Abstract
This paper critically examines the intersection of privacy concerns in children's apps and the support required by developers to effectively address these concerns. Third-party libraries and software development kits (SDKs) are widely used in mobile app development, however, these libraries are commonly known for posing significant data privacy risks to users. Recent research has shown that app developers for children are particularly struggling with the lack of support in navigating the complex market of third-party SDKs. The support needed for developers to build privacy-friendly apps is largely understudied. Motivated by the needs of developers and an empirical analysis of 137 'expert-approved' children's apps, we designed DataAvalanche.io, a web-based tool to support app developers in navigating the privacy and legal implications associated with common third-party SDKs on the market. Through semi-structured interviews with 12 app developers for children, we demonstrate that app developers largely perceive the transparency supported by our tool positively. However, they raised several barriers, including the challenges of adopting privacy-friendly alternatives and the struggle to safeguard their own legal interests when facing the imbalance of power in the app market. We contribute to our understanding of the open challenges and barriers faced by app developers in creating privacy-friendly apps for children and provide critical future design and policy directions.
- 2020. Age appropriate design: a code of practice for online services. https://ico.org.uk/media/for-organisations/guide-to-data-protection/key-data-protection-themes/age-appropriate-design-a-code-of-practice-for-online-services-2-1.pdf.Google Scholar
- Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, and Christian Stransky. 2016. You get where you're looking for: The impact of information sources on code security. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 289--305.Google ScholarCross Ref
- Amelia Acker and Leanne Bowler. 2018. Youth data literacy: teen perspectives on data created with social media and mobile devices. (2018).Google Scholar
- Alessandro Acquisti, Curtis Taylor, and Liad Wagman. 2016. The economics of privacy. Journal of Economic Literature 54, 2 (2016), 442--92.Google ScholarCross Ref
- Noura Alomar and Serge Egelman. 2022. Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps. Proceedings on Privacy Enhancing Technologies 4 (2022), 2022.Google Scholar
- Hala Assal and Sonia Chiasson. 2019. 'Think secure from the beginning': A Survey with Software Developers. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 289.Google ScholarDigital Library
- Jane Bailey. 2015. A perfect storm: How the online environment, social norms and law shape girls' lives. (2015).Google Scholar
- Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason I Hong, and Lorrie Cranor. 2014. The privacy and security behaviors of smartphone app developers. (2014).Google Scholar
- Claire Balleys and Sami Coll. 2017. Being publicly intimate: Teenagers managing online privacy. Media, Culture & Society 39, 6 (2017), 885--901.Google ScholarCross Ref
- Kenneth A Bamberger, Serge Egelman, Catherine Han, Amit Elazari Bar On, and Irwin Reyes. 2020. Can you pay for privacy? consumer expectations and the behavior of free and paid apps. Berkeley Technology Law Journal 35 (2020).Google Scholar
- Kathrin Bednar, Sarah Spiekermann, and Marc Langheinrich. 2019. Engineering Privacy by Design: Are engineers ready to live up to the challenge? The Information Society 35, 3 (2019), 122--142.Google ScholarCross Ref
- Reuben Binns, Ulrik Lyngs, Max Van Kleek, Jun Zhao, Timothy Libert, and Nigel Shadbolt. 2018. Third party tracking in the mobile ecosystem. In Proceedings of the 10th ACM Conference on Web Science. ACM, 23--31.Google ScholarDigital Library
- Reuben Binns, Jun Zhao, Max Van Kleek, and Nigel Shadbolt. 2018. Measuring third-party tracker power across web and mobile. ACM Transactions on Internet Technology (TOIT) 18, 4 (2018), 1--22.Google ScholarDigital Library
- Theodore Book, Adam Pridgen, and Dan S Wallach. 2013. Longitudinal analysis of android ad library permissions. arXiv preprint arXiv:1303.0857 (2013).Google Scholar
- Leanne Bowler, Amelia Acker, Wei Jeng, and Yu Chi. 2017. "It lives all around us": Aspects of data literacy in teen's lives. Proceedings of the Association for Information Science and Technology 54, 1 (2017), 27--35.Google ScholarCross Ref
- Great Britain. 2018. Children and parents: Media use and attitudes report 2018. Ofcom.Google Scholar
- Great Britain. 2022. Children and parents: Media use and attitudes report 2022. Ofcom.Google Scholar
- John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4--7.Google Scholar
- Interactive Advertising Bureau. 2015. IAB Internet Advertising Revenue Report: 2015 Full Year Results.Google Scholar
- Stephane Chaudron, Rosanna Di Gioia, and Monica Gemo. 2018. Young children (0-8) and digital technology, a qualitative study across Europe. JRC Science for Policy Report (2018).Google Scholar
- Sean Coughlan. 2018. 'Sharenting'puts young at risk of online fraud. BBC News 21 (2018).Google Scholar
- Ratan Dey, Yuan Ding, and Keith W Ross. 2013. Profiling high-school students with facebook: how online privacy laws can actually increase minors' risk. In Proceedings of the 2013 conference on Internet measurement conference. 405--416.Google ScholarDigital Library
- Anirudh Ekambaranathan, Jun Zhao, and Max Van Kleek. 2020. Understanding Value and Design Choices Made by Android Family App Developers. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems. 1--10.Google ScholarDigital Library
- Anirudh Ekambaranathan, Jun Zhao, and Max Van Kleek. 2021. "Money makes the world go around": Identifying Barriers to Better Privacy in Children's Apps From Developers' Perspectives. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.Google ScholarDigital Library
- Lia Emanuel and Danaë Stanton Fraser. 2014. Exploring physical and digital identity with a teenage cohort. In Proceedings of the 2014 conference on Interaction design and children. 67--76.Google ScholarDigital Library
- ENISA. 2018. Privacy and data protection in mobile applications: A study on the app development ecosystem and the technical implementation of GDPR.Google Scholar
- Michael C Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. 2012. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, 101--112.Google ScholarDigital Library
- Greg Guest, Arwen Bunce, and Laura Johnson. 2006. How many interviews are enough? An experiment with data saturation and variability. Field methods 18, 1 (2006), 59--82.Google Scholar
- Catherine Han, Irwin Reyes, Amit Elazari Bar On, Joel Reardon, Álvaro Feal, Serge Egelman, and Narseo Vallina-Rodriguez. 2019. Do you get what you pay for? Comparing the privacy behaviors of free vs. paid apps. (2019).Google Scholar
- Bonnie E John and Hilary Packer. 1995. Learning and using the cognitive walkthrough method: a case study approach. In Proceedings of the SIGCHI conference on Human factors in computing systems. 429--436.Google ScholarDigital Library
- Nigel King. 2004. Essential Guide to Qualitative Methods in Organizational Research. SAGE Publications Ltd, London. https://doi.org/10.4135/9781446280119Google Scholar
- Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & security 64 (2017), 122--134.Google Scholar
- Konrad Kollnig, Pierre Dewitte, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, and Nigel Shadbolt. 2021. A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps. 181--196. https://www.usenix.org/conference/soups2021/presentation/kollnigGoogle Scholar
- Konrad Kollnig, Anastasia Shuba, Reuben Binns, Max Van Kleek, and Nigel Shadbolt. 2021. Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps. arXiv preprint arXiv:2109.13722 (2021).Google Scholar
- Jacob Leon Kröger, Jens Lindemann, and Dominik Herrmann. 2020. How do app vendors respond to subject access requests?: A longitudinal privacy study on iOS and Android Apps. ACM International Conference Proceeding Series. https://doi.org/10.1145/3407023.3407057Google ScholarDigital Library
- Priya Kumar, Shalmali Milind Naik, Utkarsha Ramesh Devkar, Marshini Chetty, Tamara L Clegg, and Jessica Vitak. 2017. 'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online. Proceedings of the ACM on Human-Computer Interaction 1, CSCW (2017), 64.Google ScholarDigital Library
- Gry Hasselbalch Lapenta and Rikke Frank Jørgensen. 2015. Youth, privacy and online media: Framing the right to privacy in public policy-making. First Monday (2015).Google Scholar
- Ilias Leontiadis, Christos Efstratiou, Marco Picone, and Cecilia Mascolo. 2012. Don't kill my ads!: balancing privacy in an ad-supported mobile application market. In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications. ACM, 2.Google ScholarDigital Library
- Tianshi Li, Yuvraj Agarwal, and Jason I Hong. 2018. Coconut: An IDE plugin for developing privacy-friendly apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 4 (2018), 1--35.Google ScholarDigital Library
- Tianshi Li, Elijah B Neundorfer, Yuvraj Agarwal, and Jason I Hong. 2021. Honeysuckle: Annotation-guided code generation of in-app privacy notices. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 5, 3 (2021).Google ScholarDigital Library
- Jialiu Lin. 2013. Understanding and capturing people's mobile app privacy preferences. Technical Report. CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE.Google Scholar
- Sonia Livingstone, Alicia Blum-Ross, and Dongmiao Zhang. 2018. What do parents think, and do, about their children's online privacy? (2018).Google Scholar
- Sonia Livingstone, Julia Davidson, Joanne Bryce, Saqba Batool, Ciaran Haughton, and Anulekha Nandi. 2017. Children's online activities, risks and safety: a literature review by the UKCCIS evidence group. (2017).Google Scholar
- A Longfield. 2018. Who knows what about me.Google Scholar
- Deborah Lupton and Ben Williamson. 2017. The datafied child: The dataveillance of children and implications for their rights. New Media & Society 19, 5 (2017), 780--794. https://doi.org/10.1177/1461444816686328 arXiv:https://doi.org/10.1177/1461444816686328Google ScholarCross Ref
- Abraham H Mhaidli, Yixin Zou, and Florian Schaub. 2019. "We can't live without them!" app developers' adoption of ad networks and their considerations of consumer risks. In Fifteenth Symposium on Usable Privacy and Security ({ SOUPS} 2019).Google Scholar
- Anca Micheti, Jacquelyn Burkell, and Valerie Steeves. 2010. Fixing broken doors: Strategies for drafting privacy policies young people can understand. Bulletin of Science, Technology & Society 30, 2 (2010), 130--143.Google ScholarCross Ref
- Maria Murumaa-Mengel. 2015. Drawing the threat: a study on perceptions of the online pervert among Estonian high school students. Young 23, 1 (2015), 1--18.Google ScholarCross Ref
- Finn Myrstad and Ingvar Tjøstheim. 2021. Out of Control. How consumers are exploited by the online advertising industry. (2021).Google Scholar
- Elijah Neundorfer and Alfredo J Perez. 2022. ClearCommPrivacy: communicating app privacy behavior in Android. In Proceedings of the 2022 ACM Southeast Conference. 248--253.Google ScholarDigital Library
- Ofcom. 2018. Children and Parents: Media Use and Attitudes.Google Scholar
- Luci Pangrazio and Neil Selwyn. 2018. "It's Not Like It's Life or Death or Whatever": Young People's Understandings of Social Media Data. Social Media+ Society 4, 3 (2018), 2056305118787808.Google Scholar
- Jochen Peter and Patti M Valkenburg. 2011. Adolescents' online privacy: Toward a developmental perspective. In Privacy online. Springer, 221--234.Google Scholar
- Google Play. 2022. Expert approved apps. https://play.google.com/intl/en-GB_ALL/console/about/programs/teacherapproved.Google Scholar
- Pooja Pradeep and Sujata Sriram. 2016. The virtual world of social networking sites: Adolescent's use and experiences. Psychology and Developing Societies 28, 1 (2016), 139--159.Google ScholarCross Ref
- Kate Raynes-Goldie and Matthew Allen. 2014. Gaming Privacy: a Canadian case study of a children's co-created privacy literacy game. Surveillance & Society 12, 3 (2014), 414--426.Google ScholarCross Ref
- Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale. Proceedings on Privacy Enhancing Technologies 2018, 3 (2018), 63--83.Google ScholarCross Ref
- John Rieman, Marita Franzke, and David Redmiles. 1995. Usability evaluation with the cognitive walkthrough. In Conference companion on Human factors in computing systems. 387--388.Google ScholarDigital Library
- Suranga Seneviratne, Harini Kolamunna, and Aruna Seneviratne. 2015. A measurement study of tracking in paid mobile applications. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. 1--6.Google ScholarDigital Library
- Wonsun Shin, Jisu Huh, and Ronald J Faber. 2012. Tweens' online privacy risks and the role of parental mediation. Journal of Broadcasting & Electronic Media 56, 4(2012), 632--649.Google ScholarCross Ref
- Wonsun Shin and Hyunjin Kang. 2016. Adolescents' privacy concerns and information disclosure online: The role of parents and the Internet. Computers in Human Behavior 54 (2016), 114--123.Google ScholarDigital Library
- Cristiana S Silva, Glívia AR Barbosa, Ismael S Silva, Tatiane S Silva, Fernando Mourão, and Flávio Coutinho. 2017. Privacy for children and teenagers on social networks from a usability perspective: a case study on Facebook. In Proceedings of the 2017 ACM on Web Science Conference. 63--71.Google ScholarDigital Library
- Daniel J Solove. 2021. The myth of the privacy paradox. Geo. Wash. L. Rev. 89 (2021), 1.Google Scholar
- Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Deciding on Personalized Ads: Nudging Developers About User Privacy. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). 573--596.Google Scholar
- Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.Google ScholarDigital Library
- Mohammad Tahaei and Kami Vaniea. 2021. "Developers Are Responsible": What Ad Networks Tell Developers About Privacy. In Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. 1--11.Google ScholarDigital Library
- Paul Voigt and Axel Von dem Bussche. 2017. The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing 10, 3152676 (2017), 10--5555.Google ScholarCross Ref
- Ge Wang, Jun Zhao, Max Van Kleek, and Nigel Shadbolt. 2022. 'Don't make assumptions about me!': Understanding Children's Perception of Datafication Online. (2022).Google Scholar
- Anna L. Wisniewski, Graeme T. Lloyd, and Graham J. Slater. 2022. Extant species fail to estimate ancestral geographical ranges at older nodes in primate phylogeny. Proceedings of the Royal Society B: Biological Sciences 289, 1975 (2022), 20212535. https://doi.org/10.1098/rspb.2021.2535 arXiv:https://royalsocietypublishing.org/doi/pdf/10.1098/rspb.2021.2535Google Scholar
- Jun Zhao, Ge Wang, Carys Dally, Petr Slovak, Julian Edbrooke-Childs, Max Van Kleek, and Nigel Shadbolt. 2019. I make up a silly name': Understanding Children's Perception of Privacy Risks Online. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 106.Google ScholarDigital Library
- Sebastian Zimmeck, Rafael Goldstein, and David Baraka. 2021. PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps.. In NDSS.Google Scholar
Index Terms
- Navigating the Data Avalanche: Towards Supporting Developers in Developing Privacy-Friendly Children's Apps
Recommendations
A parental perspective on apps for young children
Touchscreen applications (apps) for young children have seen increasingly high rates of growth with more than a hundred thousand now available apps. As with other media, parents play a key role in young children's app selection and use. However, to date,...
Saudi parents’ privacy concerns about their children’s smart device applications
AbstractIn this paper, we investigate Saudi parents’ privacy concerns regarding their children’s smart device applications (apps). To this end, we conducted a survey and analysed 119 responses. Our results show that Saudi parents expressed a ...
How Can We Design Privacy-Friendly Apps for Children? Using a Research through Design Process to Understand Developers' Needs and Challenges
CSCWMobile apps used by children often make use of harmful techniques, such as data tracking and targeted advertising. Previous research has suggested that developers face several systemic challenges in designing apps that prioritise children's best ...
Comments