Abstract
Mobile apps enable ad networks to collect and track users. App developers are given “configurations” on these platforms to limit data collection and adhere to privacy regulations; however, the prevalence of apps that violate privacy regulations because of third parties, including ad networks, begs the question of how developers work through these configurations and how easy they are to utilize. We study privacy regulations-related interfaces on three widely used ad networks using two empirical studies, a systematic review and think-aloud sessions with eleven developers, to shed light on how ad networks present privacy regulations and how usable the provided configurations are for developers. We find that information about privacy regulations is scattered in several pages, buried under multiple layers, and uses terms and language developers do not understand. While ad networks put the burden of complying with the regulations on developers, our participants, on the other hand, see ad networks responsible for ensuring compliance with regulations. To assist developers in building privacy regulations-compliant apps, we suggest dedicating a section to privacy, offering easily accessible configurations (both in graphical and code level), building testing systems for privacy regulations, and creating multimedia materials such as videos to promote privacy values in the ad networks’ documentation.
We find that information about privacy regulations is scattered in several pages, buried under multiple layers, and uses terms and language developers do not understand. While ad networks put the burden of complying with the regulations on developers, our participants, on the other hand, see ad networks responsible for ensuring compliance with regulations. To assist developers in building privacy regulations-compliant apps, we suggest dedicating a section to privacy, offering easily accessible configurations (both in graphical and code level), building testing systems for privacy regulations, and creating multimedia materials such as videos to promote privacy values in the ad networks' documentation.
We find that information about privacy regulations is scattered in several pages, buried under multiple layers, and uses terms and language developers do not understand. While ad networks put the burden of complying with the regulations on developers, our participants, on the other hand, see ad networks responsible for ensuring compliance with regulations. To assist developers in building privacy regulations-compliant apps, we suggest dedicating a section to privacy, offering easily accessible configurations (both in graphical and code level), building testing systems for privacy regulations, and creating multimedia materials such as videos to promote privacy values in the ad networks' documentation.
| Original language | English |
|---|---|
| Title of host publication | Proceedings on privacy enhancing technologies symposium |
| Publisher | De Gruyter Open Ltd. |
| Pages | 33–56 |
| Number of pages | 24 |
| DOIs | |
| Publication status | Published - 15 Jul 2022 |
| Event | The 22nd Privacy Enhancing Technologies Symposium - Sydney, Australia Duration: 11 Jul 2022 → 15 Jul 2022 |
Publication series
| Name | Proceedings on Privacy Enhancing Technologies |
|---|---|
| Publisher | De Gruyter Open |
| Number | 3 |
| Volume | 2022 |
| ISSN (Electronic) | 2299-0984 |
Conference
| Conference | The 22nd Privacy Enhancing Technologies Symposium |
|---|---|
| Country/Territory | Australia |
| City | Sydney |
| Period | 11/07/22 → 15/07/22 |
Keywords
- usable privacy
- software developers
- ad networks
- privacy regulations
- CCPA
- COPPA
- GDPR