Understanding Developers' Reasoning about Privacy and Security
Lead PI:
Katherine Shilton
Co-Pi:
Abstract

Cloud and mobile computing creates new platforms where applications developed by third-party vendors can access users' devices and computer users' private data. Examples include iPhone and Android apps, and cloud-based application marketplaces.  This project is a synergistic effort combining social behavioral science and secure software systems design. The first thrust of the project seeks to understand users' privacy expectations for their private data, and how the privacy policies vary in different social contexts. With this understanding, we will investigate how to build a platform such that 1) app developers can develop applications that respect users' privacy without being security experts; and 2) the system can understand and enforce users' fine-grained privacy policies, with minimal interruptions to a user's normal workflow. The second thrust of the project seeks to understand how developers make decisions about incorporating privacy and security features into applications, and test interventions to encourage data protection. This project will ask:  1. What encourages developers to adopt new privacy and security practices? 2. How do mobile application developers make choices between privacy, security and other priorities? 3. How can interventions (such as education, availability of best practices, or new software tools) encourage privacy and security by design?

Katherine Shilton