SlideShare une entreprise Scribd logo

The Privacy and Security Behaviors of Smartphone, at USEC 2014

Télécharger en tant que PPTX, PDF
Jason Hong
Jason Hong

Talk presented at USEC 2014. Smartphone app developers have to make many privacy-related decisions about what data to collect about end-users, and how that data is used. We explore how app developers make decisions about privacy and security. Additionally, we examine whether any privacy and security behaviors are related to characteristics of the app development companies. We conduct a series of interviews with 13 app developers to obtain rich qualitative information about privacy and security decision-making. We use an online survey of 228 app developers to quantify behaviors and test our hypotheses about the relationship between privacy and security behaviors and company characteristics. We find that smaller companies are less likely to demonstrate positive privacy and security behaviors. Additionally, although third-party tools for ads and analytics are pervasive, developers aren’t aware of the data collected by these tools. We suggest tools and opportunities to reduce the barriers for app developers to implement privacy and security best practices.

Technologie
1  sur  26
1 Engineering & Public Policy The Privacy and Security Behaviors of Smartphone App Developers Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith Cranor
App Developer decisions • Privacy and Security features compete with • Features requested by customers • Data requested by financers • Revenue model 2
Research Project • Exploratory Interviews • Quantitative on-line study 3
Findings • Small companies lack privacy and security behaviors • Small company developers rely on social ties for advice • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used 4
Participant Recruitment • 13 developers interviewed • Recruited through craigslist and Meetups • $20 for one-hour interview 5
Participant Demographics • Variety of revenue models • Advertising • Subscription • Pay-per-use • Non-Profit • Seven different states • Small company size well-represented 6
Tools impact privacy and security • Interviewees do: • Use cloud computing • Use authentication tools such as Facebook • Use analytics such as Google and Flurry • Use open source tools such as mysql 7
Tools not used • Interviewees don‟t use or are unaware of: • Use privacy policy generators • Use security audits • Read third-party privacy policies • Delete data 8
9
On-line surveys • 228 app developers • Paid $5 (avg: 15 minutes) • Recruited through craigslist, reddit, Facebook, backpage.com • Developer demographics • Majority were „Programmer or Software Engineer‟ or „Product or Project Manager‟ • Avg age: 30 (18-50 years) 10
Company demographics • Platforms • iOS (62%) • Android (62%) • Windows (17%) • Blackberry (4%) • Palm (3%) • Large Company Size well-represented 11
Data collected or stored Behavior Collect or Store Parameters specific to my app 84% Which apps are installed 74% Location 72% Sensor information (not location-related) 63% 12
Privacy and security behaviors Behavior Percent Use SSL 84% Encrypt everything (all data collected) 57% Have CPO or equivalent 78% Privacy Policy on website 58% 13 • Room for improvement!
Company size and behaviors 14
Who do you turn to? 15
Who do you turn to? 16
Ad and analytics heavily used • 87.4% use at least one analytics company • 86.5% use at least one advertising company 17
Third-party tools 18
How Familiar Are You With The Types Of Data Collected By Third-Party Tools 19
Findings • Small companies lack privacy and security behaviors • Free or quick tools needed • Usable tools needed • Small company developers rely on social ties for advice • Opportunities for intervention in social networks • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used • Third-party tools should be explicit about data handling 20
balebako@cmu.edu Questions?
Privacy Policies Are Not Considered Useful “I haven‟t even read [our privacy policy]. I mean, it‟s just legal stuff that‟s required, so I just put in there.” – P4 22
Developers have time and resource constraints • “I don‟t see the time it would take to implement that over cutting and pasting someone else‟s privacy policies.... I don‟t see the value being such that that‟s worth it.” -P10 23
Privacy and security behaviors Behavior Percent Use SSL 83.8% Encrypt data on phone 59.6% Encrypt data in database 53.1% Encrypt everything (all data collected) 57.0% Revenue from advertising 48.2% Have CPO or equivalent 78.1% Privacy Policy on website 57.9% 24
Ad and analytics Ad or analytic provider percent Google analytics 82% Google ads 64% Flurry analytics 17% No ads 13% No analytics 13% 25
Advice 26

Recommandé

Effective data governance for customer intelligence
Effective data governance for customer intelligenceEffective data governance for customer intelligence
Effective data governance for customer intelligenceGary Allemann
 
Implementing A User Activity & Behavior Monitoring Program
Implementing A User Activity & Behavior Monitoring ProgramImplementing A User Activity & Behavior Monitoring Program
Implementing A User Activity & Behavior Monitoring ProgramVeriato
 
Jules Polonetsky: Ethics & Privacy & Strategy in the Age of Big Data
Jules Polonetsky: Ethics & Privacy & Strategy in the Age of Big DataJules Polonetsky: Ethics & Privacy & Strategy in the Age of Big Data
Jules Polonetsky: Ethics & Privacy & Strategy in the Age of Big DataBalanced Scorecard Institute-Spider Strategies Strategy Execution Summit 2015
 
Make good products great with data and analytics
Make good products great with data and analyticsMake good products great with data and analytics
Make good products great with data and analyticsDavid Mathias
 
Generating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DGenerating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DMerlien Institute
 
It's all about big data
It's all about big dataIt's all about big data
It's all about big dataYuxin Tu, PhD
 
AI Weekly - April 5, 2021
AI Weekly - April 5, 2021AI Weekly - April 5, 2021
AI Weekly - April 5, 2021Bruno Aziza
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4Elliott Franklin
 

Recommandé

Effective data governance for customer intelligence
Effective data governance for customer intelligenceEffective data governance for customer intelligence
Effective data governance for customer intelligenceGary Allemann
 
Implementing A User Activity & Behavior Monitoring Program
Implementing A User Activity & Behavior Monitoring ProgramImplementing A User Activity & Behavior Monitoring Program
Implementing A User Activity & Behavior Monitoring ProgramVeriato
 
Jules Polonetsky: Ethics & Privacy & Strategy in the Age of Big Data
Jules Polonetsky: Ethics & Privacy & Strategy in the Age of Big DataJules Polonetsky: Ethics & Privacy & Strategy in the Age of Big Data
Jules Polonetsky: Ethics & Privacy & Strategy in the Age of Big DataBalanced Scorecard Institute-Spider Strategies Strategy Execution Summit 2015
 
Make good products great with data and analytics
Make good products great with data and analyticsMake good products great with data and analytics
Make good products great with data and analyticsDavid Mathias
 
Generating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DGenerating actionable consumer insights from analytics - Telekom R&D
Generating actionable consumer insights from analytics - Telekom R&DMerlien Institute
 
It's all about big data
It's all about big dataIt's all about big data
It's all about big dataYuxin Tu, PhD
 
AI Weekly - April 5, 2021
AI Weekly - April 5, 2021AI Weekly - April 5, 2021
AI Weekly - April 5, 2021Bruno Aziza
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4Elliott Franklin
 
Increasing your vertical
Increasing your verticalIncreasing your vertical
Increasing your verticalHellen Meyer
 
Earn money today
Earn money todayEarn money today
Earn money todayHellen Meyer
 
How can i jump higher
How can i jump higherHow can i jump higher
How can i jump higherHellen Meyer
 
Module 5 lesson 5 remediation
Module 5 lesson 5 remediationModule 5 lesson 5 remediation
Module 5 lesson 5 remediationcrystalpullen
 
Surveys pay
Surveys paySurveys pay
Surveys payHellen Meyer
 
Formulas and functions
Formulas and functionsFormulas and functions
Formulas and functionscrystalpullen
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptxJesse Wilkins
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilienceRishi Kant
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...Aggregage
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanMediacurrent
 
Change Your Search to Find – SharePoint and Office 365 Webinar
Change Your Search to Find – SharePoint and Office 365 WebinarChange Your Search to Find – SharePoint and Office 365 Webinar
Change Your Search to Find – SharePoint and Office 365 WebinarConcept Searching, Inc
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsSarah K Miller
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptxRavindra Babu
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and SecurityArianto Muditomo
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Evaluating the use of search engines and social Media today
Evaluating the use of search engines and social Media todayEvaluating the use of search engines and social Media today
Evaluating the use of search engines and social Media todaySimeon Bala
 
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...Caveon Test Security
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 

Contenu connexe

En vedette

Increasing your vertical
Increasing your verticalIncreasing your vertical
Increasing your verticalHellen Meyer
 
How can i jump higher
How can i jump higherHow can i jump higher
How can i jump higherHellen Meyer
 
Module 5 lesson 5 remediation
Module 5 lesson 5 remediationModule 5 lesson 5 remediation
Module 5 lesson 5 remediationcrystalpullen
 
Formulas and functions
Formulas and functionsFormulas and functions
Formulas and functionscrystalpullen
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

En vedette (7)

Increasing your vertical
Increasing your verticalIncreasing your vertical
Increasing your vertical
 
Earn money today
Earn money todayEarn money today
Earn money today
 
How can i jump higher
How can i jump higherHow can i jump higher
How can i jump higher
 
Module 5 lesson 5 remediation
Module 5 lesson 5 remediationModule 5 lesson 5 remediation
Module 5 lesson 5 remediation
 
Surveys pay
Surveys paySurveys pay
Surveys pay
 
Formulas and functions
Formulas and functionsFormulas and functions
Formulas and functions
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Similaire à The Privacy and Security Behaviors of Smartphone, at USEC 2014

Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptxJesse Wilkins
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilienceRishi Kant
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...Aggregage
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanMediacurrent
 
Change Your Search to Find – SharePoint and Office 365 Webinar
Change Your Search to Find – SharePoint and Office 365 WebinarChange Your Search to Find – SharePoint and Office 365 Webinar
Change Your Search to Find – SharePoint and Office 365 WebinarConcept Searching, Inc
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsSarah K Miller
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptxRavindra Babu
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and SecurityArianto Muditomo
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with PrivacyJason Hong
 
Evaluating the use of search engines and social Media today
Evaluating the use of search engines and social Media todayEvaluating the use of search engines and social Media today
Evaluating the use of search engines and social Media todaySimeon Bala
 
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...Caveon Test Security
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
Taking the Share out of Sharepoint: SharePoint Application Security.
Taking the Share out of Sharepoint: SharePoint Application Security.Taking the Share out of Sharepoint: SharePoint Application Security.
Taking the Share out of Sharepoint: SharePoint Application Security.Aspenware
 
7 principles of good intranet governance
7 principles of good intranet governance7 principles of good intranet governance
7 principles of good intranet governanceIntranätverk
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Synopsys Software Integrity Group
 
Cooperability for Interoperability
Cooperability for Interoperability Cooperability for Interoperability
Cooperability for Interoperability MEASURE Evaluation
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarConcept Searching, Inc
 

Similaire à The Privacy and Security Behaviors of Smartphone, at USEC 2014 (20)

Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptx
 
GDPR | Cyber security process resilience
GDPR | Cyber security process resilienceGDPR | Cyber security process resilience
GDPR | Cyber security process resilience
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
Change Your Search to Find – SharePoint and Office 365 Webinar
Change Your Search to Find – SharePoint and Office 365 WebinarChange Your Search to Find – SharePoint and Office 365 Webinar
Change Your Search to Find – SharePoint and Office 365 Webinar
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public Educators
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and Security
 
Helping Developers with Privacy
Helping Developers with PrivacyHelping Developers with Privacy
Helping Developers with Privacy
 
Evaluating the use of search engines and social Media today
Evaluating the use of search engines and social Media todayEvaluating the use of search engines and social Media today
Evaluating the use of search engines and social Media today
 
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
Caveon Webinar Series - Security Challenges in Creating Testing Programs - Se...
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
Taking the Share out of Sharepoint: SharePoint Application Security.
Taking the Share out of Sharepoint: SharePoint Application Security.Taking the Share out of Sharepoint: SharePoint Application Security.
Taking the Share out of Sharepoint: SharePoint Application Security.
 
7 principles of good intranet governance
7 principles of good intranet governance7 principles of good intranet governance
7 principles of good intranet governance
 
Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...Flight East 2018 Presentation–You've got your open source audit report, now w...
Flight East 2018 Presentation–You've got your open source audit report, now w...
 
Cooperability for Interoperability
Cooperability for Interoperability Cooperability for Interoperability
Cooperability for Interoperability
 
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World WebinarDiscovery, Risk, and Insight in a Metadata-Driven World Webinar
Discovery, Risk, and Insight in a Metadata-Driven World Webinar
 

Dernier

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Dernier (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

The Privacy and Security Behaviors of Smartphone, at USEC 2014

  • 1. 1 Engineering & Public Policy The Privacy and Security Behaviors of Smartphone App Developers Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason Hong, Lorrie Faith Cranor
  • 2. App Developer decisions • Privacy and Security features compete with • Features requested by customers • Data requested by financers • Revenue model 2
  • 3. Research Project • Exploratory Interviews • Quantitative on-line study 3
  • 4. Findings • Small companies lack privacy and security behaviors • Small company developers rely on social ties for advice • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used 4
  • 5. Participant Recruitment • 13 developers interviewed • Recruited through craigslist and Meetups • $20 for one-hour interview 5
  • 6. Participant Demographics • Variety of revenue models • Advertising • Subscription • Pay-per-use • Non-Profit • Seven different states • Small company size well-represented 6
  • 7. Tools impact privacy and security • Interviewees do: • Use cloud computing • Use authentication tools such as Facebook • Use analytics such as Google and Flurry • Use open source tools such as mysql 7
  • 8. Tools not used • Interviewees don‟t use or are unaware of: • Use privacy policy generators • Use security audits • Read third-party privacy policies • Delete data 8
  • 9. 9
  • 10. On-line surveys • 228 app developers • Paid $5 (avg: 15 minutes) • Recruited through craigslist, reddit, Facebook, backpage.com • Developer demographics • Majority were „Programmer or Software Engineer‟ or „Product or Project Manager‟ • Avg age: 30 (18-50 years) 10
  • 11. Company demographics • Platforms • iOS (62%) • Android (62%) • Windows (17%) • Blackberry (4%) • Palm (3%) • Large Company Size well-represented 11
  • 12. Data collected or stored Behavior Collect or Store Parameters specific to my app 84% Which apps are installed 74% Location 72% Sensor information (not location-related) 63% 12
  • 13. Privacy and security behaviors Behavior Percent Use SSL 84% Encrypt everything (all data collected) 57% Have CPO or equivalent 78% Privacy Policy on website 58% 13 • Room for improvement!
  • 14. Company size and behaviors 14
  • 15. Who do you turn to? 15
  • 16. Who do you turn to? 16
  • 17. Ad and analytics heavily used • 87.4% use at least one analytics company • 86.5% use at least one advertising company 17
  • 19. How Familiar Are You With The Types Of Data Collected By Third-Party Tools 19
  • 20. Findings • Small companies lack privacy and security behaviors • Free or quick tools needed • Usable tools needed • Small company developers rely on social ties for advice • Opportunities for intervention in social networks • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used • Third-party tools should be explicit about data handling 20
  • 22. Privacy Policies Are Not Considered Useful “I haven‟t even read [our privacy policy]. I mean, it‟s just legal stuff that‟s required, so I just put in there.” – P4 22
  • 23. Developers have time and resource constraints • “I don‟t see the time it would take to implement that over cutting and pasting someone else‟s privacy policies.... I don‟t see the value being such that that‟s worth it.” -P10 23
  • 24. Privacy and security behaviors Behavior Percent Use SSL 83.8% Encrypt data on phone 59.6% Encrypt data in database 53.1% Encrypt everything (all data collected) 57.0% Revenue from advertising 48.2% Have CPO or equivalent 78.1% Privacy Policy on website 57.9% 24
  • 25. Ad and analytics Ad or analytic provider percent Google analytics 82% Google ads 64% Flurry analytics 17% No ads 13% No analytics 13% 25

Notes de l'éditeur

  1. Presented at USEC 2014http://www.usecap.org/usec14.html
  2. Opportunities to teach So what or now what? Call to action- usable tools- third-party librarues
  3. Discarded 232 results.
  4. 1 employee: 5%2-9 employees: 15%10-30 employees: 20%31-100 employees: 48%100+ employees: 12%
  5. We found that the size of a company does help determinewhether they have a CPO (2 test p< 0.001), whether they havea privacy policy (2 tests p=.002), and whether they encrypteverything (2 tests p< 0.001). However, the company sizewas not correlated with SSL using the conservative correctedsignificance level (2 tests p=.009).
  6. “Who, if anyone, doyou turn to when you have questions about consumer privacy and security?”
  7. “Who, if anyone, doyou turn to when you have questions about consumer privacy and security?”Options included: Developers from meetups, developers within my company, lawert within and outside companyKruskal-Wallis test p<.0001
  8. most app developers (87.4\%) used at least one analytics company, with one in five using two or more analytics companies.Most apps also used an advertising company: 86.5\% selected one or more advertising companies in use, using on average 1.78 ad companies (SD=1.33).
  9. Many tools or documents that help app developers make privacy decisions discuss third-party data sharing. For example, The CA AG recommendation says that app developers should…
  10. This is indicates that users are confused about the term ‘third-party tools’ and that tools and documents should clarify that these include ads and analyticsPie chart fonts are to small to see
  11. Ooputunities to teach So what or now what? Call to action - usable tools- third-party librarues
  12. most app developers (87.4\%) used at least one analytics company, with one in five using two or more analytics companies.Most apps also used an advertising company: 86.5\% selected one or more advertising companies in use, using on average 1.78 ad companies (SD=1.33).
  13. Who if anyone, do you turn to when you have questions about privacy and security