Mobile App Privacy in Software Engineering Research: A Systematic Mapping Study

TL;DR

This systematic mapping study reviews 54 software engineering studies on mobile app privacy, highlighting research trends, categories, gaps, and future directions to better understand and address privacy concerns in mobile apps.

Contribution

It categorizes existing research on mobile app privacy, identifies imbalances and gaps, and suggests future research directions in the field.

Findings

Majority of studies focus on leak detection tools.

Less research on privacy requirements and policies.

Few studies address user perspective.

Abstract

Mobile applications (apps) have become deeply personal, constantly demanding access to privacy-sensitive information in exchange for more personalized user experiences. Such privacy-invading practices have generated major multidimensional and unconventional privacy concerns among app users. To address these concerns, the research on mobile app privacy has experienced rapid growth over the past decade. In general, this line of research is aimed at systematically exposing the privacy practices of apps and proposing solutions to protect the privacy of mobile app users. In this survey paper, we conduct a systematic mapping study of 54 Software Engineering (SE) primary studies on mobile app privacy. Our objectives are to a) explore trends in SE app privacy research, b) categorize existing evidence, and c) identify potential directions for future research. Our results show that existing literature can be divided into four main categories: privacy policy, requirements, user perspective, and leak detection. Furthermore, our survey reveals an imbalance between these categories; majority of existing research focuses on proposing tools for detecting privacy leaks, with less studies targeting privacy requirements and policy and even less on user perspective. Finally, our survey exposes several gaps in existing research and suggests areas for improvement.