{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T23:53:16Z","timestamp":1776124396454,"version":"3.50.1"},"reference-count":58,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,12,27]],"date-time":"2018-12-27T00:00:00Z","timestamp":1545868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["SaTC-1801472, TWC-1564009"],"award-info":[{"award-number":["SaTC-1801472, TWC-1564009"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"crossref","award":["FA8750-15-2-0281"],"award-info":[{"award-number":["FA8750-15-2-0281"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Interact. Mob. Wearable Ubiquitous Technol."],"published-print":{"date-parts":[[2018,12,27]]},"abstract":"<jats:p>Although app developers are responsible for protecting users' privacy, this task can be very challenging. In this paper, we present Coconut, an Android Studio plugin that helps developers handle privacy requirements by engaging developers to think about privacy during the development process and providing real-time feedback on potential privacy issues. We start by presenting new findings based on a series of semi-structured interviews with Android developers, probing into the difficulties with privacy that developers face when building apps. Based on these findings, we implemented a proof-of-concept prototype of Coconut and evaluated it in a controlled lab study with 18 Android developers (including eight professional developers). Our study results suggest that apps developed with Coconut handled privacy concerns better, and the developers that used Coconut had a better understanding of their code's behavior and wrote a better privacy policy for their app. We also found that requiring developers to do a small amount of annotating work regarding their apps' personal data practices during the development process may result in a significant improvement in app privacy.<\/jats:p>","DOI":"10.1145\/3287056","type":"journal-article","created":{"date-parts":[[2018,12,27]],"date-time":"2018-12-27T19:28:03Z","timestamp":1545938883000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":33,"title":["Coconut"],"prefix":"10.1145","volume":"2","author":[{"given":"Tianshi","family":"Li","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Yuvraj","family":"Agarwal","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"Jason I.","family":"Hong","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2018,12,27]]},"reference":[{"key":"e_1_2_2_1_1","unstructured":"2017. Improve Your Code With Lint. Available at https:\/\/developer.android.com\/studio\/write\/lint.html (2017\/05\/14). (2017).  2017. Improve Your Code With Lint. Available at https:\/\/developer.android.com\/studio\/write\/lint.html (2017\/05\/14). (2017)."},{"key":"e_1_2_2_2_1","volume-title":"Comparing the Usability of Cryptographic APIs. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE.","author":"Acar Yasemin","year":"2017"},{"key":"e_1_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.25"},{"key":"e_1_2_2_4_1","volume-title":"Mazurek","author":"Acar Yasemin","year":"2016"},{"key":"e_1_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462456.2464460"},{"key":"e_1_2_2_6_1","volume-title":"FlowDroid. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI '14. ACM Press.","author":"Arzt Steven","year":"2013"},{"key":"e_1_2_2_7_1","unstructured":"GSM Association. 2012. Mobile Privacy Principles promoting consumer privacy in the mobile ecosystem. Available at http:\/\/www.gsma.com\/publicpolicy\/wp-content\/uploads\/2016\/10\/GSMA-Privacy-Principles.pdf (2017\/05\/14). (2012).  GSM Association. 2012. Mobile Privacy Principles promoting consumer privacy in the mobile ecosystem. Available at http:\/\/www.gsma.com\/publicpolicy\/wp-content\/uploads\/2016\/10\/GSMA-Privacy-Principles.pdf (2017\/05\/14). (2012)."},{"key":"e_1_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2014.70"},{"key":"e_1_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23006"},{"key":"e_1_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1753326.1753402"},{"key":"e_1_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2006.158"},{"key":"e_1_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1999995.2000018"},{"key":"e_1_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3132029"},{"key":"e_1_2_2_14_1","volume-title":"USA: Federal Trade Commission","author":"Federal Trade Commission et al.","year":"2013"},{"key":"e_1_2_2_15_1","unstructured":"Android Official Documentation. 2017. Best Practices for Permissions and Identifiers. Available at https:\/\/developer.android.com\/training\/best-permissions-ids.html (2017\/05\/14). (2017).  Android Official Documentation. 2017. Best Practices for Permissions and Identifiers. Available at https:\/\/developer.android.com\/training\/best-permissions-ids.html (2017\/05\/14). (2017)."},{"key":"e_1_2_2_16_1","unstructured":"Android Official Documentation. 2017. Best Practices for Unique Identifiers. Available at https:\/\/developer.android.com\/training\/articles\/user-data-ids.html (2017\/05\/14). (2017).  Android Official Documentation. 2017. Best Practices for Unique Identifiers. Available at https:\/\/developer.android.com\/training\/articles\/user-data-ids.html (2017\/05\/14). (2017)."},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"e_1_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.31"},{"key":"e_1_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1378773.1378804"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"e_1_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9517-1"},{"key":"e_1_2_2_22_1","unstructured":"Kamala D. Harris. 2013. Privacy on the go recommendations for the mobile ecosystem. Available at https:\/\/oag.ca.gov\/sites\/all\/files\/agweb\/pdfs\/privacy\/privacy_on_the_go.pdf (2017\/05\/14). (2013).  Kamala D. Harris. 2013. Privacy on the go recommendations for the mobile ecosystem. Available at https:\/\/oag.ca.gov\/sites\/all\/files\/agweb\/pdfs\/privacy\/privacy_on_the_go.pdf (2017\/05\/14). (2013)."},{"key":"e_1_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1052883.1052895"},{"key":"e_1_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2017.23015"},{"key":"e_1_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2014.23045"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3287051"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/2486788.2486877"},{"key":"e_1_2_2_28_1","volume-title":"Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15","author":"Karjoth G."},{"key":"e_1_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/985692.985712"},{"key":"e_1_2_2_30_1","volume-title":"Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick Mcdaniel.","author":"Li Li","year":"2014"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3130941"},{"key":"e_1_2_2_32_1","volume-title":"IFIP Advances in Information and Communication Technology","author":"Loser Kai-Uwe"},{"key":"e_1_2_2_33_1","volume-title":"CHEX. In Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. ACM Press.","author":"Lu Long","year":"2012"},{"key":"e_1_2_2_34_1","unstructured":"Stephen McCamant and Michael D Ernst. 2006. Quantitative information-flow tracking for C and related languages. (2006).  Stephen McCamant and Michael D Ernst. 2006. Quantitative information-flow tracking for C and related languages. (2006)."},{"key":"e_1_2_2_35_1","unstructured":"James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection analysis and signature generation of exploits on commodity software. (2005).  James Newsome and Dawn Song. 2005. Dynamic taint analysis for automatic detection analysis and signature generation of exploits on commodity software. (2005)."},{"key":"e_1_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133977"},{"key":"e_1_2_2_37_1","volume-title":"Proceedings of the 22nd USENIX security symposium. 543--558","author":"Octeau Damien","year":"2013"},{"key":"e_1_2_2_38_1","unstructured":"Future of Privacy Forum and the Center for Democracy & Technology. 2012. Best Practices for Mobile Application Developers. Available at https:\/\/www.cdt.org\/files\/pdfs\/Best-Practices-Mobile-App-Developers.pdf (2017\/05\/14). (2012).  Future of Privacy Forum and the Center for Democracy & Technology. 2012. Best Practices for Mobile Application Developers. Available at https:\/\/www.cdt.org\/files\/pdfs\/Best-Practices-Mobile-App-Developers.pdf (2017\/05\/14). (2012)."},{"key":"e_1_2_2_39_1","unstructured":"Office of the Australian Information Commissioner. 2014. Mobile privacy: a better practice guide for mobile app developers. Available at https:\/\/www.oaic.gov.au\/agencies-and-organisations\/guides\/guide-for-mobile-app-developers (2017\/05\/14). (2014).  Office of the Australian Information Commissioner. 2014. Mobile privacy: a better practice guide for mobile app developers. Available at https:\/\/www.oaic.gov.au\/agencies-and-organisations\/guides\/guide-for-mobile-app-developers (2017\/05\/14). (2014)."},{"key":"e_1_2_2_40_1","volume-title":"Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps.","author":"Office of the Privacy Commission","year":"2012"},{"key":"e_1_2_2_41_1","unstructured":"Information Commissioner's Office. 2013. Privacy in mobile apps guidance for app developers. Available at https:\/\/ico.org.uk\/media\/for-organisations\/documents\/1596\/privacy-in-mobile-apps-dp-guidance.pdf (2017\/05\/14). (2013).  Information Commissioner's Office. 2013. Privacy in mobile apps guidance for app developers. Available at https:\/\/ico.org.uk\/media\/for-organisations\/documents\/1596\/privacy-in-mobile-apps-dp-guidance.pdf (2017\/05\/14). (2013)."},{"key":"e_1_2_2_42_1","unstructured":"Article 29 Data Protection Working Party. 2013. Opinion 02\/2013 on apps on smart devices. Available at http:\/\/ec.europa.eu\/justice\/data-protection\/article-29\/documentation\/opinion-recommendation\/files\/2013\/wp202_en.pdf (2017\/05\/14). (2013).  Article 29 Data Protection Working Party. 2013. Opinion 02\/2013 on apps on smart devices. Available at http:\/\/ec.europa.eu\/justice\/data-protection\/article-29\/documentation\/opinion-recommendation\/files\/2013\/wp202_en.pdf (2017\/05\/14). (2013)."},{"key":"e_1_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2006.29"},{"key":"e_1_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.5555\/2818754.2818828"},{"key":"e_1_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.28"},{"key":"e_1_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568244"},{"key":"e_1_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786812"},{"key":"e_1_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076021.2048146"},{"key":"e_1_2_2_49_1","unstructured":"National Telecommunications and Information Administration. 2013. Short Form Notice Code of Conduct to Promote Transparency in Mobile App Practices. Available at https:\/\/www.ntia.doc.gov\/files\/ntia\/publications\/july_25_code_draft.pdf (2017\/05\/14). (2013).  National Telecommunications and Information Administration. 2013. Short Form Notice Code of Conduct to Promote Transparency in Mobile App Practices. Available at https:\/\/www.ntia.doc.gov\/files\/ntia\/publications\/july_25_code_draft.pdf (2017\/05\/14). (2013)."},{"key":"e_1_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173836"},{"key":"e_1_2_2_51_1","volume-title":"Human Aspects of Information Security, Privacy and Trust","author":"Wijayarathna Chamila"},{"key":"e_1_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786816"},{"key":"e_1_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2531602.2531722"},{"key":"e_1_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2207676.2208665"},{"key":"e_1_2_2_55_1","volume-title":"2011 IEEE Symposium on Visual Languages and Human-Centric Computing (VL\/HCC). IEEE.","author":"Xie Jing","year":"2011"},{"key":"e_1_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908098"},{"key":"e_1_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2103621.2103669"},{"key":"e_1_2_2_58_1","volume-title":"Who knows what about me? A survey of behind the scenes personal data sharing to third parties by mobile apps. Technology Science 30","author":"Zang Jinyan","year":"2015"}],"container-title":["Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3287056","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3287056","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3287056","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:02:08Z","timestamp":1750208528000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3287056"}},"subtitle":["An IDE Plugin for Developing Privacy-Friendly Apps"],"short-title":[],"issued":{"date-parts":[[2018,12,27]]},"references-count":58,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,12,27]]}},"alternative-id":["10.1145\/3287056"],"URL":"https:\/\/doi.org\/10.1145\/3287056","relation":{},"ISSN":["2474-9567"],"issn-type":[{"value":"2474-9567","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,12,27]]},"assertion":[{"value":"2018-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-10-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-12-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}