Coconut: An IDE plugin for developing privacy-friendly apps

T Li, Y Agarwal, JI Hong - Proceedings of the ACM on Interactive, Mobile …, 2018 - dl.acm.org
Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous …, 2018dl.acm.org
Although app developers are responsible for protecting users' privacy, this task can be very
challenging. In this paper, we present Coconut, an Android Studio plugin that helps
developers handle privacy requirements by engaging developers to think about privacy
during the development process and providing real-time feedback on potential privacy
issues. We start by presenting new findings based on a series of semi-structured interviews
with Android developers, probing into the difficulties with privacy that developers face when …
Although app developers are responsible for protecting users' privacy, this task can be very challenging. In this paper, we present Coconut, an Android Studio plugin that helps developers handle privacy requirements by engaging developers to think about privacy during the development process and providing real-time feedback on potential privacy issues. We start by presenting new findings based on a series of semi-structured interviews with Android developers, probing into the difficulties with privacy that developers face when building apps. Based on these findings, we implemented a proof-of-concept prototype of Coconut and evaluated it in a controlled lab study with 18 Android developers (including eight professional developers). Our study results suggest that apps developed with Coconut handled privacy concerns better, and the developers that used Coconut had a better understanding of their code's behavior and wrote a better privacy policy for their app. We also found that requiring developers to do a small amount of annotating work regarding their apps' personal data practices during the development process may result in a significant improvement in app privacy.
ACM Digital Library