How Developers Talk About Personal Data and What It Means for User Privacy
Proceedings of the ACM on Human-Computer Interaction
While online developer forums are major resources of knowledge for application developers, their roles in promoting better privacy practices remain underexplored. In this paper, we conducted a qualitative analysis of a sample of 207 threads (4772 unique posts) mentioning different forms of personal data from the /r/androiddev forum on Reddit. We started with bottom-up open coding on the sampled posts to develop a typology of discussions about personal data use and conducted follow-up analyses
... understand what types of posts elicited in-depth discussions on privacy issues or mentioned risky data practices. Our results show that Android developers rarely discussed privacy concerns when talking about a specific app design or implementation problem, but often had active discussions around privacy when stimulated by certain external events representing new privacy-enhancing restrictions from the Android operating system, app store policies, or privacy laws. Developers often felt these restrictions could cause considerable cost yet fail to generate any compelling benefit for themselves. Given these results, we present a set of suggestions for Android OS and the app store to design more effective methods to enhance privacy, and for developer forums (e.g., /r/androiddev) to encourage more in-depth privacy discussions and nudge developers to think more about privacy. CCS Concepts: • Human-centered computing → Human computer interaction (HCI); Empirical studies in collaborative and social computing; • Security and privacy → Human and societal aspects of security and privacy; Software security engineering.