skip to main content
research-article
Open Access

How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit

Published:05 January 2021Publication History
Skip Abstract Section

Abstract

While online developer forums are major resources of knowledge for application developers, their roles in promoting better privacy practices remain underexplored. In this paper, we conducted a qualitative analysis of a sample of 207 threads (4772 unique posts) mentioning different forms of personal data from the /r/androiddev forum on Reddit. We started with bottom-up open coding on the sampled posts to develop a typology of discussions about personal data use and conducted follow-up analyses to understand what types of posts elicited in-depth discussions on privacy issues or mentioned risky data practices. Our results show that Android developers rarely discussed privacy concerns when talking about a specific app design or implementation problem, but often had active discussions around privacy when stimulated by certain external events representing new privacy-enhancing restrictions from the Android operating system, app store policies, or privacy laws. Developers often felt these restrictions could cause considerable cost yet fail to generate any compelling benefit for themselves. Given these results, we present a set of suggestions for Android OS and the app store to design more effective methods to enhance privacy, and for developer forums(e.g., /r/androiddev) to encourage more in-depth privacy discussions and nudge developers to think more about privacy.

References

  1. 2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA. https://www.usenix.org/conference/usenixsecurity20/presentation/andowGoogle ScholarGoogle Scholar
  2. 2020. Art. 4 GDPR ' Definitions | General Data Protection Regulation (GDPR). http://web.archive.org/web/20200530095018/https://gdpr-info.eu/art-4-gdpr/. (Accessed on 05/30/2020).Google ScholarGoogle Scholar
  3. 2020. Fair Information Practice Principles. http://web.archive.org/web/20200309081014/https://iapp.org/resources/article/fair-information-practices/. (Accessed on 05/31/2020).Google ScholarGoogle Scholar
  4. Rabe Abdalkareem, Emad Shihab, and Juergen Rilling. 2017. What Do Developers Use the Crowd For? A Study Using Stack Overflow. IEEE Software, Vol. 34, 2 (mar 2017), 53--60. https://doi.org/10.1109/ms.2017.31Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining Apps for Abnormal Usage of Sensitive Data. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. IEEE. https://doi.org/10.1109/icse.2015.61Google ScholarGoogle Scholar
  6. Alberto Bacchelli, Luca Ponzanelli, and Michele Lanza. 2012. Harnessing Stack Overflow for the IDE. In 2012 Third International Workshop on Recommendation Systems for Software Engineering (RSSE). IEEE. https://doi.org/10.1109/rsse.2012.6233404Google ScholarGoogle Scholar
  7. Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, and Lorrie Faith Cranor. 2014. The Privacy and Security Behaviors of Smartphone App Developers. In Proceedings 2014 Workshop on Usable Security. Internet Society. https://doi.org/10.14722/usec.2014.23006Google ScholarGoogle ScholarCross RefCross Ref
  8. Anton Barua, Stephen W. Thomas, and Ahmed E. Hassan. 2012. What are developers talking about? An analysis of topics and trends in Stack Overflow. Empirical Software Engineering, Vol. 19, 3 (nov 2012), 619--654. https://doi.org/10.1007/s10664-012-9231-yGoogle ScholarGoogle Scholar
  9. Helena Bé jar and Slssela Bok. 1987. "Secrets" (On the Ethics of Concealment and Revelation). Reis 37 (1987), 248. https://doi.org/10.2307/40183271Google ScholarGoogle Scholar
  10. Joel Brandt, Philip J. Guo, Joel Lewenstein, Mira Dontcheva, and Scott R. Klemmer. 2009. Two studies of opportunistic programming: interleaving web foraging, learning, and writing code. In Proceedings of the 27th international conference on Human factors in computing systems - CHI 09. ACM Press. https://doi.org/10.1145/1518701.1518944Google ScholarGoogle Scholar
  11. Saksham Chitkara, Nishad Gothoskar, Suhas Harish, Jason I. Hong, and Yuvraj Agarwal. 2017. Does this App Really Need My Location?: Context-Aware Privacy Management for Smartphones. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Vol. 1, 3 (sep 2017), 1--22. https://doi.org/10.1145/3132029Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Norman K Denzin and Yvonna S Lincoln. 2008. Strategies of qualitative inquiry. Vol. 2. Sage.Google ScholarGoogle Scholar
  13. Felix Fischer, Konstantin Bottinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, and Sascha Fahl. 2017. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE. https://doi.org/10.1109/sp.2017.31Google ScholarGoogle ScholarCross RefCross Ref
  14. BJ Fogg. 2009. A behavior model for persuasive design. In Proceedings of the 4th International Conference on Persuasive Technology - Persuasive '09. ACM Press. https://doi.org/10.1145/1541948.1541999Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Daniel Greene and Katie Shilton. 2017. Platform privacies: Governance, collaboration, and the different meanings of textquotedblleftprivacytextquotedblright in iOS and Android development. New Media & Society, Vol. 20, 4 (apr 2017), 1640--1657. https://doi.org/10.1177/1461444817702397Google ScholarGoogle Scholar
  16. Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. "It's a scavenger hunt": Usability of Websites' Opt-Out and Data Deletion Choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3313831.3376511Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2017. Privacy by designers: software developers' privacy mindset. Empirical Software Engineering, Vol. 23, 1 (apr 2017), 259--289. https://doi.org/10.1007/s10664-017--9517--1Google ScholarGoogle Scholar
  18. David Halpern. 2015. Inside the nudge unit: How small changes can make a big difference. Random House.Google ScholarGoogle Scholar
  19. Junxiao Han, Emad Shihab, Zhiyuan Wan, Shuiguang Deng, and Xin Xia. 2020. What do Programmers Discuss about Deep Learning Frameworks. Empirical Software Engineering, Vol. 25, 4 (apr 2020), 2694--2747. https://doi.org/10.1007/s10664-020-09819-6Google ScholarGoogle ScholarCross RefCross Ref
  20. Tianshi Li, Yuvraj Agarwal, and Jason I. Hong. 2018. Coconut: An IDE Plugin for Developing Privacy-Friendly Apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Vol. 2, 4 (dec 2018), 1--35. https://doi.org/10.1145/3287056Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Jialiu Lin, Norman Sadeh, Shahriyar Amini, Janne Lindqvist, Jason I. Hong, and Joy Zhang. 2012. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing - UbiComp textquote'12. ACM Press. https://doi.org/10.1145/2370216.2370290Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Mario Linares-Vasquez, Bogdan Dit, and Denys Poshyvanyk. 2013. An exploratory analysis of mobile development issues using stack overflow. In 2013 10th Working Conference on Mining Software Repositories (MSR). IEEE. https://doi.org/10.1109/msr.2013.6624014Google ScholarGoogle ScholarCross RefCross Ref
  23. Xueqing Liu, Yue Leng, Wei Yang, Wenyu Wang, Chengxiang Zhai, and Tao Xie. 2018. A Large-Scale Empirical Study on Android Runtime-Permission Rationale Messages. In 2018 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC). IEEE. https://doi.org/10.1109/vlhcc.2018.8506574Google ScholarGoogle ScholarCross RefCross Ref
  24. Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang. 2015. Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting. In Proceedings 2015 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2015.23287Google ScholarGoogle ScholarCross RefCross Ref
  25. Helen Nissenbaum. 2009. Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Sai Teja Peddinti, Igor Bilogrevic, Nina Taft, Martin Pelikan, Ú lfar Erlingsson, Pauline Anthonysamy, and Giles Hogben. 2019. Reducing Permission Requests in Mobile Apps. In Proceedings of the Internet Measurement Conference. ACM. https://doi.org/10.1145/3355369.3355584Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Johnny Salda na. 2015. The coding manual for qualitative researchers. Sage.Google ScholarGoogle Scholar
  28. Ferdinand David Schoeman. 1984. Philosophical dimensions of privacy: An anthology. Cambridge University Press.Google ScholarGoogle Scholar
  29. Awanthika Senarath and Nalin A. G. Arachchilage. 2018. Why developers cannot embed privacy into software systems?: An empirical investigation. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 - EASEtextquote'18. ACM Press. https://doi.org/10.1145/3210459.3210484Google ScholarGoogle Scholar
  30. Swapneel Sheth, Gail Kaiser, and Walid Maalej. 2014. Us and them: a study of privacy requirements across north america, asia, and europe. In Proceedings of the 36th International Conference on Software Engineering - ICSE 2014. ACM Press. https://doi.org/10.1145/2568225.2568244Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Mohammad Tahaei, Kami Vaniea, and Naomi Saphra. 2020. Understanding Privacy-Related Questions on Stack Overflow. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3313831.3376768Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. 2019. (Un)informed Consent: Studying GDPR Consent Notices in the Field. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3354212Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Bogdan Vasilescu, Vladimir Filkov, and Alexander Serebrenik. 2013. StackOverflow and GitHub: Associations between Software Development and Crowdsourced Knowledge. In 2013 International Conference on Social Computing. IEEE. https://doi.org/10.1109/socialcom.2013.35Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Nicolas Viennot, Edward Garcia, and Jason Nieh. 2014. A measurement study of google play. In The 2014 ACM international conference on Measurement and modeling of computer systems - SIGMETRICS'14. ACM Press. https://doi.org/10.1145/2591971.2592003Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Etienne C Wenger and William M Snyder. 2000. Communities of practice: The organizational frontier. Harvard business review, Vol. 78, 1 (2000), 139--146.Google ScholarGoogle Scholar
  36. Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl. 2018. A Large Scale Investigation of Obfuscation Use in Google Play. In Proceedings of the 34th Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3274694.3274726Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Yuhao Wu, Shaowei Wang, Cor-Paul Bezemer, and Katsuro Inoue. 2018. How do developers utilize source code from stack overflow? Empirical Software Engineering, Vol. 24, 2 (jul 2018, 637--673. https://doi.org/10.1007/s10664-018-9634-5Google ScholarGoogle Scholar

Index Terms

  1. How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!