This new tool for developers can help preserve app users' privacy

This new tool for developers can help preserve app users’ privacy
The Coconut tool nudges developers to think more about user privacy. Credit: Carnegie Mellon University CyLab

When you open a newly-installed app on your phone and it says to you, "This app would like to use your location data," what do you do? Depending on the app, you might be thinking, Why does it need my location? Wouldn't it be great if it just told you why?

"When are coding these types of data requests, privacy is oftentimes an afterthought," says CyLab's Jason Hong, a professor in the Human Computer Interaction Institute (HCII). "We wanted to create something that would bring privacy to the forefront of their thinking when developing these apps."

Hong teamed up with HCII Ph.D. student Tianshi Li and Institute for Software Research (ISR) professor Yuvraj Agarwal to create an integrated development environment (IDE) plugin that nudges developers to think a bit harder about user privacy when coding data requests.

Li presented the IDE plugin, which they dubbed "Coconut," at last month's ACM International Joint Conference on Pervasive and Ubiquitous Computing (Ubicomp) in London.

"Coconuts are versatile fruits, and we wanted our plugin to be versatile in its ability to provide multiple types of benefits for privacy," says Li.

When writing the code for an app using Coconut, the plugin's heuristics automatically detect when a request for is made, triggering a popup reminder to the developer to write an annotation explaining the reasons behind their request. Rather than requiring them to write one from scratch, developers have the option of choosing one from a list of pre-written annotations explaining the reason behind the request, such as, "Data collection for advertising," "Location-based game," or "Maps and navigation," among others.

A "PrivacyChecker" window within Coconut aggregates all of the data practices coded into the app, paired with the annotations that explain why they're there.

"Having the data practices organized in this way makes it easier for the to write a good, informative privacy policy," says Agarwal. "This can be really beneficial to the end-user."

The researchers evaluated their plugin by asking 18 Android developers, including eight professional developers, to use it. They found that apps developed with Coconut dealt with privacy concerns better, and the developers themselves had a better understanding of the apps' data practices, which resulted in them writing better policies.

Coconut is available for download on GitHub. The current version only works for Android developers.

The HCII and ISR are both housed in Carnegie Mellon's School of Computer Science.

Citation: This new tool for developers can help preserve app users' privacy (2019, October 7) retrieved 8 June 2023 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Privacy streams helps developers create privacy friendly apps


Feedback to editors