Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Hatamian, Majid (2020) Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers. IEEE Access, 8. pp. 35429-35445. ISSN 2169-3536

[img]
Preview
Text
09001128.pdf - Published Version
Available under License Creative Commons Attribution 4.0.

Download (5MB) | Preview
Official URL: https://doi.org/10.1109/ACCESS.2020.2974911

Abstract

With the rapid growth of technology in recent years, we are surrounded by or even dependent on the use of technological devices such as smartphones as they are now an indispensable part of our life. Smartphone applications (apps) provide a wide range of utilities such as navigation, entertainment, fitness, etc. To provide such context-sensitive services to users, apps need to access users' data including sensitive ones, which in turn, can potentially lead to privacy invasions. To protect users against potential privacy invasions in such a vulnerable ecosystem, legislation such as the European Union General Data Protection Regulation (EU GDPR) demands best privacy practices. Therefore, app developers are required to make their apps compatible with legal privacy principles enforced by law. However, this is not an easy task for app developers to comprehend purely legal principles to understand what needs to be implemented. Similarly, bridging the gap between legal principles and technical implementations to understand how legal principles need to be implemented is another barrier to develop privacy-friendly apps. To this end, this paper proposes a privacy and security design guide catalog for app developers to assist them in understanding and adopting the most relevant privacy and security principles in the context of smartphone apps. The presented catalog is aimed at mapping the identified legal principles to practical privacy and security solutions that can be implemented by developers to ensure enhanced privacy aligned with existing legislation. Through conducting a case study, it is confirmed that there is a significant gap between what developers are doing in reality and what they promise to do. This paper provides researchers and developers of privacy-related technicalities an overview of the characteristics of existing privacy requirements needed to be implemented in smartphone ecosystems, on which they can base their work.

Item Type: Article
Uncontrolled Keywords: App, developers, GDPR, guideline catalog, privacy engineering, smartphone apps.
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: John Coen
Date Deposited: 25 Feb 2021 14:49
Last Modified: 25 Feb 2021 15:00
URI: http://nrl.northumbria.ac.uk/id/eprint/45543

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics