understanding of IoT from respondents.
The percent of people who appreciate their understanding of IoT as Very Good (7%, 9) in this
research falls short of the result of other studies e.g., Metova (2019), Allirol-Molin & Gashi
(2017), and Pescatore (2014). The result might have been different if there was a larger
spread among the age group of participants.
When asked if IoT devices can collect information about the user of the device an
overwhelming percent (98%, 130) answered ‘Yes’ which shows that people do believe that
devices can collect information about users.
IoT devices are equipped with sensors that can gather information about users (See 2.4).
The majority believe that Smartphones are IoT devices due to 104 (78%) answering ‘Yes’
that Smartphones are IoT devices. IoT devices are physical products that did not have an
internet connection before and can be controlled by other sources (See 2.4). One of these
sources are Smartphones which acts as a controller for e.g., Smart Alarms, Smart Tv, Smart
lights, and so on. Therefore, are Smartphones usually not considered as IoT devices due to
their role of being a controller.
When people were instead asked if a Smart Tv is an IoT device, 117 (88%) said ‘Yes’.
Opposite to the Smartphone, Smart Tv is considered as an IoT device due to its somewhat
new ability to connect to the internet and be controlled by other sources such as the
Smartphone.
According to Allirol-Molin & Gashi (2017) people often accept Terms & Conditions when
using IoT devices without knowing what kind of data that they are accepting to share. When
people who took part in this research were asked if data collection can be approved when
using IoT devices without giving formal consent 75% (100) said ‘Yes’. This means that a lot
of people know that they are accepting that their information is gathered when using IoT
devices, it is however unknown to which extent people know which kind of data are collected
and if people read Terms & Conditions afterward. As Allirol-Molin & Gashi (2017) states a
lot of people do accept the Terms & Conditions, the probability that people are aware of
which data is gathered is low.

5.3 Smart devices and ownership

110 people (83%) answered ‘Yes’ that they or someone in their household owns a Smart
device, 17 (13%) answered ‘No’. This shows that most in this research know if they or
someone in their household owns a Smart device. Metova (2019) reports that nearly 75% of
people own an IoT device, this corresponds to the result of the thesis. The one exception is
that according to Metova, it is the number of people who own IoT devices while this thesis
also accounts for households.
Kumar et al. (2019) report that more than 70% of households in North America (NA) have at
least one IoT device and 57% of households in Western Europe (WE) possess an IoT device.
While Metova is an American company it does not state where their customers are based,
however, the number of people who own IoT devices according to Metova (2019) is in line
with what Kumar et al. (2019) show in regard to household possessing of IoT devices in NA.
The result of how many people who own IoT devices in this thesis does not correspond to
Kumar et al. regarding WE, the probability that most participants who took the survey for this

39
research are based in WE are high. There might be some people outside of WE because the
survey was available in English, was posted in the Facebook group “Survey Sharing 2020”
which had users of different nationalities (see 3.3.2), and that the survey was shared through
the snowball effect.
• 110 (83%) of 133 answered that they or someone in their household owns an IoT
device.
• 104 (94.5%) of 110 owns a Smart media device
• 48 (43.5%) of 110 owns a Game console
• 32 (29%) of 110 owns a Voice assistant or Smart speaker. 12 (11%) of 110
owns Smart alarms.
• 12 (11%) of 110 owns “Other” Smart devices that were not present to choose from.
The result is referencing survey answers among respondents in this research.

Kumar et al. (2019) report that the largest IoT device category in WE and NA is Media/Tv
with 40 % (WE) and 43% (NA). According to Metova (2019) 75% stream content on
connected TVs which shows that IoT devices in the media category are common products in
households in at least NA.
While Game consoles and Voice assistants or Smart speakers in this research are the second
and third most common category of Smart devices Kumar et al. (2019) show that 7.5% of
households in WE own game consoles and 2% of households own Voice assistants. This
thesis has bundled Voice assistants and smart speakers in the same category while Kumar et
al (2019) puts Smart speakers in their Media/Tv category. Kumar et al (2019) also report that
4% of households in WE own Surveillance IoT systems which is less than the result of this
thesis (11%).

5.4 Privacy concerns

A lot of people who conducted this survey consider their security or sharing of private
information when using IoT devices to some extent, the largest spread is divided between:
• 40.5% sometimes consider their security/sharing.
• 32.5% often consider their security/sharing.
8% always consider their security/sharing.
The rest is divided between
• 16.5% occasionally consider their security/sharing.
2.5% never consider their security/sharing.
According to Metova (2019), almost 90% of consumers consider their privacy when using
IoT devices and are concerned about sharing their private information. The result which
Metova reports are not clear on which level consumers concerns are, the result of people who
consider their privacy ‘Sometimes’, ‘Often’, and ‘Always’ combined in this thesis is 81%
which is close to the result of Metova (2019). As the response option ‘Sometimes’ gathered
most responses divided between response options the result cannot be compared to Metova
(2019) without question the reliability of which level of concerns that are part of Metova
(2019).
When people were asked in this research if IoT devices have sufficient security to protect
their data, 63 people (47%) answered that they are ‘Unsure’, 43% (57) answered ‘No’ and

40
10% (13) answered ‘Yes’ which means that a lot of people are unsure of how well the
security of IoT devices are. According to Allirol-Molin & Gashi (2017), who asked their
participants to grade their perception of how sufficient security on IoT devices are between 1
(Not safe at all) and 5 (Very safe), 42% consider the security to be ‘Neither good nor bad’,
44% ‘Do not think’ that IoT devices have sufficient security and 13% appreciate that IoT
devices are safe.
This means that a lot of people according to Allirol-Molin & Gashi (2017) are unsure,
regarding percent answering, ‘Neither good nor bad’, if IoT devices have good security and a
large portion do not think that IoT devices have sufficient security which corresponds with
the result of this research.
The result of Allirol-Molin & Gashi (2017) shows that people are unsure if they trust IoT
devices to store private information, 45% answered that they might trust IoT devices enough,
35.5% answered that they do not trust IoT devices to store information and 19.5% answered
that they do trust IoT devices to store private information.
When people were asked in this research if they allow IoT devices to store or share their
private information, 49.5% (66) answered that they ‘Sometimes’ allow IoT devices, 23.5%
(31) answered ‘No’, 21% (28) answered ‘Do not know’ and 6% (8) answered ‘Yes’. The
question is asked in a different way to the question asked by Allirol-Molin & Gashi (2017),
however, the result shows some similarities between the result as most people ‘Might’ or
‘Sometimes’ store and share their information with IoT devices. With differences between
how many people said ‘No’ and ‘Yes’ between this research and Allirol-Molin & Gashi
(2017), the reason might lie in the response options that differed between studies or the
formulation of the questions itself.

5.5 Security heightening actions

38 (28.5%) people according to this research ‘Take steps’ to protect their personal
information when using IoT devices, 51.5% (68) answered that they ‘Do not’ take actions to
protect their data and 20.5% ‘Do not know’ if they take measures to protect their privacy
when using IoT devices. Allirol-Molin & Gashi (2017) show that when people were asked if
they know how to keep their IoT devices secure and prevent that their personal information
ends up in the wrong ends, 48% answered ‘No’, 42% answered ‘Maybe’ and 10% answered
‘Yes’.
A large portion of people answered ‘No’ (48%) that they do not know how to secure their IoT
devices according to Allirol-Molin & Gashi (2017) and similar that people ‘Do not take
actions’ (51.5%) to protect their privacy in this research. The people who answered ‘No’ in
Allirol-Molin & Gashi (2017) can correspond to the people who answered that they ‘Do not
take’ actions in this thesis.
Allirol-Molin & Gashi (2017) asked respondents what they do to protect their private
information when using IoT devices, respondents answered by writing what kind of actions
they take. While the response rate to the question asked by Allirol-Molin & Gashi, which was
not mandatory, was low, it corresponds to the number of people who answered that they
know how to protect their privacy when using IoT devices (10%). According to Allirol-Molin
& Gashi (2017), two people answered that they cryptate data but not how one answered that
they use antivirus software and one that they only use HTTPS.
With 38 of 133 people in this research taking steps to protect their personal information, 71%
(27) of them answered that they ‘Do not provide their location information’, 66% (25) claim

41
that they ‘Use separate passwords’ and 45% (17) that they ‘Use VPN’. The question urged
people who answered ‘Yes’, to the question if they take steps to protect their privacy when
using IoT devise, to tick the response options of actions that each person’s take. The
respondents in this research were not able to write their answer, as respondents in
AllirolMolin & Gashi (2017) were asked to do, and if no response choice corresponded to
their actions, they were able to choose ‘Other’ which was chosen by 3 people (8%).

5.6 Security software in IoT devices

According to Pescatore (2014), 31% think that the greatest threat to IoT devices in the next
coming 5 years is the difficulty of patching IoT devices and leaving them vulnerable due to
fewer security updates.
When people in this research were asked if they know that IoT devices need to be constantly
updated to have current protection, 47% answered ‘Yes’, 33% answered ‘No’ and 21%
answered ‘Do not know’. This means that many respondents are aware that IoT devices need
to be updated and know that there might be a problem if devices do not get new updates.
Pescatore (2014) shows that 49% think that IoT devices will have the same security problems
as other applications or systems have today and 17% think IoT will be a “security disaster”.
As mentioned in (see 5.4) a lot of participants are aware of the security risks involving
sharing of private information when using IoT devices, many respondents also know that it is
important to have current protection and the latest updates on their IoT devices.
One thing that participants in this research were not aware of is that many IoT devices whose
manufacturers went bankrupt or shut down are not updated anymore and therefore are more
vulnerable due to their lack of security updates. 39% answered ‘No’, that they do not know
that some IoT devices will not get security updates anymore, 28.5% answered that they ‘Do
not know’ and 22.5% answered ‘Yes’. While most respondents are aware that updates are
needed, they do not know that some IoT devices whose manufacturers shut down are no
longer getting security updates. According to Kumar et al. (2019), 90% of all IoT devices are
manufactured by a total of 100 vendors where large companies e.g., Samsung, HP, or Apple
dominate the market.
With most IoT devices manufactured by a quite small market, the risk of possessing IoT
devices from bankrupt manufacturers is not high, however, even larger manufacturers can
leave products behind and stop supporting them in favor of new products.

6. Discussion & conclusion

This chapter contains discussions about the result of the thesis, the method that was used, and
a reflection of supported theory.
It also contains future work and the conclusion which wraps the research and shows the
answers to the RQ.

6.1 Discussion of the result

The result shows that a lot of respondents to this research consider their privacy when using
IoT devices, at the same time a majority ‘Do not’ take actions to ensure a safer usage of IoT

42
devices. This also corresponds to the fact that 47.5% ‘Do not know’ if IoT devices have
sufficient security, with low understanding users might not know which actions can be made
or they might not consider taking actions in the first place. However, there is also a large
portion (43%) who answered that they ‘Do not think’ that IoT devices have good enough
security, the percent who takes actions to protect their privacy can be regarded as very low
due to the uncertainty of security in IoT devices among participants.
A fifth of respondents in this research answered that they do not know if they take steps to
protect personal information, this number might represent some of the respondents who are
‘Unsure’ what IoT devices are and respondents ‘Who do not know’ if IoT devices are secure.
If participants would have seen examples of security heightening measures before answering
if they take steps to protect their information more respondents might have answered ‘Yes’ or
‘No’ instead of ‘Do not know’.
A majority (50.5%, 67) have not heard of the term IoT before the survey was taken, however,
110 respondents (83%) have a Smart device in their households, this number is high due to
the percent (48%, 64) who have heard of the term IoT before. From a consumer level, the
term IoT is seldom used and products are often associated as Smart which can be seen from
the result.
The smartphone was not a response option when asked to tick which kind of category the IoT
devices in their homes belong to, this was a choice since Smartphones are not considered as
IoT devices. Even without the choice of smartphones, 94.5% (104) of the total 83% (110)
checked the ‘Smart media device category’ and only 11% (12) checked ‘Other’ which might
stand for smartphones. The ‘Smart media device category’ was explained to include products
e.g., Chromecast or Apple Tv. Some might have included Smart speakers in this category due
to the media aspect even if Smart speakers were included as a response option together with
‘Voice Assistant’. In retrospect, it would have been clearer to include Smart speakers in the
‘Smart media device category’ and have ‘Voice Assistant’ as a single and isolated category.
In the analysis chapter (see 5.5), comparisons between this research and Allirol-Molin &
Gashi (2017) were made due to both studies asking what kinds of actions people take to
protect their personal information. Allirol-Molin & Gashi (2017) let respondents write their
answers which might have affected users’ answers, which was seen in the pilot in this
research (see 3.7.2), where people left feedback that described that they had problems in
writing their answer due to the difficulty of think of an answer. If Allirol-Molin & Gashi
(2017) had used response options or vice versa for this thesis there might have been a
different result that could have been compared.
6.2 Method discussion
The method part was done in a way that is supposed to be clear for readers and easy to repeat
by others. Therefore, aspects such as design and chosen method were explained through
comparing the pros and cons and discussing other design principles to show which aspects
were taken into consideration.
The survey was built according to RQ and the theory. The survey was tested through pilot
studies before the survey was sent out. The pilot tests were done in Google Forms which still
enabled feedback on the questions, it did, however, take time from the survey which was only
done through S&R. As both software’s can be used in different ways S&R enabled
subquestions that appeared depending on answers on previous questions. If S&R had been
used in an earlier stage more valuable feedback could have been collected.

43
The result of the research could have been different depending on a more varied difference in
age of respondents. As the selection of respondents was done through Facebook groups,
where one only consists of students, and by sharing the survey with friends who then
continued to spread the survey the age group was more limited to younger participants. If
more work had been put into collecting participants, the age groups could have had a larger
spread. While limitations such as time and due to the pandemic COVID-19 were an obstacle
to gather respondents there might have been a different way of reaching out to respondents
and end up with a more generalizable result.
The data that was gathered ended up as qualitative data which contained opinions of
respondents, though surveys usually gather quantitative data that represent numbers. The data
that was gathered can be described as both quantitative and qualitative as the survey is a
quantitative survey with qualitative implementations. The data were summarized by
following a quantitative method where the result was showed in bars. The mixed data was
easiest summarized into categories instead of using figures which might have
overcomplicated the displaying for some. If a qualitative method would have been used to
summarize the result it would have been unnecessary work due to the ease and natural way of
sorting the data into categories.
The result might also have been affected due to the formulation of questions where some
included IoT and some Smart devices, even if Smart devices belong to IoT most are probably
more used to the term Smart.

6.3 Theory reflection

The supported theory that was used introduced IoT and tech that enables it, there was also a
part where the security of IoT devices was discussed and regulations which controls how
manufacturers and customers handle IoT devices. Even with regulations and Terms &
Conditions which informs how data is stored and gathered much responsibility falls into the
hands of the users.
Prior studies on the topic were hard to come by. Some of the studies focused on different
parts of IoT and/or had a scope that limited the participants to consumers, work employees in
different sectors, or only friends and family members. The prior studies which were chosen
and are part of the theory chapter all had some aspects of their result which corresponded
with the scope of this thesis.
The research done by Metova (2019) consists of data that is well suited in the analysis
between this research and Metova. However, the problem does not lie in the result but in the
reliability of the result presented by Metova (2019). The result of Metova (2019) can only be
found on Metova’s website through an infographic. The infographic does not state where the
customers (customers to Metova’s products) are based, while Metova is an American
company their customers might be stationed around the world. The details of how the
research was done and age representation were also missing from the infographic. (Two
emails were sent to Metova asking for more details about their study, no response was
received.
While the infographic about Metova (2019) was lacking in detail the research done by
Pescatore (2014) was not, however, the reliability of the result shown by Pescatore (2014)
can also be questioned due to a high representation of people who had experience in working
with IoT. According to Pescatore (2014), the research was also aimed to examine workplaces

44
and businesses, and the result is not pointing to general knowledge or something alike.
Comparisons between Pescatore and this thesis was still done due to similarity in SQ and that
it was hard to find relevant prior studies on the subject.

6.3.1 Future work

The fact that the majority do not take steps to protect their privacy when using IoT devices is
a topic that can further be studied. Due to the number of participants who have considered
their security when using Smart devices and that many do not think that IoT devices have
reliable security features, the percent of 28.5% who take measures to ensure safer usage is
low. A study more focused on this might give a different result.
The result also shows that the term IoT is not commonly used, instead it seems that the term
Smart device is more familiar among people. A study on this topic would be of interest and
show how common or uncommon the two different terms are.

6.4 Conclusion
So, now it is time to look at the research questions and try to anser them from the analysis and
discussion above.

RQ 1. Have people heard about the term IoT?

RQ 2. What do people know about IoT?
RQ 3. Are people concerned about their privacy when using IoT devices?
RQ 4. Are people using measures to protect their privacy when using IoT devices?

Probably many people have not heard about this term to judge from the results of this survey.
About 50 % of the participants have not heard about the term IoT before; however, most
know what Smart devices are because most have answered that their household owns at least
one smart device. The result also shows that a lot of respondents consider that IoT devices do
not have sufficient security measures or are unsure about how to secure IoT devices are. Even
though many participants do not think that IoT devices are secure enough, the majority still
do not use measures to secure their privacy when using IoT devices. According to the results,
a majority of participants do not know much about the term IoT, but when asked about Smart
devices respondents seem to have more knowledge to share.
Summarized, even if many people have most likely not heard of the term IoT before, a lot of
them probably would appreciate their understanding of IoT tech as good. Probably, many
people have considered their sharing of private information when using Smart devices
although many do not use measures to enhance their security which sounds contradictory and
can be further researched.

45
Bibliography
Allirol-Molin, S., Gashi, X. (2017) Internet of Things - risker, integritet och möjligheter till
skydd. Fakulteten för teknik och samhälle Datavetenskap: Malmö Högskola.

Al-Mutawa, R, F., Eassa, F, A. (2020) A Smart Home System based on Internet of

Things. International Journal of Advanced Computer Science and Applications, 11 (2),
260267.

Duffy, J. (2016) The internet of things | Jordan Duffy | TEDxSouthBank [YouTube]

https://www.youtube.com/watch?v=mzy84Vb_Gxk [2020-09-05]

Ekonomifakta (2020). Examensålder. https://www.ekonomifakta.se/fakta/utbildning-och-

forskning/utbildningsniva/examensalder/ [2020-10-08]

Ericsson (2010). CEO to shareholders: 50 billion connections 2020.

https://www.ericsson.com/en/press-releases/2010/4/ceo-to-shareholders-50-billionconnections-
2020 [2020-09-21]

Ericsson (2015) Ericsson Mobility Report: 70 percent of the world’s population using
smartphones by 2020 https://www.ericsson.com/en/press-releases/2015/6/ericsson-
mobilityreport-70-percent-of-worlds-population-using-smartphones-by-2020 [2020-09-21]

Fu, K., Kohno, T., Lopresti, D., Mynatt, E., Nahrstedt, K., Patel, S., Richardson, D., Zorn,
B. (2017). Safety, Security, and the Privacy Threats Posed by Accelerating Trends in the
Internet of Things. A Computing Community Consortium (CCC) white paper.
http://arxiv.org/abs/2008.00017 [2020-10-19]

Holler, J., Tsiatsis, V., Mulligan, C., Karnouskos, S., Avesand., S, Boyle, D. (2014). From
machine-to-machine to the Internet of Things - Introduction to a New Age of Intelligence.
Burlington: Academic Press.

Hougland, B. (2014) What is the Internet of Things? And why should you care? | Benson
Hougland | TEDxTemecula [YouTube] https://www.youtube.com/watch?v=_AlcRoqS65E
[2020-10-05]

Kumar, D., Shen, K., Case, B., Garg, D., Alperovich, G., Kuznetsov, D., Gupta, R.,
Durumeric, Z. (2019). All Things Considered: An Analysis of IoT Devices on Home
Networks. Paper included in the Proceedings of the 28th USENIX Security Symposium.
Santa Clara, California, USA, August 14-16.
https://www.usenix.org/system/files/sec19-kumar-deepak_0.pdf [2020-10-13]

Goldkuhl, G. (2011). Kunskapande. Linköpings universitet: Forskningsgruppen VITS

Institutionen för ekonomisk och industriell utveckling.

Metova (2018) Infographic - The Internet of Things

https://metova.com/infographic-the-internet-of-things/ [2020-09-21]

46
Metova (2019) Infographic: Trends in IoT- 2018 vs 2019 Consumer Survey Result
https://metova.com/infographic-trends-in-iot-2018-vs-2019-consumer-survey-results/
[202009-22]

Pescatore, J. (2014). Securing the Internet of Things Survey. Sans Institute: Information
Security Reading Room.

Robson, C. (2014) How to do a research project - A guide for undergraduate students. John Wiley
And Sons Ltd.

United Nation. (UN). (1948). Revision of World Urbanization Prospects.

https://population.un.org/wup/ [2020-09-19]

Weber, R, H. (2015). Internet of things: Privacy issues revisited. Computer Law & Security
Review, 31 (5), 618-627.

Xiang, W. (2018) Internet of Things is Now and Future | Wei Xiang | TEDxJCUCarins
[YouTube] https://www.youtube.com/watch?v=Nl-Qk2iC1JI [2020-10-07]

47
Appendices Appendix A
The first pilot study was done in Google Forms and only in Swedish.

A.1 First image of the first pilot study

A.2 Second image of the pilot survey

48
49
A.3 Third image of the first pilot study

50
A.4 Fourth image of the first pilot study

51
A.5 Fifth image of the first pilot study

52
A.6 Sixth image of the first pilot study

Appendix B
The second pilot study was done in both Google Forms and S&R with Swedish and English
as chose able language. The images are from Google Forms and in Swedish.

53
B.1 First image of the second pilot study

54
B.2 Second image of the second pilot study

55
B.3 Third image of the second pilot study

56
B.4 Fourth image of the second pilot study

57
B.5 Fifth image of the second pilot study

Appendix C
The survey was done in both Swedish and English and the software that was used was S&R.

58
C.1 First image of the survey

59
C.2 Second image of the survey

60
C.3 Third image of the survey

61