Applications that continuously gather and disclose
personal information about users are increasingly common.
While disclosing this information may be essential for these
applications to function, it may also raise privacy concerns.
Partly, this is due to frequently changing context that introduces
new privacy threats, and makes it difficult to continuously satisfy
privacy requirements. To address this problem, applications may
need to adapt in order to manage changing privacy concerns.
Thus, we propose a framework that exploits the notion of privacy
awareness requirements to identify runtime privacy properties to
satisfy. These properties are used to support disclosure decision
making by applications. Our evaluations suggest that
applications that fail to satisfy privacy awareness requirements
cannot regulate users’ information disclosure. We also observe
that the satisfaction of privacy awareness requirements is useful
to users aiming to minimise exposure to privacy threats, and to
users aiming to maximise functional benefits amidst increasing
threat severity.
History
Publication
ICSE '13 Proceedings of the 2013 International Conference on Software Engineering;pp. 632-641