skip to main content

This content will become publicly available on May 1, 2023

Title: Helping Mobile Application Developers Create Accurate Privacy Labels
In December, 2020, Apple began requiring developers to disclose their data collection and use practices to generate a “privacy label” for their application. The use of mobile application Software Development Kits (SDKs) and third-party libraries, coupled with a typical lack of expertise in privacy, makes it challenging for developers to accurately report their data collection and use practices. In this work we discuss the design and evaluation of a tool to help iOS developers generate privacy labels. The tool combines static code analysis to identify likely data collection and use practices with interactive functionality designed to prompt developers to elucidate analysis results and carefully reflect on their applications’ data practices. We conducted semi-structured interviews with iOS developers as they used an initial version of the tool. We discuss how these results motivated us to develop an enhanced software tool, Privacy Label Wiz, that more closely resembles interactions developers reported to be most useful in our semi-structured interviews. We present findings from our interviews and the enhanced tool motivated by our study. We also outline future directions for software tools to better assist developers communicating their mobile app’s data practices to different audiences.
; ; ; ; ;
Award ID(s):
Publication Date:
Journal Name:
Sponsoring Org:
National Science Foundation
More Like this
  1. While online developer forums are major resources of knowledge for application developers, their roles in promoting better privacy practices remain underexplored. In this paper, we conducted a qualitative analysis of a sample of 207 threads (4772 unique posts) mentioning different forms of personal data from the /r/androiddev forum on Reddit. We started with bottom-up open coding on the sampled posts to develop a typology of discussions about personal data use and conducted follow-up analyses to understand what types of posts elicited in-depth discussions on privacy issues or mentioned risky data practices. Our results show that Android developers rarely discussed privacy concerns when talking about a specific app design or implementation problem, but often had active discussions around privacy when stimulated by certain external events representing new privacy-enhancing restrictions from the Android operating system, app store policies, or privacy laws. Developers often felt these restrictions could cause considerable cost yet fail to generate any compelling benefit for themselves. Given these results, we present a set of suggestions for Android OS and the app store to design more effective methods to enhance privacy, and for developer forums(e.g., /r/androiddev) to encourage more in-depth privacy discussions and nudge developers to think more about privacy.
  2. The goal of this study was to examine the work practices of behavioral health professionals with a view towards designing interactive systems to support their work. We conducted a qualitative workplace study, including in situ observations and semi-structured interviews, in a multidisciplinary clinic treating pediatric feeding disorders. This paper contributes a detailed characterization of clinicians' work practices and conducts a comparative analysis of three types of work: treatment, record management, and preparation work. We found that clinicians have a preference for taxing over tedious work. For example, they experience real-time data collection as more taxing but less tedious than retroactive data entry. Design efforts should balance the tension between addressing the taxing (data collection during meals) versus the tedious (manually entering data into spreadsheets). Although addressing the taxing improves within-routine efficiency, addressing the tedious improves overall morale. Further, we hypothesize that there is a rewarding or unrewarding quality to work that is dictated in part by its social, temporal, and clinical characteristics. We discuss conceptual and design implications for supporting clinical work, and highlight considerations unique to behavioral health.
  3. Mobile application security has been one of the major areas of security research in the last decade. Numerous application analysis tools have been proposed in response to malicious, curious, or vulnerable apps. However, existing tools, and specifically, static analysis tools, trade soundness of the analysis for precision and performance, and are hence soundy. Unfortunately, the specific unsound choices or flaws in the design of these tools are often not known or well-documented, leading to a misplaced confidence among researchers, developers, and users. This paper proposes the Mutation-based soundness evaluation (µSE) framework, which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded practice of mutation analysis. We implement µSE as a semi-automated framework, and apply it to a set of prominent Android static analysis tools that detect private data leaks in apps. As the result of an in-depth analysis of one of the major tools, we discover 13 undocumented flaws. More importantly, we discover that all 13 flaws propagate to tools that inherit the flawed tool. We successfully fix one of the flaws in cooperation with the tool developers. Our results motivate the urgent need for systematic discovery and documentation of unsound choices inmore »soundy tools, and demonstrate the opportunities in leveraging mutation testing in achieving this goal.« less
  4. It is commonly assumed that the availability of “free” mobile apps comes at the cost of consumer privacy, and that paying for apps could offer consumers protection from behavioral advertising and long-term tracking. This work empirically evaluates the validity of this assumption by investigating the degree to which “free” apps and their paid premium versions differ in their bundled code, their declared permissions, and their data collection behaviors and privacy practices. We compare pairs of free and paid apps using a combination of static and dynamic analysis. We also examine the differences in the privacy policies within pairs. We rely on static analysis to determine the requested permissions and third-party SDKs in each app; we use dynamic analysis to detect sensitive data collected by remote services at the network traffic level; and we compare text versions of privacy policies to identify differences in the disclosure of data collection behaviors. In total, we analyzed 1,505 pairs of free Android apps and their paid counterparts, with free apps randomly drawn from the Google Play Store’s category-level top charts. Our results show that over our corpus of free and paid pairs, there is no clear evidence that paying for an app will guaranteemore »protection from extensive data collection. Specifically, 48% of the paid versions reused all of the same third-party libraries as their free versions, while 56% of the paid versions inherited all of the free versions’ Android permissions to access sensitive device resources (when considering free apps that include at least one third-party library and request at least one Android permission). Additionally, our dynamic analysis reveals that 38% of the paid apps exhibit all of the same data collection and transmission behaviors as their free counterparts. Our exploration of privacy policies reveals that only 45% of the pairs provide a privacy policy of some sort, and less than 1% of the pairs overall have policies that differ between free and paid versions.« less
  5. This fundamental research in pre-college education engineering study investigates the ways in which elementary school students and their teacher balance the tradeoffs in engineering design. STEM education reforms promote the engagement of K-12 students in the epistemic practices of disciplinary experts to teach content.1,2,3 This emphasis on practices is a paradigm shift that requires both extensive professional development and research to learn about the ways in which students and teacher learn about and participate in these practices. Balancing tradeoffs is an important practice in engineering but most often in classroom curricula it is embedded in the concept of iteration1,4; however, improving a design is not always the same as balancing trade-offs.1 Optimizing a multivariate problem requires students to engage in a number of engineering practices, like considering multiple solution, making tradeoffs between criteria and constraints, applying math and science knowledge to problem solving, constructing models, making evidence-based decisions, and assessing the implications of solutions5. The ways in which teachers and students collectively balance these tradeoffs in a design has been understudied1. Our primary research questions are, “How do teachers and students make decisions about making tradeoffs between criteria and constraints” and “How do experiences in teacher workshops affect the waysmore »they implement engineering projects in their classes.” We take an ethnographic perspective to investigate these phenomena, and collected video data, field notes, student journals, and semi-structured interviews of eight elementary teachers in a workshop and similar data from two of the workshop teachers’ classes as they implemented the curriculum they learned in the workshop. Our analyses focus on the disciplinary practices teachers and students use to make decisions for balancing tradeoffs, how they are supported (or impeded) by teachers, and how they justify these decisions. Similarly, we compared two of the teachers wearing their “student hat” in the workshop as well as their “teacher hat” in the classroom5. Our analyses suggest three significant findings. First, teachers and students tended to focus on one criterion (e.g. cost, performance) and had few discussions about trying to minimize cost and maximize performance. Second, curriculum design significantly impacts the choices students make. Using two examples, we will show the impact of weighting criteria differently on the design strategies teachers and students make. Last, we noted most of the feedback given was related to managing classroom activity rather than supporting students’ designs. Implications of this study are relevant to both engineering educators and engineering curriculum developers.« less