Visible to the public Governance for Big Data - January 2022Conflict Detection Enabled

PI(s), Co-PI(s), Researchers:

  • Serge Egelman (ICSI)
  • Julia Bernd (ICSI)

Human Behavior, Policy-Governed Secure Collaboration


  • Nothing to report this quarter


  • Our October report described our study (in collaboration with colleagues at Aalto University in Finland) to examine healthcare professionals' views of and privacy expectations about health apps, and how those views and expectations are related to policies and governance structures for medical data in different countries. We have received ethics determinations from both institutions, and are currently recruiting and interviewing participants in the U.S., Finland, Sweden, Sri Lanka, and Singapore.

  • In collaboration with colleagues at University of Bristol, we completed the analysis mentioned in previous reports of how the data governance mechanisms of various stakeholders, especially the major mobile platforms, affect app developers' approach to health app privacy.

  • We wrote a paper on the study entitled "Privacy, Permissions, and the Health App Ecosystem: A Stack Overflow Exploration", and submitted it to Empirical Software Engineering. (Authors Mohammad Tahaei, Julia Bernd, and Awais Rashid.)

    • Abstract: In the study, we qualitatively analyzed 269 privacy-related posts on Stack Overflow by developers of health apps for Android and iOS-based systems. We found that health-specific access control structures introduced by those platforms (e.g., enhanced requirements for permissions and authentication) underlie several privacy-related challenges faced by developers. The specific nature of problems often differed between the two platforms, for example additional verification steps for Android developers, or confusing feedback about incorrectly formulated permission scopes for iOS. Developers also face problems due to third-party libraries including health-related permissions without explicit signposting. Official documentation plays a key part in clarifying the original question or augmenting answers provided during the discussions---but in some cases, may itself be the cause of confusion.


  • Nothing to report this quarter.


  • Nothing to report this quarter.