Notes on Google’s HTTPS Usage report

On Friday’s reading list I linked to Google’s HTTPS Usage report which said that

Secure web browsing through HTTPS is becoming the norm. Desktop users load more than half of the pages they view over HTTPS and spend two-thirds of their time on HTTPS pages. HTTPS is less prevalent on mobile devices, but we see an upward trend there, too.

(The report is undated, but as the data continues after October 2016, I assume it’s current. As an aside, please put dates on research and stats you publish!)

Erik Isaksen tweeted me asking “I’m wondering why ‘especially on desktop”. I replied with my speculations, reproduced here in longer form :

Despite the rise in mobile use, desktop numbers aren’t declining, and perhaps many people do as I do: I might search and compare products on my mobile, but I actually do the purchases on my desktop machine. It’s a lot easier to type on a full-sized keyboard than a virtual keyboard, and purchases on the web are still laborious. I doubt it’s just me; generally, users abandon mobile purchases twice as often as desktop purchases. (That figure is from Google’s tutorial on the Payment Request API. I’m eagerly awaiting completion of Opera’s implementation.)

Similarly, I never do online banking on my mobile, I always use my desktop machine which has a direct line into it. (Even though I know that my bank’s website is HTTPS. But when I visit my branch, I notice their internal systems are all using IE6…)

It’s also worth bearing in mind that many of the regions that are mobile-first are home to large populations of unbanked people, or populations who don’t use credit cards much. There’s a lot less imperative to offer local websites securely when there is no money changing hands through them, while the services that are popular everywhere (Gmail, Facebook etc) are already HTTPS.

I’m told that HTTPS is comparatively expensive for site owners in the developing economies, and advertising revenues are declining as more and more people use Ad-blockers: 36% of smartphone users in Asia-Pacific use ad-blockers; two-thirds of people in India and Indonesia (source) and statistics from Opera’s built-inn ad-blocker shows that Indonesia has the most ads blocked per person in the region.

I suppose the crux of my speculation is: do people perform different kinds of tasks on mobile and desktop? Some tasks – banking, purchasing – require more convoluted input and are thus more suited to desktop devices with a full-sized keyboard, and such tasks are performed on HTTPS sites.

But this is only speculation. Anyone have any hard data on why HTTPS is more prevalent on desktop than mobile?

8 November 2016: Amelia Bellamy-Royds suggested on Twitter “No hard data, but my guess: secure websites for social media, email, etc., are replaced by native apps on mobile.” This certainly maps to my own experience, as I used the Gmail and Twitter apps on Android.

One Response to “ Notes on Google’s HTTPS Usage report ”

Comment by Charlie

A lot of http requests from mobile will be “invisible” to the user as they are from http-views inside apps where the user, handily, cannot force or check https. This alone will skew the figures.

Otherwise, I agree that use patterns are different: mobile use is much more based around consumption, though the boundaries might be difficult to discern in some cases.

As for online banking: I can only underline your position and advise against any system where the bank doesn’t agree to underwrite the risk. I use HBCI.

Leave a Reply

HTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> . To display code, manually escape it.