Abstract
While online developer forums are major resources of knowledge for application developers, their roles in promoting better privacy practices remain underexplored. In this paper, we conducted a qualitative analysis of a sample of 207 threads (4772 unique posts) mentioning different forms of personal data from the /r/androiddev forum on Reddit. We started with bottom-up open coding on the sampled posts to develop a typology of discussions about personal data use and conducted follow-up analyses to understand what types of posts elicited in-depth discussions on privacy issues or mentioned risky data practices. Our results show that Android developers rarely discussed privacy concerns when talking about a specific app design or implementation problem, but often had active discussions around privacy when stimulated by certain external events representing new privacy-enhancing restrictions from the Android operating system, app store policies, or privacy laws. Developers often felt these restrictions could cause considerable cost yet fail to generate any compelling benefit for themselves. Given these results, we present a set of suggestions for Android OS and the app store to design more effective methods to enhance privacy, and for developer forums(e.g., /r/androiddev) to encourage more in-depth privacy discussions and nudge developers to think more about privacy.
- 2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA. https://www.usenix.org/conference/usenixsecurity20/presentation/andowGoogle Scholar
- 2020. Art. 4 GDPR ' Definitions | General Data Protection Regulation (GDPR). http://web.archive.org/web/20200530095018/https://gdpr-info.eu/art-4-gdpr/. (Accessed on 05/30/2020).Google Scholar
- 2020. Fair Information Practice Principles. http://web.archive.org/web/20200309081014/https://iapp.org/resources/article/fair-information-practices/. (Accessed on 05/31/2020).Google Scholar
- Rabe Abdalkareem, Emad Shihab, and Juergen Rilling. 2017. What Do Developers Use the Crowd For? A Study Using Stack Overflow. IEEE Software, Vol. 34, 2 (mar 2017), 53--60. https://doi.org/10.1109/ms.2017.31Google Scholar
Digital Library
- Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining Apps for Abnormal Usage of Sensitive Data. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. IEEE. https://doi.org/10.1109/icse.2015.61Google Scholar
- Alberto Bacchelli, Luca Ponzanelli, and Michele Lanza. 2012. Harnessing Stack Overflow for the IDE. In 2012 Third International Workshop on Recommendation Systems for Software Engineering (RSSE). IEEE. https://doi.org/10.1109/rsse.2012.6233404Google Scholar
- Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, and Lorrie Faith Cranor. 2014. The Privacy and Security Behaviors of Smartphone App Developers. In Proceedings 2014 Workshop on Usable Security. Internet Society. https://doi.org/10.14722/usec.2014.23006Google Scholar
Cross Ref
- Anton Barua, Stephen W. Thomas, and Ahmed E. Hassan. 2012. What are developers talking about? An analysis of topics and trends in Stack Overflow. Empirical Software Engineering, Vol. 19, 3 (nov 2012), 619--654. https://doi.org/10.1007/s10664-012-9231-yGoogle Scholar
- Helena Bé jar and Slssela Bok. 1987. "Secrets" (On the Ethics of Concealment and Revelation). Reis 37 (1987), 248. https://doi.org/10.2307/40183271Google Scholar
- Joel Brandt, Philip J. Guo, Joel Lewenstein, Mira Dontcheva, and Scott R. Klemmer. 2009. Two studies of opportunistic programming: interleaving web foraging, learning, and writing code. In Proceedings of the 27th international conference on Human factors in computing systems - CHI 09. ACM Press. https://doi.org/10.1145/1518701.1518944Google Scholar
- Saksham Chitkara, Nishad Gothoskar, Suhas Harish, Jason I. Hong, and Yuvraj Agarwal. 2017. Does this App Really Need My Location?: Context-Aware Privacy Management for Smartphones. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Vol. 1, 3 (sep 2017), 1--22. https://doi.org/10.1145/3132029Google Scholar
Digital Library
- Norman K Denzin and Yvonna S Lincoln. 2008. Strategies of qualitative inquiry. Vol. 2. Sage.Google Scholar
- Felix Fischer, Konstantin Bottinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, and Sascha Fahl. 2017. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE. https://doi.org/10.1109/sp.2017.31Google Scholar
Cross Ref
- BJ Fogg. 2009. A behavior model for persuasive design. In Proceedings of the 4th International Conference on Persuasive Technology - Persuasive '09. ACM Press. https://doi.org/10.1145/1541948.1541999Google Scholar
Digital Library
- Daniel Greene and Katie Shilton. 2017. Platform privacies: Governance, collaboration, and the different meanings of textquotedblleftprivacytextquotedblright in iOS and Android development. New Media & Society, Vol. 20, 4 (apr 2017), 1640--1657. https://doi.org/10.1177/1461444817702397Google Scholar
- Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. "It's a scavenger hunt": Usability of Websites' Opt-Out and Data Deletion Choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3313831.3376511Google Scholar
Digital Library
- Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2017. Privacy by designers: software developers' privacy mindset. Empirical Software Engineering, Vol. 23, 1 (apr 2017), 259--289. https://doi.org/10.1007/s10664-017--9517--1Google Scholar
- David Halpern. 2015. Inside the nudge unit: How small changes can make a big difference. Random House.Google Scholar
- Junxiao Han, Emad Shihab, Zhiyuan Wan, Shuiguang Deng, and Xin Xia. 2020. What do Programmers Discuss about Deep Learning Frameworks. Empirical Software Engineering, Vol. 25, 4 (apr 2020), 2694--2747. https://doi.org/10.1007/s10664-020-09819-6Google Scholar
Cross Ref
- Tianshi Li, Yuvraj Agarwal, and Jason I. Hong. 2018. Coconut: An IDE Plugin for Developing Privacy-Friendly Apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Vol. 2, 4 (dec 2018), 1--35. https://doi.org/10.1145/3287056Google Scholar
Digital Library
- Jialiu Lin, Norman Sadeh, Shahriyar Amini, Janne Lindqvist, Jason I. Hong, and Joy Zhang. 2012. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing - UbiComp textquote'12. ACM Press. https://doi.org/10.1145/2370216.2370290Google Scholar
Digital Library
- Mario Linares-Vasquez, Bogdan Dit, and Denys Poshyvanyk. 2013. An exploratory analysis of mobile development issues using stack overflow. In 2013 10th Working Conference on Mining Software Repositories (MSR). IEEE. https://doi.org/10.1109/msr.2013.6624014Google Scholar
Cross Ref
- Xueqing Liu, Yue Leng, Wei Yang, Wenyu Wang, Chengxiang Zhai, and Tao Xie. 2018. A Large-Scale Empirical Study on Android Runtime-Permission Rationale Messages. In 2018 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC). IEEE. https://doi.org/10.1109/vlhcc.2018.8506574Google Scholar
Cross Ref
- Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang. 2015. Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting. In Proceedings 2015 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2015.23287Google Scholar
Cross Ref
- Helen Nissenbaum. 2009. Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.Google Scholar
Digital Library
- Sai Teja Peddinti, Igor Bilogrevic, Nina Taft, Martin Pelikan, Ú lfar Erlingsson, Pauline Anthonysamy, and Giles Hogben. 2019. Reducing Permission Requests in Mobile Apps. In Proceedings of the Internet Measurement Conference. ACM. https://doi.org/10.1145/3355369.3355584Google Scholar
Digital Library
- Johnny Salda na. 2015. The coding manual for qualitative researchers. Sage.Google Scholar
- Ferdinand David Schoeman. 1984. Philosophical dimensions of privacy: An anthology. Cambridge University Press.Google Scholar
- Awanthika Senarath and Nalin A. G. Arachchilage. 2018. Why developers cannot embed privacy into software systems?: An empirical investigation. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 - EASEtextquote'18. ACM Press. https://doi.org/10.1145/3210459.3210484Google Scholar
- Swapneel Sheth, Gail Kaiser, and Walid Maalej. 2014. Us and them: a study of privacy requirements across north america, asia, and europe. In Proceedings of the 36th International Conference on Software Engineering - ICSE 2014. ACM Press. https://doi.org/10.1145/2568225.2568244Google Scholar
Digital Library
- Mohammad Tahaei, Kami Vaniea, and Naomi Saphra. 2020. Understanding Privacy-Related Questions on Stack Overflow. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3313831.3376768Google Scholar
Digital Library
- Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. 2019. (Un)informed Consent: Studying GDPR Consent Notices in the Field. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3354212Google Scholar
Digital Library
- Bogdan Vasilescu, Vladimir Filkov, and Alexander Serebrenik. 2013. StackOverflow and GitHub: Associations between Software Development and Crowdsourced Knowledge. In 2013 International Conference on Social Computing. IEEE. https://doi.org/10.1109/socialcom.2013.35Google Scholar
Digital Library
- Nicolas Viennot, Edward Garcia, and Jason Nieh. 2014. A measurement study of google play. In The 2014 ACM international conference on Measurement and modeling of computer systems - SIGMETRICS'14. ACM Press. https://doi.org/10.1145/2591971.2592003Google Scholar
Digital Library
- Etienne C Wenger and William M Snyder. 2000. Communities of practice: The organizational frontier. Harvard business review, Vol. 78, 1 (2000), 139--146.Google Scholar
- Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl. 2018. A Large Scale Investigation of Obfuscation Use in Google Play. In Proceedings of the 34th Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3274694.3274726Google Scholar
Digital Library
- Yuhao Wu, Shaowei Wang, Cor-Paul Bezemer, and Katsuro Inoue. 2018. How do developers utilize source code from stack overflow? Empirical Software Engineering, Vol. 24, 2 (jul 2018, 637--673. https://doi.org/10.1007/s10664-018-9634-5Google Scholar
Index Terms
How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit
Recommendations
Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and ServicesPreventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Privacy as part of the app decision-making process
CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsSmartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have ...






Comments