CMU logo
Search
Expand Menu
Close Menu

HCII PhD Thesis Proposal, "Privacy-Enhancing Development Environment"

Open in new window

Speaker
Tianshi Li

When
-

Where
All remote (see email announcement for Zoom location)

Description

Thesis Committee:
Jason I. Hong (Chair, HCII)
Lorrie Faith Cranor (HCII)
Brad Myers (HCII)
Yuvraj Agarwal (CMU ISR)
Tadayoshi Kohno (University of Washington)
 
Abstract:
Data has driven many technological advancements, while the ubiquitous collection and sharing of data have caused a privacy trust crisis in our society. Developers' nuanced understanding of their app's behavior and ability to adjust the app design put them in a critical role in making apps that respect the norms and users' expectations of data use. However, developers are not privacy experts. Developing a privacy-friendly app is often a challenging task due to their lack of 1) awareness of privacy issues, 2) knowledge of privacy best practices, and 3) time for handling privacy requirements. These problems have become more and more salient with the advent of a flurry of privacy requirements from platform providers (e.g., Google Play and Apple App Store) and laws (e.g., GDPR, CCPA), creating urgent needs for designing effective, opportune, and usable privacy support for developers.

Hence, I propose Privacy-Enhancing Developer Support as a new area of interest at the intersection of privacy, HCI, and software engineering research. The first challenge is that although there has been some research on developers' challenges for handling privacy requirements, they tend to be more descriptive than prescriptive. Therefore, our community still lacks a clear direction of how to solve the problems. To fill in this gap, I first synthesize developers' needs for designing privacy-enhancing developer support based on my work and past literature to provide a roadmap for future explorations into this problem.

Informed by the identified needs, I demonstrate my exploration into a specific type of solution: Privacy-Enhancing Development Environment. I propose privacy annotation, a type of structured metadata that embeds privacy information such as data use purposes directly in code. Based on this concept, I designed and implemented plugins for Android Studio, the official Integrated Development Environment (IDE) for Android development, to increase developers' awareness and knowledge of privacy best practices and to reduce the work required for complying with privacy requirements. The overarching design goal is that with one set of annotations, my tools can offer developers various types of privacy support, such as reminding developers of privacy issues while programming and automatically generating privacy user interfaces to enhance data transparency and control for users.

Apple and Google recently announced requirements for developers to create privacy nutrition labels. However, my prior work about how iOS developers created Apple privacy nutrition labels have revealed numerous challenges. In my proposed work, I want to design an IDE plugin (tentatively named Matcha) that leverages privacy annotations to help Android developers create accurate privacy nutrition labels. I will propose a unified design of privacy annotation across Coconut, Honeysuckle, and Matcha, so the developers who annotate the code for generating privacy labels can also take advantage of other privacy features. I will conduct survey studies to understand the challenges for Android developers and use the insights to design and implement Matcha. Finally, I plan to evaluate Matcha on annotating an existing app and adding annotations while programming a new app.
 
Draft Document:

Host
Queenie Kravitz