the privacy and
play

The Privacy and CyLab Security Behaviors of Smartphone - PowerPoint PPT Presentation

May 04, 2023 •378 likes •646 views

The Privacy and CyLab Security Behaviors of Smartphone Engineering & App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y & c S a e v c i u r P r i t e y l b L a

  1. The Privacy and CyLab Security Behaviors of Smartphone 
 Engineering & App Developers Public Policy Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith y & c S a e v c i u r P r i t e y l b L a Cranor a s b U o b r a a t L o y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. 2 App Developer decisions • Privacy and Security features compete with • Features requested by customers • Data requested by financers • Revenue model

  3. 3 Research Project • Exploratory Interviews • Quantitative on-line study

  4. 4 Findings • Small companies lack privacy and security behaviors • Small company developers rely on social ties for advice • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used

  5. 5 Participant Recruitment • 13 developers interviewed • Recruited through craigslist and Meetups • $20 for one-hour interview

  6. 6 Participant Demographics • Variety of revenue models Advertising • Subscription • Pay-per-use • Non-Profit • • Seven different states • Small company size well-represented

  7. 7 Tools impact privacy and security • Interviewees do: • Use cloud computing • Use authentication tools such as Facebook • Use analytics such as Google and Flurry • Use open source tools such as mysql

  8. 8 Tools not used • Interviewees don’t use or are unaware of: • Use privacy policy generators • Use security audits • Read third-party privacy policies • Delete data

  9. 9

  10. 10 On-line surveys • 228 app developers • Paid $5 (avg: 15 minutes) • Recruited through craigslist, reddit, Facebook, backpage.com • Developer demographics • Majority were ‘Programmer or Software Engineer’ or ‘Product or Project Manager’ • Avg age: 30 (18-50 years)

  11. 11 Company demographics • Platforms • iOS (62%) • Android (62%) • Windows (17%) • Blackberry (4%) • Palm (3%) • Large Company Size well-represented

  12. 12 Data collected or stored Behavior Collect or Store Parameters specific to my app 84% Which apps are installed 74% Location 72% Sensor information (not location-related) 63%

  13. 13 Privacy and security behaviors Behavior Percent Use SSL 84% Encrypt everything (all data collected) 57% Have CPO or equivalent 78% Privacy Policy on website 58% • Room for improvement!

  14. 14 Company size and behaviors

  15. 15 Who do you turn to?

  16. 16 Who do you turn to?

  17. 17 Ad and analytics heavily used • 87.4% use at least one analytics company • 86.5% use at least one advertising company

  18. 18 Third-party tools

  19. 19 How Familiar Are You With The Types Of Data Collected By Third-Party Tools

  20. 20 Findings • Small companies lack privacy and security behaviors Free or quick tools needed • Usable tools needed • • Small company developers rely on social ties for advice Opportunities for intervention in social networks • • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used Third-party tools should be explicit about data handling •

  21. Questions? balebako@cmu.edu

  22. 22 Privacy Policies Are Not Considered Useful “I haven’t even read [our privacy policy]. I mean, it’s just legal stuff that’s required, so I just put in there.” – P4

  23. 23 Developers have time and resource constraints • “I don’t see the time it would take to implement that over cutting and pasting someone else’s privacy policies.... I don’t see the value being such that that’s worth it.” -P10

  24. 24 Privacy and security behaviors Behavior Percent Use SSL 83.8% Encrypt data on phone 59.6% Encrypt data in database 53.1% Encrypt everything (all data collected) 57.0% Revenue from advertising 48.2% Have CPO or equivalent 78.1% Privacy Policy on website 57.9%

  25. 25 Ad and analytics Ad or analytic provider percent Google analytics 82% Google ads 64% Flurry analytics 17% No ads 13% No analytics 13%

  26. 26 Advice

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Selection and Execution of User Level Test Cases for Energy Cost Evaluation of Smartphones

Selection and Execution of User Level Test Cases for Energy Cost Evaluation of Smartphones

Selection and Execution of User Level Test Cases for Energy Cost Evaluation of Smartphones Rajesh Palit PhD Candidate Co-authors: R Arya, S Naik, A Singh Department of E&CE Tuesday, May 24, 2011 Motivation Rapid development of

443 views • 19 slides
void fuzz(char* buf, int& len){ void fuzz(char* buf, int& len){ void fuzz(char* buf,

void fuzz(char* buf, int& len){ void fuzz(char* buf, int& len){ void fuzz(char* buf,

void fuzz(char* buf, int& len){ void fuzz(char* buf, int& len){ void fuzz(char* buf, int& len){ void fuzz(char* buf, int& len){ void fuzz(char* buf, int& len){ int q = rand()%20; int q = rand()%20; int q = rand()%20; int

836 views • 61 slides
Java for Small Devices Java 2 Microedition & Blackberry HASSO-PLATTNERINSTITUT f r S

Java for Small Devices Java 2 Microedition & Blackberry HASSO-PLATTNERINSTITUT f r S

Java for Small Devices Java 2 Microedition & Blackberry HASSO-PLATTNERINSTITUT f r S o f t w a r e s y s t e m t e c h n i k Agenda Introduction, Motivation, Overview The Mobile World Problems implied by Mobile Devices

1.14k views • 85 slides
Smart Devices @ Givaudan From BYOD experience to new mobile opportunities Givaudan 2 Whats

Smart Devices @ Givaudan From BYOD experience to new mobile opportunities Givaudan 2 Whats

Smart Devices @ Givaudan From BYOD experience to new mobile opportunities Givaudan 2 Whats going on ? Consumerization of IT Personal device proliferation Personal cloud services proliferation Millenials generation

407 views • 17 slides
Dropbox for Education @ UNCSA Old tools impose boundaries In-person Size limits Internal-only

Dropbox for Education @ UNCSA Old tools impose boundaries In-person Size limits Internal-only

Dropbox for Education @ UNCSA Old tools impose boundaries In-person Size limits Internal-only Low adoption To get around these limitations UNCSA personnel have used ad-hoc tools including Dropbox personal and premium accounts Wheres

350 views • 18 slides
Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S.

Elliptic Curve Cryptography: Invention and Impact: The invasion of the Number Theorists Victor S. Miller IDA Center for Communications Research Princeton, NJ 08540 USA 24 May, 2007 Victor S. Miller (CCR) Elliptic Curve Cryptography 24 May,

1.08k views • 69 slides
MobiCloud Power of Clouds in Your Pocket : An Efficient Approach for Cloud Mobile Hybrid

MobiCloud Power of Clouds in Your Pocket : An Efficient Approach for Cloud Mobile Hybrid

MobiCloud Power of Clouds in Your Pocket : An Efficient Approach for Cloud Mobile Hybrid Application Development Ashwin Manjunatha , Ajith H. Ranabahu , Amit Sheth, Krishnaprasad Thirunarayan Kno.e.sis Center Wright State University 1 Agenda

506 views • 26 slides
Opinion Dynamics over Signed Social Networks Guodong Shi Research School of Engineering The

Opinion Dynamics over Signed Social Networks Guodong Shi Research School of Engineering The

Opinion Dynamics over Signed Social Networks Guodong Shi Research School of Engineering The Australian Na@onal University, Canberra, Australia Ins@tute for Systems Research The University of Maryland, College Park May 2, 2016 1 Joint work

535 views • 39 slides

More recommend