skip to main content
research-article

Enabling User-centered Privacy Controls for Mobile Applications: COVID-19 Perspective

Authors Info & Claims
Published:30 January 2021Publication History
Skip Abstract Section

Abstract

Mobile apps have transformed many aspects of clinical practice and are becoming a commonplace in healthcare settings. The recent COVID-19 pandemic has provided the opportunity for such apps to play an important role in reducing the spread of the virus. Several types of COVID-19 apps have enabled healthcare professionals and governments to communicate with the public regarding the pandemic spread, coronavirus awareness, and self-quarantine measures. While these apps provide immense benefits for the containment of the spread, privacy and security of these digital tracing apps are at the center of public debate. To address this gap, we conducted an online survey of a midwestern region in the United State to assess people’s attitudes toward such apps and to examine their privacy and security concerns and preferences. Survey results from 1,550 participants indicate that privacy/security protections and trust play a vital role in people’s adoption of such apps. Furthermore, results reflect users’ preferences wanting to have control over their personal information and transparency on how their data is handled. In addition, personal data protection priorities selected by the participants were surprising and yet revealing of the disconnect between technologists and users. In this article, we present our detailed survey results as well as design guidelines for app developers to develop innovative human-centered technologies that are not only functional but also respectful of social norms and protections of civil liberties. Our study examines users’ preferences for COVID-19 apps and integrates important factors of trust, willingness, and preferences in the context of app development. Through our research findings, we suggest mechanisms for designing inclusive apps’ privacy and security measures that can be put into practice for healthcare-related apps, so that timely adoption is made possible.

References

  1. Icek Ajzen. 2011. The theory of planned behaviour: Reactions and reflections. Psychol Health. 26, 9 (2011), 1113--27.Google ScholarGoogle ScholarCross RefCross Ref
  2. Faiz Anuar and Ulrike Gretzel. 2011. Privacy concerns in the context of location-based services for tourism. In Proceedings of the 18th Annual Conference of the International Federation for Information Technologies in Travel and Tourism (ENTER’11).Google ScholarGoogle Scholar
  3. Kakoli Bandyopadhyay and Katherine A. Fraccastoro. 2007. The effect of culture on user acceptance of information technology. Commun. Assoc. Info. Syst. 19, 1 (2007), 23.Google ScholarGoogle Scholar
  4. Gaurav Bansal, David Gefen, et al. 2010. The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decis. Supp. Syst. 49, 2 (2010), 138--150.Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Mahmoud Barhamgi, Charith Perera, Chirine Ghedira, and Djamal Benslimane. 2018. User-centric privacy engineering for the internet of things. IEEE Cloud Comput. 5, 5 (2018), 47--57.Google ScholarGoogle ScholarCross RefCross Ref
  6. Mahmoud Barhamgi, Mu Yang, Chia-Mu Yu, Yijun Yu, Arosha K. Bandara, Djamal Benslimane, and Bashar Nuseibeh. 2017. Enabling end-users to protect their privacy. In Proceedings of the ACM Asia Conference on Computer and Communications Security. 905--907.Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Erlend Bergen, Dag F. Solberg, Torjus H. Sæthre, and Monica Divitini. 2018. Supporting the co-design of games for privacy awareness. In Proceeding sof the International Conference on Interactive Collaborative Learning. Springer, 888--899.Google ScholarGoogle Scholar
  8. David M. Blei. 2012. Probabilistic topic models. Commun. ACM 55, 4 (2012), 77--84.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Kaitlin R. Boeckl and Naomi B. Lefkovitz. 2020. NIST privacy framework: A tool for improving privacy through enterprise risk management, version 1.0. NIST Publication.Google ScholarGoogle Scholar
  10. Samuel Brack, Leonie Reichert, and Björn Scheuermann. 2020. Decentralized contact tracing using a DHT and blind signatures. IACR Cryptol. ePrint Arch. 2020 (2020), 398.Google ScholarGoogle Scholar
  11. Diego Buenaño-Fernandez, Mario González, David Gil, and Sergio Luján-Mora. 2020. Text mining of open-ended questions in self-assessment of university teachers: An LDA topic modeling approach. IEEE Access 8 (2020), 35318--35330.Google ScholarGoogle ScholarCross RefCross Ref
  12. Ann Cavoukian et al. 2009. Privacy by design: The 7 foundational principles. Info. Privacy Commiss. Ont. Can. 5 (2009). https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf.Google ScholarGoogle Scholar
  13. Ann Cavoukian, Angus Fisher, Scott Killen, and David A. Hoffman. 2010. Remote home healthcare technologies: How to ensure privacy? Build it in: Privacy by design. Ident. Info. Soc. 3, 2 (2010), 363--378.Google ScholarGoogle Scholar
  14. Justin Chan, Shyam Gollakota, Eric Horvitz, Joseph Jaeger, Sham Kakade, Tadayoshi Kohno, John Langford, Jonathan Larson, Sudheesh Singanamalla, Jacob Sunshine, et al. 2020. Pact: Privacy sensitive protocols and mechanisms for mobile contact tracing. Retrieved from https://arXiv:2004.03544.Google ScholarGoogle Scholar
  15. Hyunghoon Cho, Daphne Ippolito, and Yun William Yu. 2020. Contact tracing mobile apps for COVID-19: Privacy considerations and related trade-offs. Retrieved from https://arXiv:2003.11511.Google ScholarGoogle Scholar
  16. Kevin Anthony Hoff and Masooda Bashir. 2015. Trust in automation: Integrating empirical evidence on factors that influence trust. Hum. Fact. 57, 3 (2015), 407--434.Google ScholarGoogle ScholarCross RefCross Ref
  17. Marcello Ienca and Effy Vayena. 2020. On the responsible use of digital data to tackle the COVID-19 pandemic. Nature Med. 26, 4 (2020), 463--464.Google ScholarGoogle ScholarCross RefCross Ref
  18. Nirmal Kandel, Stella Chungong, Abbas Omaar, and Jun Xing. 2020. Health security capacities in the context of COVID-19 outbreak: An analysis of International Health Regulations annual report data from 182 countries. Lancet 395, 10229 (2020), 1047--1053.Google ScholarGoogle ScholarCross RefCross Ref
  19. Gabriel Kaptchuk, Eszter Hargittai, and Elissa M. Redmiles. 2020. How good is good enough for COVID19 apps? The influence of benefits, accuracy, and privacy on willingness to adopt. Retrieved from https://arXiv:2005.04343.Google ScholarGoogle Scholar
  20. Bandana Kar, Rick C. Crowsey, and Joslyn J. Zale. 2013. The myth of location privacy in the United States: Surveyed attitude versus current practices. Profession. Geogr. 65, 1 (2013), 47--64.Google ScholarGoogle ScholarCross RefCross Ref
  21. Douglas J. Leith and Stephen Farrell. 2020. Coronavirus contact tracing app privacy: What data is shared by the singapore opentrace app. Retrieved from https://www.scss.tcd.ie/Doug.Leith/pubs/opentrace_privacy.pdf.Google ScholarGoogle Scholar
  22. Joseph K. Liu, Man Ho Au, Tsz Hon Yuen, Cong Zuo, Jiawei Wang, Amin Sakzad, Xiapu Luo, and Li Li. 2020. Privacy-preserving COVID-19 contact tracing app: A zero-knowledge proof approach. IACR Cryptol. ePrint Arch. 2020 (2020), 528.Google ScholarGoogle Scholar
  23. Anna U. Morgan, Mohan Balachandran, David Do, Doreen Lam, Andrew Parambath, Krisda H. Chaiyachati, Nancy M. Bonalumi, Susan C. Day, Kathleen C. Lee, and David A. Asch. 2020. Remote monitoring of patients with Covid-19: Design, implementation, and outcomes of the first 3,000 patients in COVID watch. NEJM Catal. Innovat. Care Deliv. 1, 4 (2020).Google ScholarGoogle Scholar
  24. N. Nair. 2001. Childhood tuberculosis: Public health and contact tracing. Paediatr. Resp. Rev. 2, 2 (2001), 97--102.Google ScholarGoogle Scholar
  25. Steve Quirolgico, Jeffrey Voas, Tom Karygiannis, Christoph Michael, and Karen Scarfone. 2015. Vetting the Security of Mobile Applications. U.S. Department of Commerce, National Institute of Standards and Technology.Google ScholarGoogle Scholar
  26. Julie M. Robillard, Aaron W. Li, Shilpa Jacob, Dan Wang, Xin Zou, and Jesse Hoey. 2017. Co-creating emotionally aligned smart homes using social psychological modeling. In Proceedings of the 4th International Workshop on Sensor-based Activity Recognition and Interaction. 1--6.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Tushar Kanti Saha Santa Maria Shithil and Tanusree Sharma. [n.d.]. A dynamic data placement policy for heterogeneous Hadoop cluster. In 2017 4th International Conference on Advances in Electrical Engineering (ICAEE'17). IEEE, 302--307.Google ScholarGoogle Scholar
  28. Oshani Seneviratne and Lalana Kagal. 2014. Enabling privacy through transparency. In Proceedings of the 12th Annual International Conference on Privacy, Security and Trust. IEEE, 121--128.Google ScholarGoogle ScholarCross RefCross Ref
  29. Tanusree Sharma, John C. Bambenek, and Masooda Bashir. 2020. Preserving privacy in cyber-physical-social systems: An anonymity and access control approach. [Online]. Retrieved from https://www.ideals.illinois.edu/handle/2142/106049.Google ScholarGoogle Scholar
  30. Tanusree Sharma and Masooda Bashir. 2020. Are PETs (privacy enhancing technologies) giving protection for smartphones?--A case study. Retrieved from https://arXiv:2007.04444.Google ScholarGoogle Scholar
  31. Tanusree Sharma and Masooda Bashir. 2020. Privacy apps for smartphones: An assessment of users’ preferences and limitations. In Proceedings of the International Conference on Human-Computer Interaction. Springer, 533--546.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Tanusree Sharma and Masooda Bashir. 2020. Use of apps in the COVID-19 response and the loss of privacy protection. Nature Med. 26 (2020), 1165--1167.Google ScholarGoogle ScholarCross RefCross Ref
  33. Lucy Simko, Ryan Calo, Franziska Roesner, and Tadayoshi Kohno. 2020. COVID-19 contact tracing and privacy: Studying opinion and preferences. Retrieved from https://arXiv:2005.06056.Google ScholarGoogle Scholar
  34. Daniel J. Solove. 2012. Introduction: Privacy self-management and the consent dilemma. Harv. L. Rev. 126 (2012), 1880.Google ScholarGoogle Scholar
  35. Murugiah Souppaya and Karen Scarfone. 2013. Guidelines for managing the security of mobile devices in the enterprise. NIST Spec. Pub. 800 (2013), 124.Google ScholarGoogle Scholar
  36. Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathé, James Larus, Edouard Bugnion, Wouter Lueks, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, et al. 2020. Decentralized privacy-preserving proximity tracing. Retrieved from https://arXiv:2005.12273.Google ScholarGoogle Scholar
  37. Tyler M. Yasaka, Brandon M. Lehrich, and Ronald Sahyouni. 2020. Peer-to-Peer contact tracing: Development of a privacy-preserving smartphone app. JMIR mHealth uHealth 8, 4 (2020), e18936.Google ScholarGoogle Scholar
  38. Xiao Yue, Huiju Wang, Dawei Jin, Mingqiang Li, and Wei Jiang. 2016. Healthcare data gateways: Found healthcare intelligence on blockchain with novel privacy risk control. J. Med. Syst. 40, 10 (2016), 218.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Enabling User-centered Privacy Controls for Mobile Applications: COVID-19 Perspective

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM Transactions on Internet Technology
      ACM Transactions on Internet Technology  Volume 21, Issue 1
      Visions Paper, Regular Papers, SI: Blockchain in E-Commerce, and SI: Human-Centered Security, Privacy, and Trust in the Internet of Things
      February 2021
      534 pages
      ISSN:1533-5399
      EISSN:1557-6051
      DOI:10.1145/3441681
      • Editor:
      • Ling Liu
      Issue’s Table of Contents

      Copyright © 2021 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 30 January 2021
      • Accepted: 1 November 2020
      • Revised: 1 October 2020
      • Received: 1 July 2020
      Published in toit Volume 21, Issue 1

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article
      • Research
      • Refereed

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format .

    View HTML Format
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!