Linking Platforms, Practices, and Developer Ethics: Levers for Privacy Discourse in Mobile Application Development
Privacy is a critical challenge for corporate social responsibility in the mobile device ecosystem. Mobile application firms can collect granular and largely unregulated data about their consumers, and must make ethical decisions about how and whether to collect, store, and share these data. This paper conducts a discourse analysis of mobile application developer forums to discover when and how privacy conversations, as a representative of larger ethical debates, arise during development. It finds that online forums can be useful spaces for ethical deliberations, as developers use these spaces to define, discuss, and justify their values. It also discovers that ethical discussions in mobile development are prompted by work practices which vary considerably between iOS and Android, today’s two major mobile platforms. For educators, regulators, and managers interested in encouraging more ethical discussion and deliberation in mobile development, these work practices provide a valuable point of entry. But while the triggers for privacy conversations are quite different between platforms, ultimately the justifications for privacy are similar. Developers for both platforms use moral and cautionary tales, moral evaluation, and instrumental and technical rationalization to justify and legitimize privacy as a value in mobile development. Understanding these three forms of justification for privacy is useful to educators, regulators, and managers who wish to promote ethical practices in mobile development.
KeywordsCorporate social responsibility Occupational ethics Privacy Qualitative analysis Technology ethics
Introduction: Investigating Work Dynamics that Impact Privacy Reflection
Mobile technologies enable new forms of access to information and communication. But even as the capabilities of mobile technologies advance, many fail to reflect and support the values of their users. Studies demonstrate a striking discord between user values such as privacy and implementation of these values in mobile technologies (Martin and Shilton 2015). Encouraging the developers and technology firms responsible for shaping our increasingly sociotechnical world to consider corporate social responsibility and the ethics of their work is an ongoing, unmet challenge (Brusoni and Vaccaro 2016). Building explicit ethical reflection into technology development is a goal of researchers (Miller, Friedman, and Jancke 2007; Spiekermann and Cranor 2009; Verbeek 2006), regulators (Federal Trade Commission 2012), and many firms (Brusoni and Vaccaro 2016). There has been little research, however, to understand how developers make choices between technical features that support ethical values (e.g., privacy or fairness) over other values (e.g., efficiency or novelty). Workplace and organizational dynamics that impact ethical reflection and debate within technology development are not well understood.
This paper investigates reflection about an important ethical topic within the mobile device ecosystem: privacy. The necessity of “privacy” for mobile applications is advocated by ethicists (Martin 2015), consumers (Martin and Shilton 2015, 2016), regulators (Harris 2013), and firms that recognize the link between privacy and consumer trust (Martin 2013; Pavlou (2011)). However, consumers, firms, regulators, and ethicists may understand “privacy” differently. Privacy can be defined as variously as technical data protection measures (Kelley et al. 2012); individual control over personal data (Westin 1970); appropriate data use in situated contexts (Nissenbaum 2009); or categories of harms to individuals and groups (Solove 2010). Mulligan et al. (2016) describe privacy as an “essentially contested concept,” arguing that the definition of privacy depends upon situated practice, and that scholars must analyze how privacy is invoked and discussed across multiple contexts.
Understanding how privacy is debated and contested by technology developers is particularly important for mobile applications. Mobile data are a rapidly growing form of personal data. In the USA, for example, mobile application usage grew 90% and contributed to 77% of the total increase in digital media time spent by consumers between 2013 and 2015. Two out of every 3 minutes Americans spent with digital media was on a mobile device, and mobile applications constitute just over half of those minutes (comScore 2015). During these activities, mobile applications collect personal data to facilitate both services and advertising. The data they collect may also be sold to advertisers, shared with strategic partners, given to analytics companies, or siphoned by hackers. The mobile application developers (“devs”) frequently responsible for making decisions about user data range from hobbyists to consultants to independent contractors to employees of multinational corporations (VisionMobile 2016). Low barriers to entry enable a vibrant but deprofessionalized development ecosystem (Cravens 2012), and surveys of application developers have revealed that many lack knowledge of current best practices for privacy and data protection (Balebako et al. 2014). Devs also rely on distribution by two major international platforms: the Apple App Store and Google’s Play Marketplace (VisionMobile 2016). While digital platforms regularly present themselves as neutral intermediaries for user content, the corporate actors that build platforms actively shape the content they host through both technical design decisions and policy mechanisms (Gillespie 2010). In mobile development, such shaping includes attention to privacy, and devs must navigate the privacy rules and regulations of these application platforms.
Current US approaches to regulating data protection in the mobile ecosystem rely on privacy by design: approaches that encourage developers to proactively implement best-practice privacy features to protect sensitive data (Cavoukian 2012; Lipner 2004). Privacy by design emphasizes corporate social responsibility and positions developers and mobile application firms as ethical agents, responsible for deciding how to define and operationalize privacy. But we don’t know what factors motivate developers and firms to implement privacy or data security features when faced with disincentives such as longer development timelines, markets for personal data, and tensions between data protection and data-enabled services. If we can find development practices that encourage developers to define, and then design for, privacy, we can improve protections for sensitive mobile data.
The paper uses discourse analysis of developer forums to discover when and how privacy conversations, as a representative of larger ethical debates, arise in mobile application development. We focus on one factor that can impact the way that ethical debates unfold within firms: the link between ethics awareness and work practices. This paper asks: What work practices trigger discussions of privacy among developers? And how do these practices vary among mobile platforms (Google’s Android and Apple’s iOS)? It discovers that ethical discussions in mobile development are prompted by work practices which vary considerably between iOS and Android, today’s two major mobile platforms. iOS developers spark privacy conversations when they navigate App Store approval and encounter technical constraints imposed by the platform. In Android, navigating permissions, user requests, and the privacy features of other developers all serve as levers for privacy discourse. And in both ecosystems, reviewing analytics and interacting with third parties trigger privacy discussions. But while the triggers for privacy conversations are quite different between platforms, ultimately the justifications for privacy are similar. Developers for both platforms use moral and cautionary tales, moral evaluation, and instrumental and technical rationalization to justify and legitimize privacy as a value in mobile development.
Background: Ethics in computing work
Researchers in business ethics, applied ethics, and technology ethics have investigated ethics in computing for more than 30 years. Work in business ethics focused on defining the needs and expectations of stakeholders such as firms and consumers in computing ethics debates (Drover et al. 2012; Martin 2015). Seminal work in computer ethics analyzed existing systems for biases and ethical import (Brey 2012; Friedman and Nissenbaum 1997; Guston 2011; Moor 1985). Work in ethics education focused on training computing engineers in relevant computer ethics (Herkert 2001; Hollander 2009). Work in ethical design focused on eliminating bias (Friedman and Nissenbaum 1997), achieving privacy by design (Spiekermann and Cranor 2009), or encouraging sustainability (Froehlich et al. 2010).
Within this work, privacy is a value that frequently rises to the forefront of conversations about developers, consumers, and the platforms they use (Ashworth and Free 2006; Introna and Pouloudi 1999; Martin 2015; Urban et al. 2012). Privacy’s status as an essentially contested concept (Mulligan et al. 2016) is illustrated within these debates. In the USA, policy definitions of privacy have centered on Fair Information Practices: a set of best practices for corporate data collectors that center on providing notice of data collection, choice for consumers to opt out, access to data upon request, data security, and redress of errors (Waldo et al. 2007). Privacy-sensitive consumers can (theoretically) opt out of data collection or request to see their data. However, empirical research has documented the failure of notice and consent (Cranor 2006; Leon et al. 2011; Martin 2013) and shown privacy to be less dependent upon individual preferences than social norms (Martin and Shilton 2015, 2016). This research fits theories suggested by Cohen (2012) and Nissenbaum (2009, 2015), which suggest that context-based norms, and people’s understanding of their roles within those contexts, are critical to privacy expectations.
Nissenbaum’s theory of privacy as contextual integrity is particularly influential. Nissenbaum describes how definitions of private information vary according to social context. Design implication of Nissenbaum’s theory includes first that movement of information between contexts can violate contextual integrity and second that the regulators and designers of environments that process sensitive information must consider appropriate data uses based on contextual variables such as roles, norms, and information flows. Contextual integrity encourages researchers (and developers) to focus less on constructing definitions of privacy that cross contexts, and to instead focus on how privacy functions for different people in different spaces, to inform user-sensitive design and policy. This motivates the present research: investigating how privacy works in different mobile development ecosystems, and how an ecosystem’s actors understand and negotiate privacy.
This paper expands on the concept of values levers by considering the mediating role of platforms: corporate actors that, because they control access to markets, have the power to influence the work practices of an entire industry (Gillespie 2010). We contrast two platforms—iOS and Android development—with similar technical challenges, but different regulatory practices and development ethos. We investigate what values levers exist in these ecosystems by finding work practices that trigger privacy conversations. Opening privacy conversations is only the beginning of the story for privacy by design, however. Once the conversation is raised, the way that the conversation proceeds matter to development. A recent study contrasting iOS and Android applications found that 73% of Android apps tested, and 47% of iOS apps tested, reported user location. In total, 49% of Android apps and 25% of iOS apps shared personally identifying information (Zang et al. 2015). These numbers illustrate broad sharing of personally identifiable information generally, but also that such sharing is noticeably more prolific in Android. Such findings invoke questions of why: Why is privacy so differently enacted within Android and iOS ecosystems? After outlining our methodological approach (Sect. 3), we answer this question. Section 4.1 describes value levers for privacy in the iOS ecosystem, Sect. 4.2 contrasts values levers for privacy in the Android ecosystem, and Sect. 4.3 describes levers common to both ecosystems. Section 5 describes the justifications for privacy shared across ecosystems. We close with a discussion of why these values levers, and values conversations, matter to design.
Method: Discourse Analysis
To understand how privacy discussions are triggered and unfold in each development ecosystem, we have undertaken a critical discourse analysis of mobile developer forums. Critical discourse analysis is a qualitative method for analyzing the way that participants talk about their social practices (van Leeuwen 2008). Critical discourse analysis looks for the ways that written texts (in this case, forum posts) describe social practice by representing social actors, action, time, space, legitimacy, and purpose. Critical discourse analysis allows us understand how a value like privacy gains legitimacy in mobile development and further understand the work practices that actors link to that legitimacy.
We drew data from two online forums where mobile application developers meet to discuss their work. The iPhoneDevSDK forum supports iOS developers and features such topics as code sharing, programming tutorials, open discussion, and marketing guidance. Unlike other Apple-related forums, it focuses on development advice and guidance rather than device reviews or product announcements. It is also not run or moderated by Apple and does not require an Apple-issued Developer Key to participate. Participants therefore appear to be more diverse than those in Apple’s official forum, in terms of experience and purpose for participating. For example, sometimes non-dev participants (e.g., advertising network representatives searching for potential clients) participate in forum threads.
The second forum we studied was XDA, which includes within it the largest and most active Android developer forums on the English-language web. It features many of the same technical topics as iPhoneDevSDK, but widens its participant base to include the consumers and hobbyists reviewing devs’ products, suggesting technical developments, and debating industry news. XDA featured more diverse participants in terms of professional background and geographic location, drawing participants with all levels of expertise and interest from all over the world, and had a wider variety of discussions about non-technical topics.
In each forum, we found and analyzed threads based on the value that was the focus of our study: privacy. We chose privacy because our previous work pointed to privacy as a value frequently discussed within technical communities that also stands in for less-frequently discussed values such as equity, fairness, and justice (Shilton 2013). We searched for threads which contained the term “privacy” and chose to analyze those that included a discussion of privacy (that is, at least two replies discussing privacy). We discarded threads where “privacy” was used as a keyword in an advertisement for an app or instances where devs posted job ads and promised privacy for job applicants. On iPhoneDevSDK, we found 155 results in June 2015 (ranging from 2009 to 2015) that fit these criteria. We exported those results to the online qualitative data analysis software Dedoose as HTML files for coding.
XDA is a much larger community. To narrow our search and ensure each result contained active discussion, we limited our “privacy” search to threads containing at least two replies, housed within either XDA’s App Developers, Android Wear, or Android Development and Hacking forums (with the vast majority of results coming from the last). The search was performed in October 2015 and yielded 485 results. To balance our analysis with that of the smaller iPhoneDevSDK, we sampled every third result and exported the relevant thread to Dedoose as a PDF for coding.
Both authors read through the full dataset to generate a set of initial thematic codes. These codes initially focused on privacy definitions, as well as any discussions of work practices. We then divided the dataset in half and coded threads separately, reviewing each other’s codes in weekly meetings to ensure mutual understanding and thematic coherence. During this process, the code set grew to include pressures against privacy (such as data collection and personalization needs), ways that privacy was authorized and legitimated, and conceptions of other actors in the ecosystem (Apple, service providers such as SDKs, and users). Our final code set comprised 13 codes and 39 subcodes.
To explicitly find values levers in each ecosystem, we identified places where discussion of work practices (such as gaining App Store approval or dealing with user requests) co-occurred with discussions about privacy. We then analyzed the relationship between the two codes. Could the work practice be said to spark or trigger the discussion of privacy? If so, we identified these work practices as values levers.
Our university’s IRB certified that the forum data gathered here qualified as public data and thus did not qualify for further IRB review. However, we believe that directly quoting participants violates the contextual integrity of the forum space; forum participants may not expect their posts to be used for research. To minimize this violation, we have altered participant handles and slightly altered quotations within this paper to reduce the ease of searching for specific exchanges. Alterations preserve the original meaning of posts, and all analyses were conducted on the original, unaltered quotations. We have also announced our ongoing work on the forum and offered a survey to participants (currently under analysis as future work) to gather information on their professional backgrounds and values.
Levers for Privacy Discussions
Our research sought to understand triggers, or values levers, for discussions of privacy among iOS and Android developers, and how differences in work practices between platforms might lead to different values levers in developer discussions. Answering these questions highlighted significant differences between the two ecosystems, including different work practices, licensing models, and development cultures associated with Android and iOS software. In turn, these differing work practices, licensing models, and development cultures impacted both the frequency and tenor of values discussions in iOS and Android development forums.
Values levers in iOS: App Store approval and technical constraints
Most of these 2011 privacy discussions were trying to unpack the guidance newly provided by Apple.1
He went on to bemoan the fact that his small company couldn’t risk ongoing rejections from the App Store. Despite the lack of official policy guidance that would have banned recording outgoing calls, other developers were critical of LudoJoy’s assumptions. Frequent forum participant DrD invoked moral arguments, implying that LudoJoy should have known better:
LudoJoy: … Our app was simply to record outgoing calls. In fact, it’s the same feature as [an already existing app]. Our app was rejected, because “Apple doesn’t allow call recording.” So, it seems that a feature can be allowed for some, but not for others!
In this example, a new developer’s frustration with the App Store approval process triggered discussion about the ethics of call recording. For the new developer, Apple’s position may have seemed arbitrary, but a veteran forum participant emphasized that privacy was a moral obligation enforced by Apple.
DrD: You should have known that recording app will be rejected. Don’t look at others - others might rob a bank and get away with it. I can’t imagine how on Earth Apple allowed that other recording app that you mentioned.
33cd3: i want to capture a video from the iphone camera …without pressing any button and the user dont even know, without open the camera view so the user dont know that camera is working…it is possible? Tnx
Meredi92: Unlikely! Its not something i have looked into doing, but based on what most people complain about i think that filming from their device without their knowledge would be a big no–no. It would definitely stop me from downloading an app if i saw/knew about that sort of functionality.
After Meredi92, an even more experienced poster, Smithdale89 chimed in: “I think it would be possible.” He then gave a set of recommendations for technical videos that might help 33cd3 figure out the technical constraints. But then he added: “Definitely a huge invasion of privacy though, IMO, and I doubt apple would approve it.” In this case, Smithdale89 seems to think access is technically possible, but won’t be allowed by an Apple reviewer.
Meredi92 illustrates the (deontological or rule-based) belief that a “cool idea” doesn’t outweigh an ethical violation. The entire exchange illustrates the ways in which what was initially posed as a technical constraint can transform into an ethical deliberation. 33cd3 was blocked by a technical constraint when he couldn’t figure out how to implement automatic video recording in the iOS operating system. Reaching out to other developers to surmount the constraint instead generated an ethics discussion about whether the ends (the “cool idea”) justified the means, with community consensus erring on the side of privacy protection.
Meredi92: Unfortunately its not just about a cool idea. People generally won’t look past the fact that you are doing something without their knowledge to see that cool idea… I’m sorry that it will affect your app, it is a shame that these things happen - clashes between a great idea and an invasion of personal privacy. Its a fine line to walk, and without huge amounts of awesome lawyers and a stockpile of cash its a line that is best avoided if at all possible.
Values Levers in Android: Permissions, User Requests, and Product Differentiation
Boodles [senior member]: exactly, i’m holding off as well. doesn’t even look that fun anyway.
Gabu [junior member]: This. Why do 90% of the thread’s posters seem to ignore, or fail to recognize this? Do people not care about privacy anymore?
Not only was the game condemned for requiring what participants understood to be too-permissive permissions, the state of user awareness of privacy itself was brought into question by the many forum posters who did not seem alarmed by the necessary permissions.
AttaAlla: Do Guys see any problem in my app? Do I have design problem? Do you find this app not useful?
Senior member rab2422000 chimed into agree:
rab2422000: From what I see my comments are similar to the others - too many permissions, slightly amateurish design, ugly font, too big for a productivity app.
Requesting too many permissions was repeated throughout the thread as an indicator of poor quality or unprofessional design. In an ecosystem reliant on trust in other developers, these signals were important to hobbyist users. Discussing permissions served as a values lever for conversations about trust and data use.
The creator of the app launcher, a senior member called Roshga, replied:
Yajinni: Hello, is it possible to add to this something that tracks your most USED apps? Like a list of apps you use the most instead of your most recent list?
Roshga: That will require to keep track on what apps you’re launching and counting those numbers… I’m not a fan of going into someone’s privacy so I don’t think we’ll implement that.
One_for_all was swayed by MildlyTroubled’s argument:
MildlyTroubled: While I’ve never really been a freak for privacy and permissions, I do question why there’s a children’s app that has access to my child’s GPS coordinates and my account data [lists permissions from app download screen]. That particular set of permissions makes me feel like someone’s going to drop in, scoop up the kid, then with the account access email, tweet, or facebook me a ransom note.
One_for_all: Thank you for your comment. In the recently published updated version, we have removed the unnecessary permissions. You can now enjoy the new version without worrying about privacy. Many thanks, again!
The XDA forum provided an easy way for developers to interact with expert users of their applications, and it was often these highly skilled hobbyists who were most aware of privacy concerns when downloading and using an app. This interaction formed a values lever that helped to surface privacy conversations.
A large proportion of the privacy discussions on XDA took place on threads promoting apps which advertised specific privacy features as a way to differentiate a new product. A characteristic of the open Android marketplace is that any existing application could be modified by an interested developer to create a privacy-centric version of that application, resulting in alternate, privacy-centered versions of popular games, productivity apps, or even entire operating systems. Creating a privacy feature allowed lone actors interested in privacy to differentiate their products in a crowded marketplace and introduced a broader ethical conversation into the XDA forums.
While we couldn’t necessarily analyze the personal values that went into creating those apps, threads supporting these privacy-featuring apps became a notable site at which XDA members—both devs and hobbyists—discussed and justified privacy. Specifically, privacy was discussed as a feature which could support the personal and political values of highly skilled users who could root their phones and install complex systems. Privacy threats (often from the government or the large corporations who built popular apps) brought devs and hobbyists together, and devs used their skills to thwart those threats.
Christoph31: This shall be a pure SERVICE thread to all users and friends of Android that care about their privacy. We (users & friends of xda-developers, PDroid & AutoPatcher) help you patching your ROM so that you can use your apps and games under privacy protection.
Havoc: Please release this ASAP. We really need better privacy tools on our android phones! Google isn’t helping by not giving the option to revoke permissions for applications.
Privacy-protecting technical features built as a means for product differentiation, whether designed into new operating systems or individual apps, were the most frequently coded lever for inspiring discussion about privacy in the XDA forums.
Shared Values Levers: Analytics and Interacting with Third Parties
Though the iOS and Android ecosystems supported many different work practices, there were also work practices common to development for both platforms. Application developers in both platforms did market research, modified their applications, and evaluated their success using analytics: the data provided by the platforms, or outside parties, to help developers understand their users’ demographics and behaviors. And developers in both platforms marketed and monetized their applications by interacting with third parties such as advertising companies.
CoderPro: I’m constantly thinking of ways to do a better job promoting my app, and just recently I found out about the Google Analytics Tool… How exactly does it go about sending the information to the Google server and how often? Is this something that might upset users because of privacy concern?
CoderPro considers privacy to be a primary concern for evaluating use of a new metrics tool. He goes on to specify that he’s done some searching about the tool, but hasn’t found the opinions he wanted. He’s hoping that more experienced participants can recommend the tool. Three respondents to the thread, all experienced users but infrequent posters, generally praise the tool, including a real-time dashboard “where circles appear on a map every time someone starts your app.” Because no one explicitly addresses privacy concerns, CoderPro brings them back up: “How do you go about asking users if they’re ok with you collecting data? Or do you even bother?” User Joseph replies “It only collects non-personally-identifiable data so I don’t bother to let people know.” This response seems to satisfy CoderPro, as there is no additional follow-up.
More experienced user Alifor responds, confused, assuming all users were incorporated into the App Store’s analytics:
PrimoTM: Also note that these [App Store analytics] stats are only for apps … where the user has agreed to share data with developers. I have no idea what percentage of users agree, but I don’t think it’s high.
Alifor: Will this not be automatically accepted by a user? If not, Apple shows us incorrect data which we cannot rely on.
Dev69, an experienced participant with over 3000 posts in the forum, responds directly: “Don’t think so due to privacy issues,” followed by a winking emoji. Dev69 implies that Apple wouldn’t automatically opt users into analytics because of privacy concerns. In both exchanges, interacting with analytics was the prompt to think through how users might respond to those analytics, prompting discussion of privacy concerns.
This prompted junior member JenJAM to critique his choice:
Aryray: Im collecting data to see how many people are using my app, and you need a data connection to use it.
jenJAM: From a user privacy standpoint, I really hate user-analytics. I don’t like applications using my (limited) data plan to accumulate data about my behavior. I find actions like this invasive and in violation of my privacy. Please give users an option to turn this off.
ARyray: I added that to my next release, if no data connection is available you will need to connect to wifi.
This concession allows users to avoid using their data plan, but not to avoid tracking. This exchange highlights a common tension that we will explore in more depth below: instrumental or technical rationalizations for limiting data tracking were often more convincing to developers than moral or ethical arguments.
Rooster100: If you use either Company Y or Company Z are you supposed to be disclosing this to your users? It’s basically spyware in a way right?
Rooster100: When I first heard of these services I was planning to use it. I showed it to a couple of buddies of mine and the first thing out of their mouths were spyware bla bla bla.
VP: As Calimba points out, you may disagree with the notion of collecting user data altogether, which we respect. It is worth noting that no data provided to companies is personally identifiable, as is strictly stated in our Terms of Service. We take privacy very seriously.
EddyNC: Hi all, I have a major concern about privacy and all the 3rd party data collectors…A lot of apps are uploading user info and stats to companies like [Company X], [Company Y] etc. … I want the option to choose whether or not this kind of info gets collected and distributed. I’ve looked into this issue on the android platform, and it seems like there’s no option other than not to install the app.
The XDA community was inspired to troubleshoot solutions to third-party privacy challenges by EddyNC’s initial post.
Senior member Fabian: Could you please post the host-file or the addresses/ip’s of the companies your gonna block? they should be of interest for everybody here.
On threads devoted to two different platforms, Rooster100 and EddyNC both express fears about putting trust in third parties to manage analytics and data about their users. And the third parties involved in this ecosystem recognize this concern and seek to mitigate it in these threads.
Justifying Privacy: Cautionary Tales, Moral Evaluation, and Rationalization
Once we had established the work practices which opened privacy discussions within the forums, we turned to analyzing the tone, tenor, and content of privacy discussions in Android and iOS development. How did participants in the forums justify privacy as a value, especially in the face of competing values? We turned to analyzing how forum participants justified privacy as a legitimate design value or user preference, reviewing arguments that legitimated respect for privacy. Building on categories suggested by van Leeuwen (2008) for a critical discourse analysis approach, we identified the telling of stories to illustrate good and bad consequences of ignoring privacy (what van Leeuwen identifies as moral and cautionary tales); moral arguments for privacy (what van Leeuwen identifies as moral evaluation); and technical and instrumental arguments for the importance of privacy (what van Leeuwen identifies as rationalization). All of these forms of justification appeared in both Android and iOS ecosystems.
Developers often told stories to legitimize privacy. These stories took the form of moral tales, which identified particular actors or classes of action as bad, as well as cautionary tales, in which actors are punished for their immoral or illegal actions.
User Dom had the first reply:
Btc2020: This will not be spyware, and the user will be fully aware of this feature if they launch the application.
Dom: I doubt that you can automatically send texts without user action even if the user is fully aware of it. Too much room for spam, I mean I know your intentions aren’t to send ads out but some people aren’t as honest.
Thanks everyone. I guess it can be done [through alternative technical means] … though I do understand the privacy and spam concerns.
In this conversation, it was clear that both the original poster and the other users in the thread were using both spyware and spam to evoke socially undesirable activities.
Lekenstine: I don’t know WHO that developer is, but that version… includes code to track you (=spyware in my eyes).
Darsis: what exactly do you mean by “code to track you”?
Lekenstine: Besides tracking the installation event, you also track page views (when the options page is opened, and the background script is loaded). This effectively means that you also track when the user start his browser. An unnecessary privacy violation imo which also qualifies for spyware.
John2367: This article is a warning for anyone that who do not play by the rule. From PCworld: “Lawsuit Claims IPhone Games Stole Phone Numbers”: “a pending class-action lawsuit filed against the devs, claiming that each of the company’s games took advantage of a ‘backdoor’ method to access, collect, and transmit the wireless phone numbers of the iPhones on which its games are installed”…The lawsuits are real and it will cost you a lot if you can not defend it or if you can not afford a lawyer. Let’s begin the guessing game, how much “punitive damage” the lawyer want? 1 millions? 2 millions? May be declare bankruptcy before it finalized.
Monicar John: To some extent, [your app is] useful, but it’s illegal! Are you going to implement some sort of location tracking? … I think it will be a good feature for your app, but is illegal to spy on your love without permission.
Duncan: Indeed, I think I would sue if I found out an app was filming me without my knowledge or permission. If you upload that video that would probably be felony invasion of privacy. (Read prison time.)
Illegality served as a cautionary tale for developers who would build such apps, or users who might use them.
(☺): I recently got my Samsung Galaxy S4 9505 and I WAS FKN SHOCKED!!! Android 4 Smartphones became a super spy machine - it gets everything from you, I mean EVERYTHING! ALL YOUR INPUT DATA! Even your face, your voice, your photos, your messages, your photos/videos, your private life AND the private life of your family & friends!… Who can get this data? Of course and foremost google (and all companies behind and in google), but also a lot more: Samsung, Sony, HTC and every other mobile-phone-producer…
Lisglympt: We are not located in USA or EU. We take privacy VERY seriously. I have denied to comply with subpoenas issued by US courts. None of the big companies in USA seem to do that. We have customers in the Middle East and other places to whom this is the main reason to choose [our application]. This last point is something I have been struggling to get through, but the latest Wikileaks/Twitter subpoena case has given me some traction. It is safer to keep your data outside USA. People should and will take privacy more seriously in future.
As MichaelS’s encouragement demonstrates, government surveillance was a convincing bad actor that served as an effective cautionary tale, legitimating privacy for developers.
…the tip of a submerged iceberg of moral values. They trigger a moral concept, but are detached from the system of interpretation from which they derive, at least on a conscious level… (2008, p. 110).
Privacy was the reason: it was enough all by itself, invoking moral concepts without having to go into the details of why and how. Invoking privacy could be enough to shut down a whole exchange.
sparkdd: Hi, I develop an app that needs to get the phone number of the device. So do you know the function that returns the iPhone phone number? Thanks
octobot: U cant do that. The privacy concerns associated for that would be insane
Iowyp: That’s just impossible with the data from iTunes connect. The only way to do so should be sending you the device location at launch of the app but that would be against user privacy and therefore should not be done.
Iowyp later clarified his stance further:
Iowyp: That statement was my opinion not a policy related statement. I don’t think it’s right for devs to access that data if the app does not require it. But, again, it’s just a personal opinion.
Koolman: As to your explanation, sorry but I just do not buy this. U don’t tell why u need the AddressBook framework and [you say there’s] no way to have your platform without it. Yes I saw that also [a competing company] requires it….. If your justification is that everyone does the same … It’s like we steal cause many people also do steal. I’m still not buying this.
nusername: For privacy reasons I don’t want Google to have my location information, even if they say it’s “anonymous” it’s possible to build a profile.
MrE: Am also interested in this app… Sounds very promising and I hope this will get ported for [my phone model], so I can get some freakin’ privacy!
Meredi92: Look, i havent looked into doing it, but based on what most people complain about i think that filming from their device without their knowing would be a big red light. It would for sure stop me from downloading an app if i saw/knew about that functionality.
This rationalization seems to imply that users would refrain from downloading an app if they knew about its data collection behavior, hurting sales.
S_Magnolia: I think it is a very useful thread as it helps stop what I consider consumer abuse, and not to mention help free up resources like battery and memory on our Droid devices.
So let me understand this. I buy access to a network for my phone, which I also paid for. My location information, which is the result of my purchases is being used to generate income. So I’m allowing my spent cash to generate data and be leveraged to generate income. My information wouldn’t exist without my investment in the technology, so I own it. I’m paying to be stalked!!!
Cyclonmaster: Good app. One thing SMS/MMS app nowadays lack is a backup option. If this app also have a built-in backup option to the cloud, this will be my ultimate app. …. If my phone lost/stolen, I can still retrieve my old sms/mms from cloud. (some say privacy issues, for me it is an option)
What’s you not using an android phone going to fix? Sure, the world’s heading to hell in a handbasket but that’s no reason to use a crappy phone.
Discussion: Work Practices Matter to Ethical Deliberation
An important finding of this project for business ethics is that online forums can be useful spaces for ethical deliberations, as developers use these spaces to discuss, justify, and define values. For work that occurs frequently in distributed communities, fostering a culture of ethics can be a challenge. Understanding online forums as learning environments for occupational ethics enables ethics education beyond industry conferences, undergraduate and graduate programs, and other more traditional learning environments. For researchers, regulators, and managers interested in cultivating a culture of ethical debate and deliberation in mobile development (and other analogous forms of distributed work), online forums could be an important site of intervention. In addition, forums provide a space for platform providers—particularly firms which prioritize corporate social responsibility—to observe technical features and social processes that prompt ethical debates. Conflicts between the civic or social values firms espouse publicly and the values they act upon may alienate core users (Busch and Shepherd 2014). The values lever framework helps us recognize the technical and social features of platform environments that prompt ethical debates, and can help managers spot potential flashpoints before they develop into full-blown conflicts.
Values levers in the iOS and Android ecosystems
App Store approval
The rules, regulations, and cultural norms that govern each ecosystem impact day-to-day work practices for mobile developers. These differing work practices in turn shape the ethical deliberations engaged in by forum participants, addressing the question of why privacy is debated—and ultimately designed for—so differently between the two ecosystems. In iOS development, Apple’s approval process and technical constraints inspire frequent privacy discussions among developers. This leads to design decisions that focus on meeting Apple’s policy demands. Apple serves as a regulator, requiring baseline privacy-protection practices. We believe that this is why iOS applications are less likely to leak users’ personal information (Zang et al. 2015). In Android development, developers differentiate their products in a crowded open-source marketplace through privacy features. Developers also regularly engage users and respond to user requests for new privacy features. These practices led to lively debates about aspects of “privacy” as diverse as the politics of NSA surveillance and Google’s control over the Android ecosystem. While XDA did not exhibit as many explicit debates about privacy as did iPhoneDevSDK (and Android applications have been shown to leak more information than iOS applications), privacy discussions were prompted by a wider variety of work practices, ranging from making decisions about permissions to fielding explicit user requests. As a result, the Android ecosystem featured more diverse and creative privacy solutions.
The contrast between work practices and privacy discussions in iOS and Android suggests that another class of developers—platform developers—can serve a powerful role in encouraging ethical practice within their ecosystems. Firms that host mobile application stores function as centralized distribution points for mobile software. That centralization should prompt these firms to consider their role as regulators, deciding whether they will demand particular privacy-oriented features from applications within their marketplace. Google and Apple are not only hosts of developers’ designs, but also (private) regulators of those designs. The different structures of those development environments prompt different moments of ethical deliberation. While they are not content producers, platform firms influence design ethics; as Gillespie (2010) notes, platforms are constantly engaged in ethical, legal, processual, and financial decisions about the content they host. Within mobile development, this opens an opportunity for platforms to potentially structure developer work practices to encourage ethical debate, deliberation, and justification. Imposing technical constraints through operating system features, for example, prompts developers to question and debate why those technical constraints exist. This power exists even if developers are not formally employed by Apple or Google, simply because they must use the platform’s code and comply with the platform’s regulations. Illustrating the wide range of third parties who may have access to personal data can help developers understand the consequences of sharing or selling user data. Giving developers diverse options for data collection permissions, and enabling users to select among those options, helps developers be conscious that users might prefer to limit data collection and access. Linking developers more directly to users through forums or feedback can also increase developers’ attention to privacy by making user concerns a part of the development dialogue. And finally, finding ways to encourage developers to differentiate their products based upon data protection features can encourage a marketplace of privacy-sensitive options for consumers.
For educators, regulators, and managers interested in encouraging more ethical discussion and deliberation in mobile development, the values levers in each ecosystem provide a valuable point of entry. Apple’s regulation process provides an excellent opportunity for regulators to collaborate with a major industry stakeholder to decide whether and if privacy concerns are being sufficiently addressed by the Apple approval process and the technical constraints that Apple places on development for its operating system. The Android ecosystem’s tight integration between users and developers provides an opportunity for users to organize for better privacy protections. Disseminating evidence-based research about user expectations and needs through Android forums might be one way to trigger additional ethical deliberation.
Engaging with analytics provides an opportunity to encourage developers in both ecosystems to be more reflective about the data they collect and store. Managers interested in encouraging ethical discussions might find ways to highlight the many third parties who can access iOS and Android data. And helping developers to see the extent and reach of third parties involved in their ecosystems, from data brokers to advertisers, could also spur additional ethical discussion.
In future work, our team will evaluate a number of these values levers as educational interventions. We are building interactive simulations for use in mobile development classrooms and workshops. These simulations ask teams to define data collection policies for a mobile application. The simulations deploy values levers discovered here by requiring teams to gain App Store approval, navigate technical constraints, decide upon permissions, and get feedback from users. Running different simulations and contrasting the results will allow us to evaluate the efficacy and impact of various values levers.
A final finding of this research is that while the triggers for privacy conversations are quite different between ecosystems, ultimately the justifications offered for privacy are similar. Developers across both ecosystems use moral and cautionary tales, moral evaluation, and instrumental and technical rationalization to legitimize privacy as a value in mobile development. Mimicking all three forms of justification for privacy can be useful to those who wish to promote ethical practices in mobile development—and indeed, each of these forms of justification is likely familiar to ethics researchers and educators. Contributing moral and cautionary tales which are both accurate and meaningful could be a way of increasing ethical dialogues in online forums. And paying attention to the importance of instrumental and technical rationalizations—without losing the overall point that not all ethical principles can be rationalized—can help us to find situations in which a boon for privacy is also a boon for a technical concern (such as power consumption).
A next step for this research is to understand why justifications for privacy are so similar. One observation was that while developers from all over the world participated in the forums, the privacy discourses engaged were largely American in tone and outlook. Moral evaluations largely framed privacy was a principle of individual liberty. Rationalizations found market justifications for respecting privacy. And cautionary tales taught developers that privacy violations might result in lawsuits. Largely missing were more stringent European perspectives on data protection (Jones 2016), or even non-western views more focused on communal norms than individual liberties (Capurro 2005). Some of the very American nature of our data is likely explained by the fact that we analyzed English-language forums (though each forum involved many international participants). We further hypothesize that because Google and Android are both American companies, they shape the discourse of their developers toward American cultural norms. Future research to test this hypothesis is one outcome of this qualitative study.
Our analysis of privacy levers and justifications in mobile application development leaves open several other questions for future work. A re-analysis of the forum data focused on the progression of privacy debates over time might be very revealing of when and how privacy standards emerged as these development communities matured. Second, because we searched for threads that explicitly discussed privacy, we have found few examples of application design in which privacy was not considered, or concerns were suppressed or ignored. Methods to find such conversations might involve tracing the historical development of apps which were deemed by consumers or regulators to have significant privacy concerns once they reached the marketplace.
Conclusion: Advancing Ethical Dialogue in Technology Development
Values levers cannot fully solve the challenge of integrating ethical decision making into technical development settings. But particular work practices can advance the dialogue, contributing to a culture of ethical reflection within technical work. Analyzing the relationship between work practices and ethical discussions across two mobile development platforms demonstrates that gaining the approval of a regulator, navigating technical constraints, debating permissions, dealing with requests from users, using analytics, and interacting with third parties can all spark conversations about privacy during mobile development. Discovering these practices points to actors who can be influential in encouraging ethics-oriented software design, including mobile platform companies, analytics companies, and users in addition to ethicists and educators. Articulating these practices, and the ecosystem of firms and individuals who encourage those practices, moves us one step further toward encouraging developers to prioritize privacy practices and features in software design.
We would like to thank participants at the 2016 iConference and the 2016 Privacy Law Scholars Conference for feedback on early drafts of this work.
This study was funded by the US National Science Foundation Awards CNS-1452854, SES-1449351, and a Google Faculty Research Award.
Compliance with Ethical Standards
Conflict of interest
Shilton has received research grants from Google. Google has not approved or influenced the results of this study.
All procedures performed in studies involving human participants were in accordance with the ethical standards of the institutional research committee and with the 1964 Helsinki Declaration and its later amendments or comparable ethical standards.
- Balebako, R., Marsh, A., Lin, J., Hong, J., & Cranor, L. F. (2014). The privacy and security behaviors of smartphone app developers. In USEC’14. San Diego, CA: Internet Society. Retrieved from http://lorrie.cranor.org/pubs/usec14-app-developers.pdf
- Busch, T. & Shepherd, T. (2014). Doing well by doing good? Normative tensions underlying Twitter's corporate social responsibility ethos. Convergence: The International Journal of Research into New Media Technologies, 20(3): 293–315.Google Scholar
- Cavoukian, A. (2012). Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices. Ontario, Canada: Office of the Privacy Commissioner of Canada. Retrieved from http://www.privacybydesign.ca/index.php/paper/operationalizing-privacy-by-design-a-guide-to-implementing-strong-privacy-practices/
- Cetina, K. K., Schatzki, T. R., & von Savigny, E. (Eds.). (2001). The Practice Turn in Contemporary Theory. New York: Routledge.Google Scholar
- Cohen, J. E. (2012). Configuring the Networked Self: Law, Code, and the Play of Everyday Practice. New Haven & London: Yale University Press.Google Scholar
- Cranor, L. F. (2006). What do they “indicate?”: Evaluating security and privacy indicators. Interactions, https://doi.org/10.1145/1125864.1125890
- Cravens, A. (2012). A demographic and business model analysis of today’s app developer. Retrieved March 19, 2013, from http://pro.gigaom.com/2012/09/a-demographic-and-business-model-analysis-of-todays-app-developer/
- Davenport, E., & Hall, H. (2002). Organizational knowledge and communities of practice. Annual Review of Information Science and Technology (ARIST), 36, 171–227.Google Scholar
- Federal Trade Commission. (2012). Protecting consumer privacy in an era of rapid change: recommendations for businesses and policymakers. Washington, DC: Federal Trade Commission.Google Scholar
- Friedman, B., & Nissenbaum, H. (1997). Bias in computer systems. In B. Friedman (Ed.), Human Values and the Design of Computer Technology (pp. 21–40). Cambridge and New York: Cambridge University Press.Google Scholar
- Froehlich, J., Findlater, L., & Landay, J. (2010). The design of eco-feedback technology. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 1999–2008). New York, NY, USA: ACM. https://doi.org/10.1145/1753326.1753629
- Google Play. (2016). Google Play Developer Distribution Agreement. Retrieved August 9, 2016, from https://play.google.com/intl/ALL_us/about/developer-distribution-agreement.html
- Greene, D. & Shilton, K. (In press). Platform Privacies: Governance, Collaboration, and the Different Meanings of ‘Privacy’ in iOS and Android Development. New Media & Society.Google Scholar
- Gurses, S., & van Hoboken, J. (2017). Privacy after the Agile Turn. In E. Selinger (Ed.), The Cambridge handbook of consumer privacy. Cambridge and New York: Cambridge University Press. Retrieved from https://osf.io/27x3q/#
- Harris, K. D. (2013). Privacy on the go: recommendations for the mobile ecosystem. Sacramento, CA: California Department of Justice.Google Scholar
- Hollander, R. (2009). Ethics Education and Scientific and Engineering Research: What’s Been Learned? What Should Be Done? Summary of a Workshop. Washington, D.C.: National Academy of Engineering.Google Scholar
- Jones, M. L. (2016). Ctrl + Z: The right to be forgotten. New York; London: NYU Press.Google Scholar
- Kelley, P. G., Consolvo, S., Cranor, L. F., Jung, J., Sadeh, N., & Wetherall, D. (2012). A Conundrum of Permissions: Installing Applications on an Android Smartphone. In J. Blyth, S. Dietrich, & L. J. Camp (Eds.), Financial Cryptography and Data Security (pp. 68–79). Springer Berlin Heidelberg. Retrieved from http://link.springer.com.proxy-um.researchport.umd.edu/chapter/10.1007/978-3-642-34638-5_6
- Leon, P. G., Ur, B., Balebako, R., Cranor, L. F., Shay, R., & Wang, Y. (2011). Why Johnny can’t opt out: a usability evaluation of tools to limit online behavioral advertising (No. CMU-CyLab-11-017). Pittsburgh, PA: Carnegie Mellon University.Google Scholar
- Lipner, S. (2004). The trustworthy computing security development lifecycle. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04) (pp. 2–13). Tucson, AZ: IEEE Computer Society. doi: 10.1109/CSAC.2004.41
- Martin, K. E. (2013). Transaction costs, privacy, and trust: The laudable goals and ultimate failure of notice and choice to respect privacy online. First Monday. Retrieved from http://firstmonday.org/ojs/index.php/fm/article/view/4838
- Miller, J. K., Friedman, B., & Jancke, G. (2007). Value tensions in design: the value sensitive design, development, and appropriation of a corporation’s groupware system. In Proceedings of the 2007 international ACM conference on Supporting group work (pp. 281–290). Sanibel Island, Florida, USA: ACM. Retrieved from http://portal.acm.org/citation.cfm?id=1316624.1316668
- Nissenbaum, H. (2009). Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford, CA: Stanford Law Books.Google Scholar
- Pavlou, P. A. (2013). State of the information privacy literature: Where are we now and where should we go? MIS Quarterly, 35(4), 977–988.Google Scholar
- Solove, D. J. (2010). Understanding Privacy. Massachusetts: Harvard University Press.Google Scholar
- Spencer, G. (2016). Developers: Apple’s App Review Needs Big Improvements [Blog]. Retrieved from https://www.macstories.net/stories/developers-apples-app-review-needs-big-improvements/
- Urban, J. M., Hoofnagle, C. J., & Li, S. (2012). Mobile Phones and Privacy (BCLT Research Paper Series). Berkeley, CA: University of California at Berkeley—Center for the Study of Law and Society. Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2103405
- VisionMobile. (2016). Mobile Developer Segmentation 2016. London: VisionMobile.Google Scholar
- Waldo, J., Lin, H. S., & Millett, L. I. (2007). Engaging Privacy and Information Technology in a Digital Age. Washington, D.C.: The National Academies Press.Google Scholar
- Westin, A. F. (1970). Privacy and Freedom. New York: Atheneum.Google Scholar
- Zang, J., Dummit, K., Graves, J., Lisker, P., & Sweeney, L. (2015). Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps. Journal of Technology Science. Retrieved from http://jots.pub/a/2015103001/
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.