۱- Introduction

۲- Related work

۳- Research objectives

۴- Research methodology

۵- Results

۶- Discussion

۷- Limitations

۸- Conclusion

References

Abstract

Software developers are trained to develop and design software applications that provide services to users. However, software applications sometimes collect users’ data without their knowledge. When applications collect and use users’ data without transparency, this leads to user privacy invasions because users do not expect the application to collect and use these information. Therefore, it is important that software developers understand users’ privacy expectations when designing applications in order to handle user data transparently in software applications. However, due to the lack of systematic approaches to extract user privacy requirements, developers end up designing applications either based on their assumptions on user privacy expectations, or relating to their own expectations of privacy as a user. Nevertheless, how accurate these perceived privacy expectations are against actual user expectations is not currently known. This research focuses on investigating developers’ privacy expectations from a user point of view against users’ privacy expectations. We also investigate developers’ assumptions on user privacy expectations against actual user privacy expectations. Our findings revealed that developers’ assumptions on user privacy expectations are close to their own expectations of privacy from a user point of view and that developers’ privacy expectations from a user point of view are significantly different from actual user privacy expectations. With this understanding, we provide recommendations for software developers to understand and acknowledge user expectations on privacy when they design and develop applications.

Introduction

Software developers design and develop software applications to provide services to users such as banking, online-shopping and social networking. However, sometimes these software applications collect data users do not expect the application to collect and save details users do not expect the application to save [1], which may lead to privacy invasions. For example, when mobile applications request permission from users to access their data [2], users are known to accept these permission requests without much consideration to its content, trusting the applications [3]. Therefore, if applications request data users do not expect the applications to collect, it may lead to users disclosing data, such as their location, to the application without their knowledge, which compromises users’ privacy [4]. As a solution to this, software developers are expected to consider user privacy expectations and minimize mismatched behaviors of applications that could lead to privacy invasions when they design software applications [5]. In order to minimize mismatches in software application behavior against user expectations, developers either need to design data collection and use in applications close to what users expect, or communicate the di erences to the user transparently [6, 5, 7, 8]. For this, it is important that developers understand how user expect the application to behave [9, 8, 4, 10].