Charting App Developers’ Journey Through Privacy Regulation Features in Ad Networks

Mohammad Tahaei; Kopo M. Ramokapane; Tianshi Li; Jason I. Hong; Awais Rashid

Charting App Developers’ Journey Through Privacy Regulation Features in Ad Networks

Authors: Mohammad Tahaei (University of Bristol), Kopo M. Ramokapane (University of Bristol), Tianshi Li (Carnegie Mellon University), Jason I. Hong (Carnegie Mellon University), Awais Rashid (University of Bristol)

Volume: 2022
Issue: 3
Pages: 33–56
DOI: https://doi.org/10.56553/popets-2022-0061

Download PDF

Abstract: Mobile apps enable ad networks to collect and track users. App developers are given “configurations” on these platforms to limit data collection and adhere to privacy regulations; however, the prevalence of apps that violate privacy regulations because of third parties, including ad networks, begs the question of how developers work through these configurations and how easy they are to utilize. We study privacy regulations-related interfaces on three widely used ad networks using two empirical studies, a systematic review and think-aloud sessions with eleven developers, to shed light on how ad networks present privacy regulations and how usable the provided configurations are for developers. We find that information about privacy regulations is scattered in several pages, buried under multiple layers, and uses terms and language developers do not understand. While ad networks put the burden of complying with the regulations on developers, our participants, on the other hand, see ad networks responsible for ensuring compliance with regulations. To assist developers in building privacy regulations-compliant apps, we suggest dedicating a section to privacy, offering easily accessible configurations (both in graphical and code level), building testing systems for privacy regulations, and creating multimedia materials such as videos to promote privacy values in the ad networks’ documentation.

Keywords: usable privacy, software developers, ad networks, privacy regulations, CCPA, COPPA, GDPR

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.