research-article

Open access

How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit

Authors:

Elizabeth Louie,

Jason I. HongAuthors Info & Claims

Proceedings of the ACM on Human-Computer Interaction, Volume 4, Issue CSCW3

Article No.: 220, Pages 1 - 28

https://doi.org/10.1145/3432919

Published: 05 January 2021 Publication History

Abstract

While online developer forums are major resources of knowledge for application developers, their roles in promoting better privacy practices remain underexplored. In this paper, we conducted a qualitative analysis of a sample of 207 threads (4772 unique posts) mentioning different forms of personal data from the /r/androiddev forum on Reddit. We started with bottom-up open coding on the sampled posts to develop a typology of discussions about personal data use and conducted follow-up analyses to understand what types of posts elicited in-depth discussions on privacy issues or mentioned risky data practices. Our results show that Android developers rarely discussed privacy concerns when talking about a specific app design or implementation problem, but often had active discussions around privacy when stimulated by certain external events representing new privacy-enhancing restrictions from the Android operating system, app store policies, or privacy laws. Developers often felt these restrictions could cause considerable cost yet fail to generate any compelling benefit for themselves. Given these results, we present a set of suggestions for Android OS and the app store to design more effective methods to enhance privacy, and for developer forums(e.g., /r/androiddev) to encourage more in-depth privacy discussions and nudge developers to think more about privacy.

References

[1]

2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA. https://www.usenix.org/conference/usenixsecurity20/presentation/andow

[2]

2020. Art. 4 GDPR ' Definitions | General Data Protection Regulation (GDPR). http://web.archive.org/web/20200530095018/https://gdpr-info.eu/art-4-gdpr/. (Accessed on 05/30/2020).

[3]

2020. Fair Information Practice Principles. http://web.archive.org/web/20200309081014/https://iapp.org/resources/article/fair-information-practices/. (Accessed on 05/31/2020).

[4]

Rabe Abdalkareem, Emad Shihab, and Juergen Rilling. 2017. What Do Developers Use the Crowd For? A Study Using Stack Overflow. IEEE Software, Vol. 34, 2 (mar 2017), 53--60. https://doi.org/10.1109/ms.2017.31

Digital Library

[5]

Vitalii Avdiienko, Konstantin Kuznetsov, Alessandra Gorla, Andreas Zeller, Steven Arzt, Siegfried Rasthofer, and Eric Bodden. 2015. Mining Apps for Abnormal Usage of Sensitive Data. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. IEEE. https://doi.org/10.1109/icse.2015.61

[6]

Alberto Bacchelli, Luca Ponzanelli, and Michele Lanza. 2012. Harnessing Stack Overflow for the IDE. In 2012 Third International Workshop on Recommendation Systems for Software Engineering (RSSE). IEEE. https://doi.org/10.1109/rsse.2012.6233404

[7]

Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, and Lorrie Faith Cranor. 2014. The Privacy and Security Behaviors of Smartphone App Developers. In Proceedings 2014 Workshop on Usable Security. Internet Society. https://doi.org/10.14722/usec.2014.23006

[8]

Anton Barua, Stephen W. Thomas, and Ahmed E. Hassan. 2012. What are developers talking about? An analysis of topics and trends in Stack Overflow. Empirical Software Engineering, Vol. 19, 3 (nov 2012), 619--654. https://doi.org/10.1007/s10664-012-9231-y

Digital Library

[9]

Helena Bé jar and Slssela Bok. 1987. "Secrets" (On the Ethics of Concealment and Revelation). Reis 37 (1987), 248. https://doi.org/10.2307/40183271

[10]

Joel Brandt, Philip J. Guo, Joel Lewenstein, Mira Dontcheva, and Scott R. Klemmer. 2009. Two studies of opportunistic programming: interleaving web foraging, learning, and writing code. In Proceedings of the 27th international conference on Human factors in computing systems - CHI 09. ACM Press. https://doi.org/10.1145/1518701.1518944

Digital Library

[11]

Saksham Chitkara, Nishad Gothoskar, Suhas Harish, Jason I. Hong, and Yuvraj Agarwal. 2017. Does this App Really Need My Location?: Context-Aware Privacy Management for Smartphones. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Vol. 1, 3 (sep 2017), 1--22. https://doi.org/10.1145/3132029

Digital Library

[12]

Norman K Denzin and Yvonna S Lincoln. 2008. Strategies of qualitative inquiry. Vol. 2. Sage.

[13]

Felix Fischer, Konstantin Bottinger, Huang Xiao, Christian Stransky, Yasemin Acar, Michael Backes, and Sascha Fahl. 2017. Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE. https://doi.org/10.1109/sp.2017.31

[14]

BJ Fogg. 2009. A behavior model for persuasive design. In Proceedings of the 4th International Conference on Persuasive Technology - Persuasive '09. ACM Press. https://doi.org/10.1145/1541948.1541999

Digital Library

[15]

Daniel Greene and Katie Shilton. 2017. Platform privacies: Governance, collaboration, and the different meanings of textquotedblleftprivacytextquotedblright in iOS and Android development. New Media & Society, Vol. 20, 4 (apr 2017), 1640--1657. https://doi.org/10.1177/1461444817702397

[16]

Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2020. "It's a scavenger hunt": Usability of Websites' Opt-Out and Data Deletion Choices. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3313831.3376511

Digital Library

[17]

Irit Hadar, Tomer Hasson, Oshrat Ayalon, Eran Toch, Michael Birnhack, Sofia Sherman, and Arod Balissa. 2017. Privacy by designers: software developers' privacy mindset. Empirical Software Engineering, Vol. 23, 1 (apr 2017), 259--289. https://doi.org/10.1007/s10664-017--9517--1

[18]

David Halpern. 2015. Inside the nudge unit: How small changes can make a big difference. Random House.

[19]

Junxiao Han, Emad Shihab, Zhiyuan Wan, Shuiguang Deng, and Xin Xia. 2020. What do Programmers Discuss about Deep Learning Frameworks. Empirical Software Engineering, Vol. 25, 4 (apr 2020), 2694--2747. https://doi.org/10.1007/s10664-020-09819-6

[20]

Tianshi Li, Yuvraj Agarwal, and Jason I. Hong. 2018. Coconut: An IDE Plugin for Developing Privacy-Friendly Apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Vol. 2, 4 (dec 2018), 1--35. https://doi.org/10.1145/3287056

Digital Library

[21]

Jialiu Lin, Norman Sadeh, Shahriyar Amini, Janne Lindqvist, Jason I. Hong, and Joy Zhang. 2012. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing - UbiComp textquote'12. ACM Press. https://doi.org/10.1145/2370216.2370290

Digital Library

[22]

Mario Linares-Vasquez, Bogdan Dit, and Denys Poshyvanyk. 2013. An exploratory analysis of mobile development issues using stack overflow. In 2013 10th Working Conference on Mining Software Repositories (MSR). IEEE. https://doi.org/10.1109/msr.2013.6624014

[23]

Xueqing Liu, Yue Leng, Wei Yang, Wenyu Wang, Chengxiang Zhai, and Tao Xie. 2018. A Large-Scale Empirical Study on Android Runtime-Permission Rationale Messages. In 2018 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC). IEEE. https://doi.org/10.1109/vlhcc.2018.8506574

[24]

Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, and Guofei Jiang. 2015. Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting. In Proceedings 2015 Network and Distributed System Security Symposium. Internet Society. https://doi.org/10.14722/ndss.2015.23287

[25]

Helen Nissenbaum. 2009. Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.

Digital Library

[26]

Sai Teja Peddinti, Igor Bilogrevic, Nina Taft, Martin Pelikan, Ú lfar Erlingsson, Pauline Anthonysamy, and Giles Hogben. 2019. Reducing Permission Requests in Mobile Apps. In Proceedings of the Internet Measurement Conference. ACM. https://doi.org/10.1145/3355369.3355584

Digital Library

[27]

Johnny Salda na. 2015. The coding manual for qualitative researchers. Sage.

[28]

Ferdinand David Schoeman. 1984. Philosophical dimensions of privacy: An anthology. Cambridge University Press.

[29]

Awanthika Senarath and Nalin A. G. Arachchilage. 2018. Why developers cannot embed privacy into software systems?: An empirical investigation. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 - EASEtextquote'18. ACM Press. https://doi.org/10.1145/3210459.3210484

Digital Library

[30]

Swapneel Sheth, Gail Kaiser, and Walid Maalej. 2014. Us and them: a study of privacy requirements across north america, asia, and europe. In Proceedings of the 36th International Conference on Software Engineering - ICSE 2014. ACM Press. https://doi.org/10.1145/2568225.2568244

Digital Library

[31]

Mohammad Tahaei, Kami Vaniea, and Naomi Saphra. 2020. Understanding Privacy-Related Questions on Stack Overflow. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3313831.3376768

Digital Library

[32]

Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. 2019. (Un)informed Consent: Studying GDPR Consent Notices in the Field. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM. https://doi.org/10.1145/3319535.3354212

Digital Library

[33]

Bogdan Vasilescu, Vladimir Filkov, and Alexander Serebrenik. 2013. StackOverflow and GitHub: Associations between Software Development and Crowdsourced Knowledge. In 2013 International Conference on Social Computing. IEEE. https://doi.org/10.1109/socialcom.2013.35

Digital Library

[34]

Nicolas Viennot, Edward Garcia, and Jason Nieh. 2014. A measurement study of google play. In The 2014 ACM international conference on Measurement and modeling of computer systems - SIGMETRICS'14. ACM Press. https://doi.org/10.1145/2591971.2592003

Digital Library

[35]

Etienne C Wenger and William M Snyder. 2000. Communities of practice: The organizational frontier. Harvard business review, Vol. 78, 1 (2000), 139--146.

[36]

Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl. 2018. A Large Scale Investigation of Obfuscation Use in Google Play. In Proceedings of the 34th Annual Computer Security Applications Conference. ACM. https://doi.org/10.1145/3274694.3274726

Digital Library

[37]

Yuhao Wu, Shaowei Wang, Cor-Paul Bezemer, and Katsuro Inoue. 2018. How do developers utilize source code from stack overflow? Empirical Software Engineering, Vol. 24, 2 (jul 2018, 637--673. https://doi.org/10.1007/s10664-018-9634-5

Digital Library

Cited By

Lima MSteinmacher IFord DVorreuter GGonçalves LConte TGadelha B(2025)How are discussions linked? A link analysis study on GitHub DiscussionsJournal of Systems and Software10.1016/j.jss.2024.112196219(112196)Online publication date: Jan-2025
https://doi.org/10.1016/j.jss.2024.112196
Prybylo MHaghighi SPeddinti SGhanavati SKelley PKapadia A(2024)Evaluating privacy perceptions, experience, and behavior of software development teamsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696905(101-120)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696905
Cheng KZhou SOlechowski A(2024)"A Lot of Moving Parts": A Case Study of Open-Source Hardware Design Collaboration in the Thingiverse CommunityProceedings of the ACM on Human-Computer Interaction10.1145/36870088:CSCW2(1-29)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.1145/3687008
Show More Cited By

Index Terms

How Developers Talk About Personal Data and What It Means for User Privacy: A Case Study of a Developer Forum on Reddit
1. Human-centered computing
  1. Collaborative and social computing
    1. Empirical studies in collaborative and social computing
  2. Human computer interaction (HCI)
2. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Software and application security
    1. Software security engineering

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
Privacy Capsules: Preventing Information Leaks by Mobile Apps
MobiSys '16: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services

Preventing the leakage of user information via untrusted third-party apps is a key challenge in mobile privacy. We propose and evaluate privacy capsules (PCs), a platform execution model for mobile apps that prevents the flow of private information to ...
Privacy as part of the app decision-making process
CHI '13: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Smartphones have unprecedented access to sensitive personal information. While users report having privacy concerns, they may not actively consider privacy while downloading apps from smartphone application marketplaces. Currently, Android users have ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Human-Computer Interaction

Proceedings of the ACM on Human-Computer Interaction Volume 4, Issue CSCW3

CSCW

December 2020

1825 pages

EISSN:2573-0142

DOI:10.1145/3446568

Editor:
Jeff Nichols
Apple Inc., United States

Issue’s Table of Contents

Copyright © 2021 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 January 2021

Published in PACMHCI Volume 4, Issue CSCW3

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
2,031
Total Downloads

Downloads (Last 12 months)635
Downloads (Last 6 weeks)77

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lima MSteinmacher IFord DVorreuter GGonçalves LConte TGadelha B(2025)How are discussions linked? A link analysis study on GitHub DiscussionsJournal of Systems and Software10.1016/j.jss.2024.112196219(112196)Online publication date: Jan-2025
https://doi.org/10.1016/j.jss.2024.112196
Prybylo MHaghighi SPeddinti SGhanavati SKelley PKapadia A(2024)Evaluating privacy perceptions, experience, and behavior of software development teamsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696905(101-120)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696905
Cheng KZhou SOlechowski A(2024)"A Lot of Moving Parts": A Case Study of Open-Source Hardware Design Collaboration in the Thingiverse CommunityProceedings of the ACM on Human-Computer Interaction10.1145/36870088:CSCW2(1-29)Online publication date: 8-Nov-2024
https://dl.acm.org/doi/10.1145/3687008
Tang XFarzan RLópez CCardoso Llach DQuercia DMustafa MNiu SWong-Villacrés M(2024)Why is Accessibility So Hard? Insights From the History of PrivacyCompanion Publication of the 2024 Conference on Computer-Supported Cooperative Work and Social Computing10.1145/3678884.3681876(362-368)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3678884.3681876
Aljeraisy ARana OPerera C(2024)Empowering IoT Developers with Privacy-Preserving End-User Development ToolsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785888:3(1-47)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678588
Ma RZhang ZGui XKou Y(2024)Labeling in the Dark: Exploring Content Creators’ and Consumers’ Experiences with Content Classification for Child Safety on YouTubeProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661565(1518-1532)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661565
Li TCranor LAgarwal YHong J(2024)MatchaProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36435448:1(1-38)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3643544
Kapitsaki GPapoutsoglou MRoychoudhury APaiva AAbreu RStorey M(2024)GDPR indications in commits messages in GitHub repositoriesProceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings10.1145/3639478.3643109(350-351)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639478.3643109
Grover R(2024)Encoding Privacy: Sociotechnical Dynamics of Data Protection Compliance WorkProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642872(1-13)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642872
Li TArya AJin H(2024)Redesigning Privacy with User Feedback: The Case of Zoom Attendee Attention TrackingProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642594(1-14)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642594
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents