research-article

Encouraging privacy by design concepts with privacy policy auto-generation in eclipse (page)

Authors:

Josh DehlingerAuthors Info & Claims

ETX '14: Proceedings of the 2014 Workshop on Eclipse Technology eXchange

Pages 9 - 14

https://doi.org/10.1145/2688130.2688134

Published: 21 October 2014 Publication History

Abstract

Many novice software developers do not have the training, experience or appropriate resources in developing privacy policies for their applications. Anecdotal evidence suggests that some new software developers create original, natural language privacy policies, use existing privacy policies as templates or an external agency (i.e., a legal counsel). This paper presents an overview of the privacy Policy Auto-Generation in Eclipse (PAGE), a work-in-progress that seeks to integrate privacy planning capabilities into the Eclipse integrated development environment (IDE), enabling application developers to create privacy policies as development occurs. This should support privacy by design concepts, enhance team communication through reusability, as well as reduce costs due to errors or extra time in external activities.

References

[1]

Kathy Wain Yee Au, Yi Fan Zhou Huang and David Lie. 2012. PScout: analyzing the Android permission specification. In Proceedings of the 2012 ACM conference on Computer and communications security (CCS'12). ACM, New York, NY, USA, 217--228. DOI=10.1145/2382196.238222 http://doi.acm.org10.1145/2382196.238222

Digital Library

[2]

Caron Beesley. 2013. 7 ways to increase foot traffic to your small business. February 7, 2013. Retrieved July 27, 2014 from http://www.sba.gov/community/blogs/7-ways-increase-foot-traffic-your-small-business

[3]

Jan Boyles, Aaron Smith and Mary Madden. 2012. Privacy and data management on mobile devices. Pew Internet and American Life Project. September 5, 2012. Retrieved July 28, 2014 from http://www.pewinternet.org/2012/09/05/privacy-and-data-management-on-mobile-devices/

[4]

Andrew Bud. 2014. Mobile app privacy policy: do you have one? February 22, 2014. Retrieved July 30, 2014 from http://appdevelopermagazine.com/1097/2014/2/22/Mobile-App-Privacy-Policy:-Do-You-Have-One/

[5]

California Department of Justice, Office of Attorney General. 2013. Privacy on the go, recommendations for the mobile ecosystem. January, 2013. Retrieved July 30, 2014 from http://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/privacy_on_the_go.pdf

[6]

California Online Privacy Protection Act (CalOPPA). September 27, 2013. Retrieved July 30, 2014 from http://leginfo.legislature.ca.gov/faces/billTextClient

[7]

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003, Public Law No. 108--187, December 16, 2003.

[8]

Fred Cate, Peter Cullen and Viktor Mayer-Schonberger. 2013. Data protection principles for the 21st century. December, 2013. Retrieved June 24, 2014 from http://op.bna.com/pl.nsf/id/dapn-9gyjvw/File/Data-Protection-Principles-for-the-21st-Century.pdf

[9]

Ann Cavoukian. 2009.textitPrivacy by Design Retrieved July 29, 2014 from http://www.ipc.on.ca/images/Resources/privacybydesign.pdf

[10]

Children's Online Privacy Act (COPPA) of 1998, Public Law No. 105--277, October 21, 1998.

[11]

William DuBay. 2004. The principles of readability. August 25, 2004. Retrieved June 12, 2014 from http://www.impact-information.com/impactinfo/readability02.pdf

[12]

Eclipse Marketplace. Retrieved on July 3, 2014 from http://marketplace.eclipse.org/search/

[13]

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. 2011. Android permissions demystified. IntextitProceedings of the 18th ACM conference on Computer and communications security (CCS'11). ACM, New York, NY, USA, 627--638. DOI=10.1145/2046707.2046779 http://doi.acm.org/10.1145/2046707.2046779

Digital Library

[14]

Adrienne Porter Felt, Elizabeth Ha, Serge Egelman, Ariel Haney, Erika Chin and David Wagner. 2012. Android permissions: user attention, comprehension and behavior. Intextit Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS'12). ACM, New York, NY, USA. Article 3, 14 pages. DOI=10.1145/2335356.2335360 http://doi.acm.org/10.1145/2335356.2335360

Digital Library

[15]

Federal Trade Commission Report. 2012. Protecting consumer privacy in an era of rapid change: recommendations for businesses and policymakers. March 12, 2012. Retrieved July 3, 2014 from http://www.ftc.gov/os/2012/03/120326privacyreport.pdf

[16]

Federal Trade Commission. 2009. CAN-SPAM act: a compliance guide for business. September 2009. Retrieved July 30, 2014 from http://business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business

[17]

amm-Leach-Bliley Financial Services Modernization Act of 1999, Public LawNo. 106--102, November 1, 1999.

[18]

Michael Grace, Wu Zhou, Xuxian Jiang, Ahmed-Reza Sadeghi. 2012. Unsafe exposure analysis of mobile in-app advertisements. IntextitProceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks (WISEC'12). ACM, New York, NY, USA. 101--112. DOI=10.1145/2185448.2185464 http://doi.acm.org.10.1145/2185448.2185464

Digital Library

[19]

Health Insurance Portability and Accountability Act (HIPAA) of 1996, Public Law No. 104--191, August 21, 1996.

[20]

Brad Larock. 2014. Seven e-commerce trends for 2014. Retrieved July 30, 2014 from http://www.digitalriver.com/our-company/blog/seven-e-commerce-trends-for-2014/

[21]

Aleecia McDonald and Tom Lowenthal. 2013. Nano-Notice: privacy disclosure at a mobile scale. Journal of Information Policy, vol. 3, 331--354.

[22]

G. Harry McLaughlin. 1989. SMOG grading ? a new readability formula. Journal of Reading. 1989, 12 (8). 639--646.

[23]

Kivanc Muslu, Yuriy Brun, Reid Holmes, Michael Ernst and David Notkin. 2012. Speculative analysis of integrated development environment recommendations. In Proceedings of the ACM international conference on object oriented programming systems languages and applications (OOPSLA'12). ACM, New York, NY, USA, 669--682. DOI=10.1145/2384616.2384665 http://doi.acm.org/10.1145.2384616.2384665

Digital Library

[24]

Jules Polonetsky and Omer Tene. 2013. Privacy and big data: making ends meet. September 3, 2013.textitStanford Law Review, 66. 25--33.

[25]

Property Casualty 360. 2014. The status of data breach notification laws in the united states. May 23, 2014. Retrieved July 30, 2014 from http://www.propertycasualty360.com/2014/05/23/the-status-of-data-breach-notification-laws-in-the

[26]

Sanae Rosen, Zhiyun Qian and Z. Morley Mao. 2013. AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users. In Proceedings of the third ACM conference on Data and Application Security and Privacy (CODASPY'13). ACM, New York, NY, USA, 221--232. DOI=10.1145/2435349.2435380 http://doi.acm.org/10.1145/2435349.2435380

Digital Library

[27]

Mark Rowan and Josh Dehlinger. 2013. Research trends and open issues in mobile application software engineering. In Proceedings of the 11th international conference on software engineering research and practice (SERP'13). CSREA Press, pp. 38--44.

[28]

Mark Rowan and Josh Dehlinger. 2013. A systematic literature review on using mobile computing as a learning intervention. In Proceedings of the 18th ACM conference on innovation and technology in computer science education (ITiCSE'13). ACM, New York, NY, USA, 339. DOI=10.1145/2462476.2465612 http://doi.acm.org/10.1145/2462476.2465612

Digital Library

[29]

Mark Rowan and Josh Dehlinger. 2014. Observed gender differences in privacy concerns and behaviors of mobile device end users. In Proceedings of the 4th international conference on current and future trends of information and communication technologies in healthcare (ICTH-2014). Halifax, NS, CAN. DOI=101016/j.procs.2014.08.050

[30]

Mark Rowan and Josh Dehlinger. 2014. A privacy comparison of health and fitness related mobile applications. IntextitProceedings of the 4th international conference on current and future trends of information and communication technologies in healthcare (ICTH-2014). Halifax, NS, CAN. DOI=10.1016j.procs2014.08.051

[31]

Ryan Stevens, Clint Gilber, Jon Crussell, Jeremy Erickson and Hao Chen. 2012. Investigating user privacy in android ad libraries. In Proceedings of the 2012 IEEE Mobile Security Technologies (MOST'12). 1--10.

[32]

TRUSTe. 2013. Press release: consumers more concerned about mobile privacy than brand or screen size. September 5, 2013. Retrieved July 30, 2014 from http://www.truste.com/about-TRUSTe/press-room/news_us_truste_customers_concerned_about_mobile_privacy

[33]

Christina Warren. 2013. Google play hits 1 million apps. July 24, 2013. Retrieved July 3, 2014 from http://mashable.com/2013/07/24/google-play-1-million/

Cited By

Tan ZSong W(2023)PTPDroid: Detecting Violated User Privacy Disclosures to Third-Parties of Android Apps2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00050(473-485)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00050
Jain VGhanavati SPeddinti SMcMillan C(2023)Towards Fine-Grained Localization of Privacy Behaviors2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00024(258-277)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00024
El Amin Tebib MAndré PGraa MAktouf O(2023)PrivDroid: Android Security Code Smells Tool for Privilege Escalation Prevention2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361431(1024-1031)Online publication date: 14-Nov-2023
https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361431
Show More Cited By

Index Terms

Encouraging privacy by design concepts with privacy policy auto-generation in eclipse (page)
1. Software and its engineering
  1. Software notations and tools
    1. Development frameworks and environments
      1. Integrated and visual development environments

Recommendations

E-P3P privacy policies and privacy authorization
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society

Enterprises collect large amounts of personal data from their customers. To ease privacy concerns, enterprises publish privacy statements that outline how data is used and shared. The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-...
Sesame: Practical End-to-End Privacy Compliance with Policy Containers and Privacy Regions
SOSP '24: Proceedings of the ACM SIGOPS 30th Symposium on Operating Systems Principles

Web applications are governed by privacy policies, but developers lack practical abstractions to ensure that their code actually abides by these policies. This leads to frequent oversights, bugs, and costly privacy violations.

Sesame is a practical ...
Privacy policy enforcement in enterprises with identity management solutions
Privacy, Security and Trust (PST) Technologies: Evolution and Challenges

People are usually asked by enterprises to disclose their personal information to access web services and engage in business interactions. Enterprises need this information to enable their business processes. This is unlikely to change, at least in the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ETX '14: Proceedings of the 2014 Workshop on Eclipse Technology eXchange

October 2014

36 pages

ISBN:9781450325301

DOI:10.1145/2688130

General Chair:
Andrew Black
Portland State University, USA
,
Program Chairs:
Jan S. Rellermeyer
IBM Research, USA
,
Tim Verbelen
Ghent University - iMinds, Belgium

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGAda: ACM Special Interest Group on Ada Programming Language

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 October 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SPLASH '14

Sponsor:

SIGPLAN

SPLASH '14: Conference on Systems, Programming, and Applications: Software for Humanity

October 21, 2014

Oregon, Portland, USA

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
240
Total Downloads

Downloads (Last 12 months)27
Downloads (Last 6 weeks)3

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tan ZSong W(2023)PTPDroid: Detecting Violated User Privacy Disclosures to Third-Parties of Android Apps2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00050(473-485)Online publication date: May-2023
https://doi.org/10.1109/ICSE48619.2023.00050
Jain VGhanavati SPeddinti SMcMillan C(2023)Towards Fine-Grained Localization of Privacy Behaviors2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00024(258-277)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00024
El Amin Tebib MAndré PGraa MAktouf O(2023)PrivDroid: Android Security Code Smells Tool for Privilege Escalation Prevention2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361431(1024-1031)Online publication date: 14-Nov-2023
https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361431
Andrade VGomes RReinehr SFreitas CMalucelli A(2022)Privacy by Design and Software EngineeringProceedings of the XXI Brazilian Symposium on Software Quality10.1145/3571473.3571480(1-10)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3571473.3571480
Jain VGupta SGhanavati SPeddinti SMcMillan CJadliwala MKim YDmitrienko A(2022)PAcT: Detecting and Classifying Privacy Behavior of Android ApplicationsProceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3507657.3528543(104-118)Online publication date: 16-May-2022
https://dl.acm.org/doi/10.1145/3507657.3528543
Li YZhang YZhu HDu S(2021)Toward Automatically Generating Privacy Policy for Smart Home AppsIEEE INFOCOM 2021 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFOCOMWKSHPS51825.2021.9484530(1-7)Online publication date: 10-May-2021
https://doi.org/10.1109/INFOCOMWKSHPS51825.2021.9484530
Jain VGupta SGhanavati SPeddinti S(2021)PriGen: Towards Automated Translation of Android Applications’ Code to Privacy CaptionsResearch Challenges in Information Science10.1007/978-3-030-75018-3_9(142-151)Online publication date: 8-May-2021
https://doi.org/10.1007/978-3-030-75018-3_9
Morales-Trujillo MGarcia-Mireles G(2018)Extending ISO/IEC 29110 Basic Profile with Privacy-by-Design Approach: A Case Study in the Health Care Sector2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC)10.1109/QUATIC.2018.00018(56-64)Online publication date: Sep-2018
https://doi.org/10.1109/QUATIC.2018.00018
Baalous RPoet RStorer T(2018)Analyzing Privacy Policies of Zero Knowledge Cloud Storage Applications on Mobile Devices2018 IEEE International Conference on Cloud Engineering (IC2E)10.1109/IC2E.2018.00047(218-224)Online publication date: Apr-2018
https://doi.org/10.1109/IC2E.2018.00047
Yu LZhang TLuo XXue LChang H(2017)Toward Automatically Generating Privacy Policy for Android AppsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.263933912:4(865-880)Online publication date: 1-Apr-2017
https://dl.acm.org/doi/10.1109/TIFS.2016.2639339
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents