research-article

Navigating the Data Avalanche: Towards Supporting Developers in Developing Privacy-Friendly Children's Apps

Authors:

Anirudh Ekambaranathan,

George ChalhoubAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 7, Issue 2

Article No.: 53, Pages 1 - 24

https://doi.org/10.1145/3596267

Published: 12 June 2023 Publication History

Abstract

This paper critically examines the intersection of privacy concerns in children's apps and the support required by developers to effectively address these concerns. Third-party libraries and software development kits (SDKs) are widely used in mobile app development, however, these libraries are commonly known for posing significant data privacy risks to users. Recent research has shown that app developers for children are particularly struggling with the lack of support in navigating the complex market of third-party SDKs. The support needed for developers to build privacy-friendly apps is largely understudied. Motivated by the needs of developers and an empirical analysis of 137 'expert-approved' children's apps, we designed DataAvalanche.io, a web-based tool to support app developers in navigating the privacy and legal implications associated with common third-party SDKs on the market. Through semi-structured interviews with 12 app developers for children, we demonstrate that app developers largely perceive the transparency supported by our tool positively. However, they raised several barriers, including the challenges of adopting privacy-friendly alternatives and the struggle to safeguard their own legal interests when facing the imbalance of power in the app market. We contribute to our understanding of the open challenges and barriers faced by app developers in creating privacy-friendly apps for children and provide critical future design and policy directions.

References

[1]

2020. Age appropriate design: a code of practice for online services. https://ico.org.uk/media/for-organisations/guide-to-data-protection/key-data-protection-themes/age-appropriate-design-a-code-of-practice-for-online-services-2-1.pdf.

[2]

Yasemin Acar, Michael Backes, Sascha Fahl, Doowon Kim, Michelle L Mazurek, and Christian Stransky. 2016. You get where you're looking for: The impact of information sources on code security. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 289--305.

[3]

Amelia Acker and Leanne Bowler. 2018. Youth data literacy: teen perspectives on data created with social media and mobile devices. (2018).

[4]

Alessandro Acquisti, Curtis Taylor, and Liad Wagman. 2016. The economics of privacy. Journal of Economic Literature 54, 2 (2016), 442--92.

[5]

Noura Alomar and Serge Egelman. 2022. Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps. Proceedings on Privacy Enhancing Technologies 4 (2022), 2022.

[6]

Hala Assal and Sonia Chiasson. 2019. 'Think secure from the beginning': A Survey with Software Developers. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 289.

Digital Library

[7]

Jane Bailey. 2015. A perfect storm: How the online environment, social norms and law shape girls' lives. (2015).

[8]

Rebecca Balebako, Abigail Marsh, Jialiu Lin, Jason I Hong, and Lorrie Cranor. 2014. The privacy and security behaviors of smartphone app developers. (2014).

[9]

Claire Balleys and Sami Coll. 2017. Being publicly intimate: Teenagers managing online privacy. Media, Culture & Society 39, 6 (2017), 885--901.

[10]

Kenneth A Bamberger, Serge Egelman, Catherine Han, Amit Elazari Bar On, and Irwin Reyes. 2020. Can you pay for privacy? consumer expectations and the behavior of free and paid apps. Berkeley Technology Law Journal 35 (2020).

[11]

Kathrin Bednar, Sarah Spiekermann, and Marc Langheinrich. 2019. Engineering Privacy by Design: Are engineers ready to live up to the challenge? The Information Society 35, 3 (2019), 122--142.

[12]

Reuben Binns, Ulrik Lyngs, Max Van Kleek, Jun Zhao, Timothy Libert, and Nigel Shadbolt. 2018. Third party tracking in the mobile ecosystem. In Proceedings of the 10th ACM Conference on Web Science. ACM, 23--31.

Digital Library

[13]

Reuben Binns, Jun Zhao, Max Van Kleek, and Nigel Shadbolt. 2018. Measuring third-party tracker power across web and mobile. ACM Transactions on Internet Technology (TOIT) 18, 4 (2018), 1--22.

Digital Library

[14]

Theodore Book, Adam Pridgen, and Dan S Wallach. 2013. Longitudinal analysis of android ad library permissions. arXiv preprint arXiv:1303.0857 (2013).

[15]

Leanne Bowler, Amelia Acker, Wei Jeng, and Yu Chi. 2017. "It lives all around us": Aspects of data literacy in teen's lives. Proceedings of the Association for Information Science and Technology 54, 1 (2017), 27--35.

[16]

Great Britain. 2018. Children and parents: Media use and attitudes report 2018. Ofcom.

[17]

Great Britain. 2022. Children and parents: Media use and attitudes report 2022. Ofcom.

[18]

John Brooke et al. 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4--7.

[19]

Interactive Advertising Bureau. 2015. IAB Internet Advertising Revenue Report: 2015 Full Year Results.

[20]

Stephane Chaudron, Rosanna Di Gioia, and Monica Gemo. 2018. Young children (0-8) and digital technology, a qualitative study across Europe. JRC Science for Policy Report (2018).

[21]

Sean Coughlan. 2018. 'Sharenting'puts young at risk of online fraud. BBC News 21 (2018).

[22]

Ratan Dey, Yuan Ding, and Keith W Ross. 2013. Profiling high-school students with facebook: how online privacy laws can actually increase minors' risk. In Proceedings of the 2013 conference on Internet measurement conference. 405--416.

Digital Library

[23]

Anirudh Ekambaranathan, Jun Zhao, and Max Van Kleek. 2020. Understanding Value and Design Choices Made by Android Family App Developers. In Extended Abstracts of the 2020 CHI Conference on Human Factors in Computing Systems. 1--10.

Digital Library

[24]

Anirudh Ekambaranathan, Jun Zhao, and Max Van Kleek. 2021. "Money makes the world go around": Identifying Barriers to Better Privacy in Children's Apps From Developers' Perspectives. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.

Digital Library

[25]

Lia Emanuel and Danaë Stanton Fraser. 2014. Exploring physical and digital identity with a teenage cohort. In Proceedings of the 2014 conference on Interaction design and children. 67--76.

Digital Library

[26]

ENISA. 2018. Privacy and data protection in mobile applications: A study on the app development ecosystem and the technical implementation of GDPR.

[27]

Michael C Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. 2012. Unsafe exposure analysis of mobile in-app advertisements. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks. ACM, 101--112.

Digital Library

[28]

Greg Guest, Arwen Bunce, and Laura Johnson. 2006. How many interviews are enough? An experiment with data saturation and variability. Field methods 18, 1 (2006), 59--82.

[29]

Catherine Han, Irwin Reyes, Amit Elazari Bar On, Joel Reardon, Álvaro Feal, Serge Egelman, and Narseo Vallina-Rodriguez. 2019. Do you get what you pay for? Comparing the privacy behaviors of free vs. paid apps. (2019).

[30]

Bonnie E John and Hilary Packer. 1995. Learning and using the cognitive walkthrough method: a case study approach. In Proceedings of the SIGCHI conference on Human factors in computing systems. 429--436.

Digital Library

[31]

Nigel King. 2004. Essential Guide to Qualitative Methods in Organizational Research. SAGE Publications Ltd, London. https://doi.org/10.4135/9781446280119

[32]

Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & security 64 (2017), 122--134.

[33]

Konrad Kollnig, Pierre Dewitte, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, and Nigel Shadbolt. 2021. A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps. 181--196. https://www.usenix.org/conference/soups2021/presentation/kollnig

[34]

Konrad Kollnig, Anastasia Shuba, Reuben Binns, Max Van Kleek, and Nigel Shadbolt. 2021. Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps. arXiv preprint arXiv:2109.13722 (2021).

[35]

Jacob Leon Kröger, Jens Lindemann, and Dominik Herrmann. 2020. How do app vendors respond to subject access requests?: A longitudinal privacy study on iOS and Android Apps. ACM International Conference Proceeding Series. https://doi.org/10.1145/3407023.3407057

Digital Library

[36]

Priya Kumar, Shalmali Milind Naik, Utkarsha Ramesh Devkar, Marshini Chetty, Tamara L Clegg, and Jessica Vitak. 2017. 'No Telling Passcodes Out Because They're Private': Understanding Children's Mental Models of Privacy and Security Online. Proceedings of the ACM on Human-Computer Interaction 1, CSCW (2017), 64.

Digital Library

[37]

Gry Hasselbalch Lapenta and Rikke Frank Jørgensen. 2015. Youth, privacy and online media: Framing the right to privacy in public policy-making. First Monday (2015).

[38]

Ilias Leontiadis, Christos Efstratiou, Marco Picone, and Cecilia Mascolo. 2012. Don't kill my ads!: balancing privacy in an ad-supported mobile application market. In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications. ACM, 2.

Digital Library

[39]

Tianshi Li, Yuvraj Agarwal, and Jason I Hong. 2018. Coconut: An IDE plugin for developing privacy-friendly apps. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 2, 4 (2018), 1--35.

Digital Library

[40]

Tianshi Li, Elijah B Neundorfer, Yuvraj Agarwal, and Jason I Hong. 2021. Honeysuckle: Annotation-guided code generation of in-app privacy notices. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 5, 3 (2021).

Digital Library

[41]

Jialiu Lin. 2013. Understanding and capturing people's mobile app privacy preferences. Technical Report. CARNEGIE-MELLON UNIV PITTSBURGH PA SCHOOL OF COMPUTER SCIENCE.

[42]

Sonia Livingstone, Alicia Blum-Ross, and Dongmiao Zhang. 2018. What do parents think, and do, about their children's online privacy? (2018).

[43]

Sonia Livingstone, Julia Davidson, Joanne Bryce, Saqba Batool, Ciaran Haughton, and Anulekha Nandi. 2017. Children's online activities, risks and safety: a literature review by the UKCCIS evidence group. (2017).

[44]

A Longfield. 2018. Who knows what about me.

[45]

Deborah Lupton and Ben Williamson. 2017. The datafied child: The dataveillance of children and implications for their rights. New Media & Society 19, 5 (2017), 780--794. https://doi.org/10.1177/1461444816686328 arXiv:https://doi.org/10.1177/1461444816686328

[46]

Abraham H Mhaidli, Yixin Zou, and Florian Schaub. 2019. "We can't live without them!" app developers' adoption of ad networks and their considerations of consumer risks. In Fifteenth Symposium on Usable Privacy and Security ({ SOUPS} 2019).

[47]

Anca Micheti, Jacquelyn Burkell, and Valerie Steeves. 2010. Fixing broken doors: Strategies for drafting privacy policies young people can understand. Bulletin of Science, Technology & Society 30, 2 (2010), 130--143.

[48]

Maria Murumaa-Mengel. 2015. Drawing the threat: a study on perceptions of the online pervert among Estonian high school students. Young 23, 1 (2015), 1--18.

[49]

Finn Myrstad and Ingvar Tjøstheim. 2021. Out of Control. How consumers are exploited by the online advertising industry. (2021).

[50]

Elijah Neundorfer and Alfredo J Perez. 2022. ClearCommPrivacy: communicating app privacy behavior in Android. In Proceedings of the 2022 ACM Southeast Conference. 248--253.

Digital Library

[51]

Ofcom. 2018. Children and Parents: Media Use and Attitudes.

[52]

Luci Pangrazio and Neil Selwyn. 2018. "It's Not Like It's Life or Death or Whatever": Young People's Understandings of Social Media Data. Social Media+ Society 4, 3 (2018), 2056305118787808.

[53]

Jochen Peter and Patti M Valkenburg. 2011. Adolescents' online privacy: Toward a developmental perspective. In Privacy online. Springer, 221--234.

[54]

Google Play. 2022. Expert approved apps. https://play.google.com/intl/en-GB_ALL/console/about/programs/teacherapproved.

[55]

Pooja Pradeep and Sujata Sriram. 2016. The virtual world of social networking sites: Adolescent's use and experiences. Psychology and Developing Societies 28, 1 (2016), 139--159.

[56]

Kate Raynes-Goldie and Matthew Allen. 2014. Gaming Privacy: a Canadian case study of a children's co-created privacy literacy game. Surveillance & Society 12, 3 (2014), 414--426.

[57]

Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale. Proceedings on Privacy Enhancing Technologies 2018, 3 (2018), 63--83.

[58]

John Rieman, Marita Franzke, and David Redmiles. 1995. Usability evaluation with the cognitive walkthrough. In Conference companion on Human factors in computing systems. 387--388.

Digital Library

[59]

Suranga Seneviratne, Harini Kolamunna, and Aruna Seneviratne. 2015. A measurement study of tracking in paid mobile applications. In Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks. 1--6.

Digital Library

[60]

Wonsun Shin, Jisu Huh, and Ronald J Faber. 2012. Tweens' online privacy risks and the role of parental mediation. Journal of Broadcasting & Electronic Media 56, 4(2012), 632--649.

[61]

Wonsun Shin and Hyunjin Kang. 2016. Adolescents' privacy concerns and information disclosure online: The role of parents and the Internet. Computers in Human Behavior 54 (2016), 114--123.

Digital Library

[62]

Cristiana S Silva, Glívia AR Barbosa, Ismael S Silva, Tatiane S Silva, Fernando Mourão, and Flávio Coutinho. 2017. Privacy for children and teenagers on social networks from a usability perspective: a case study on Facebook. In Proceedings of the 2017 ACM on Web Science Conference. 63--71.

Digital Library

[63]

Daniel J Solove. 2021. The myth of the privacy paradox. Geo. Wash. L. Rev. 89 (2021), 1.

[64]

Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Deciding on Personalized Ads: Nudging Developers About User Privacy. In Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021). 573--596.

[65]

Mohammad Tahaei, Alisa Frik, and Kami Vaniea. 2021. Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 1--15.

Digital Library

[66]

Mohammad Tahaei and Kami Vaniea. 2021. "Developers Are Responsible": What Ad Networks Tell Developers About Privacy. In Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems. 1--11.

Digital Library

[67]

Paul Voigt and Axel Von dem Bussche. 2017. The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing 10, 3152676 (2017), 10--5555.

[68]

Ge Wang, Jun Zhao, Max Van Kleek, and Nigel Shadbolt. 2022. 'Don't make assumptions about me!': Understanding Children's Perception of Datafication Online. (2022).

[69]

Anna L. Wisniewski, Graeme T. Lloyd, and Graham J. Slater. 2022. Extant species fail to estimate ancestral geographical ranges at older nodes in primate phylogeny. Proceedings of the Royal Society B: Biological Sciences 289, 1975 (2022), 20212535. https://doi.org/10.1098/rspb.2021.2535 arXiv:https://royalsocietypublishing.org/doi/pdf/10.1098/rspb.2021.2535

[70]

Jun Zhao, Ge Wang, Carys Dally, Petr Slovak, Julian Edbrooke-Childs, Max Van Kleek, and Nigel Shadbolt. 2019. I make up a silly name': Understanding Children's Perception of Privacy Risks Online. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. ACM, 106.

Digital Library

[71]

Sebastian Zimmeck, Rafael Goldstein, and David Baraka. 2021. PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps. In NDSS.

Cited By

Andrew SBishop CTigwell G(2024)Light and Dark ModeProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36435398:1(1-23)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3643539
Smithwick ANguyen CGorial ETran NFlores AMunyaka I(2024)"Parent seeking Roblox Safety Help": Comparing Parental Roblox Concerns to Roblox Offerings2024 IEEE International Symposium on Technology and Society (ISTAS)10.1109/ISTAS61960.2024.10732489(1-9)Online publication date: 18-Sep-2024
https://doi.org/10.1109/ISTAS61960.2024.10732489
Flechais IChalhoub G(2023)Practical Cybersecurity Ethics: Mapping CyBOK to Ethical ConcernsProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633505(62-75)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633505
Show More Cited By

Index Terms

Navigating the Data Avalanche: Towards Supporting Developers in Developing Privacy-Friendly Children's Apps
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI

Recommendations

A parental perspective on apps for young children

Touchscreen applications (apps) for young children have seen increasingly high rates of growth with more than a hundred thousand now available apps. As with other media, parents play a key role in young children's app selection and use. However, to date,...
How Can We Design Privacy-Friendly Apps for Children? Using a Research through Design Process to Understand Developers' Needs and Challenges
CSCW

Mobile apps used by children often make use of harmful techniques, such as data tracking and targeted advertising. Previous research has suggested that developers face several systemic challenges in designing apps that prioritise children's best ...
Saudi parents’ privacy concerns about their children’s smart device applications
Abstract
In this paper, we investigate Saudi parents’ privacy concerns regarding their children’s smart device applications (apps). To this end, we conducted a survey and analysed 119 responses. Our results show that Saudi parents expressed a high level ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 7, Issue 2

June 2023

969 pages

EISSN:2474-9567

DOI:10.1145/3604631

Issue’s Table of Contents

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2023

Published in IMWUT Volume 7, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

EPSRC Centre for Doctoral Training in Cyber Security

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
226
Total Downloads

Downloads (Last 12 months)108
Downloads (Last 6 weeks)6

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Andrew SBishop CTigwell G(2024)Light and Dark ModeProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36435398:1(1-23)Online publication date: 6-Mar-2024
https://dl.acm.org/doi/10.1145/3643539
Smithwick ANguyen CGorial ETran NFlores AMunyaka I(2024)"Parent seeking Roblox Safety Help": Comparing Parental Roblox Concerns to Roblox Offerings2024 IEEE International Symposium on Technology and Society (ISTAS)10.1109/ISTAS61960.2024.10732489(1-9)Online publication date: 18-Sep-2024
https://doi.org/10.1109/ISTAS61960.2024.10732489
Flechais IChalhoub G(2023)Practical Cybersecurity Ethics: Mapping CyBOK to Ethical ConcernsProceedings of the 2023 New Security Paradigms Workshop10.1145/3633500.3633505(62-75)Online publication date: 18-Sep-2023
https://dl.acm.org/doi/10.1145/3633500.3633505
Chalhoub GMartin A(2023)But is it exploitable? Exploring how Router Vendors Manage and Patch Security Vulnerabilities in Consumer-Grade RoutersProceedings of the 2023 European Symposium on Usable Security10.1145/3617072.3617110(277-295)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3617072.3617110

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents