“Those things are written by lawyers, and programmers are reading that.” Mapping the Communication Gap Between Software Developers and Privacy Experts

Horstmann, Stefan Albert; Domiks, Samuel; Gutfleisch, Marco; Tran, Mindy; Acar, Yasemin; Moonsamy, Veelasha; Naiakshina, Alena

doi:10.56553/popets-2024-0010

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Other2

Relationship

Self Cite0

Independent4

Authors

Journals

Cited by 4 publications

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environments

Kitsiou,

Sideri,

Pantelelis

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environments

Kitsiou,

Sideri,

Pantelelis

et al. 2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Klostermeyer,

Amft,

Höltervennhoff

et al. 2024

Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Do Android App Developers Accurately Report Collection of Privacy-Related Data?

Khedkar,

Mondal,

Bodden

2024

Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops

View full text Add to dashboard Cite

Many Android applications collect data from users. The European Union's General Data Protection Regulation (GDPR) requires vendors to faithfully disclose which data their apps collect. This task is complicated because many apps use third-party code for which the same information is not readily available. Hence we ask: how accurately do current Android apps fulfill these requirements?In this work, we first expose a multi-layered definition of privacyrelated data to correctly report data collection in Android apps. We further create a dataset of privacy-sensitive data classes that may be used as input by an Android app. This dataset takes into account data collected both through the user interface and system APIs.We manually examine the data safety sections of 70 Android apps to observe how data collection is reported, identifying instances of over-and under-reporting. Additionally, we develop a prototype to statically extract and label privacy-related data collected via app source code, user interfaces, and permissions. Comparing the prototype's results with the data safety sections of 20 apps reveals reporting discrepancies. Using the results from two Messaging and Social Media apps (Signal and Instagram), we discuss how app developers under-report and over-report data collection, respectively, and identify inaccurately reported data categories.Our results show that app developers struggle to accurately report data collection, either due to Google's abstract definition of collected data or insufficient existing tool support. CCS Concepts• Security and privacy → Social network security and privacy; • Software and its engineering → Software maintenance tools.

show abstract

“Those things are written by lawyers, and programmers are reading that.” Mapping the Communication Gap Between Software Developers and Privacy Experts

Cited by 4 publications

References 56 publications

Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environments

Developers’ mindset on self-adaptive privacy and its requirements for cloud computing environments

Skipping the Security Side Quests: A Qualitative Study on Security Practices and Challenges in Game Development

Do Android App Developers Accurately Report Collection of Privacy-Related Data?

Contact Info

Product

Resources

About