HCII Thesis Defense: Tianshi Li
When
-
Description
Privacy-Enhancing Development Environment
Tianshi Li
HCII Ph.D. Thesis Defense
Time and Location:
Friday, December 16, 2022 at 2:00 pm (EST)
GHC 6501
Join remotely on Zoom (Details below)
Thesis Committee:
Jason I. Hong (Chair, HCII)
Lorrie Faith Cranor (HCII)
Brad Myers (HCII)
Yuvraj Agarwal (CMU ISR)
Tadayoshi Kohno (University of Washington)
Abstract:
Data has driven many technological advancements, while the ubiquitous collection and sharing of data have caused a privacy trust crisis in our society. Developers' nuanced understanding of their app's behavior and ability to adjust the app design put them in a critical role in making apps that respect the norms and users' expectations of data use. However, developers are not privacy experts. Developing a privacy-friendly app is often a challenging task due to their lack of 1) awareness of privacy issues, 2) knowledge of privacy best practices, and 3) time for handling privacy requirements. These problems have become more and more salient with the advent of a flurry of privacy requirements from platform providers (e.g., Google Play and Apple App Store) and laws (e.g., GDPR, CCPA), creating urgent needs for designing effective, opportune, and usable privacy support for developers.
Hence, I propose Privacy-Enhancing Developer Support as a new area of interest at the intersection of privacy, HCI, and software engineering research. The first challenge is that although there has been some research on developers’ challenges for handling privacy requirements, they tend to be more descriptive than prescriptive. Therefore, our community still lacks a clear direction of how to solve the problems. To fill in this gap, I first synthesize developers’ needs for designing privacy-enhancing developer support based on my work and past literature to provide a roadmap for future explorations into this problem.
Informed by the identified needs, I demonstrate my work that pioneers a novel type of developer tooling: Privacy-Enhancing Development Environment. I propose privacy annotation, a type of structured metadata that embeds privacy information such as data use purposes directly in code. Based on this concept, I designed and implemented three plugins for Android Studio, the official Integrated Development Environment (IDE) for Android development, to increase developers’ awareness and knowledge of privacy best practices and to reduce the work required for complying with privacy requirements. With one set of annotations, my tools offer privacy support in multiple aspects, including 1) detection of sensitive API calls and third-party SDKs to support accurate understanding, documentation, and disclosure of data practices, 2) just-in-time reminders and lightweight code repair features (quick-fixes) to help developers conform to best practices, and 3) annotation-based declarative programming to generate in-app privacy notices and privacy nutrition labels required by app stores.
Draft Document:
https://github.com/i7mist/phd_dissertation/blob/main/thesis_defense_doc…
Zoom details:
Tianshi Li is inviting you to a scheduled Zoom meeting.
Topic: Tianshi Li's Thesis Defense
Time: Dec 16, 2022 02:00 PM Eastern Time (US and Canada)
Join Zoom Meeting
https://cmu.zoom.us/j/98558178142?pwd=Z2YwSllMR1N6ZWN3RjJLbGkrbTV2UT09