Finding Levers for Privacy and Security by Design in MobileDevelopment

Finding Levers for Privacy and Security by Design in MobileDevelopment

Ensuring privacy and data security is a critical challenge for trustworthy computing in the mobile device ecosystem. Mobile applications are easy to build and distribute, and can collect diverse personal data. Privacy concerns can prevent information collection and processing, hindering new knowledge discovery. Privacy-enhancing features and best-practice data security measures are often expensive to implement, or even counter to business models that require user profiling or monitoring. Effective privacy and data security design require knowledge of evolving research and best practices, but low barriers to entry have created a deprofessionalized development ecosystem, and recent surveys of application developers have revealed low levels of awareness. Nevertheless, US policy approaches to data protection in the mobile ecosystem rely on security and privacy by design: encouraging developers to proactively implement best-practice security and privacy features to protect sensitive data. But we don’t know what factors motivate developers to implement privacy or data security features when faced with disincentives such as longer development timelines, markets for personal data, and tensions between data protection and data-enabled services. This project will use process elicitation exercises, surveys, and field experiments to determine factors that motivate privacy and security by design. It will then develop and test evidence-based toolkits for mobile developers to improve privacy and data security in the mobile data ecosystem. This project seeks to 1) study developers to discover work practices that encourage privacy and data security by design; and 2) build tools to encourage such work practices. The project hypothesizes that specific development practices can encourage attention to privacy and data security features and that these practices can be built into development toolkits. The project will use empirical methods followed by toolkit design and testing to tip the balance of developer decisions in favor of new privacy and security by design. The project will answer the following research questions: 1. How do mobile application developers define privacy and security by design? 2. What practices in mobile application development encourage developers to prioritize data protection? 3. How can development tools encourage developers to prioritize data protection during design?

Duration: 
September 2015 - August 2020
Funder: 
National Science Foundation
Total Award Amount: 
$505,136

Principal Investigator: