Sara Kiesler
$196,533
University of Texas at San Antonio
Texas
Computer and Information Science and Engineering (CISE)
Recent years have seen a dramatic rise in mobile apps for health monitoring, a trend accelerated by the COVID-19 pandemic. By collecting and utilizing massive amounts of data, mobile health apps could revolutionize how people monitor their health and how they interact with physicians. This revolution could be derailed by unexpected data uses and poor privacy protections scaring away potential users. This project systematically examines the potential disconnects between consumers’ privacy expectations when interacting with mobile health apps, privacy perspectives and behaviors of health apps’ developers, the privacy protections afforded by the law and relevant privacy policies, and the actual data handling practices of such apps. The research team is addressing identified disconnects by demonstrating new methods of communicating privacy information to developers and users. The team will attempt to better align the practices of mobile health apps with the privacy expectations of consumers by producing policy recommendations, validated user interface artifacts that improve transparency and privacy control mechanisms, practical solutions for monitoring data practices and enforcing privacy regulations, and advice for developers on considering privacy while designing software. Combining expertise in social sciences, computer security and privacy, natural language processing, and law, the investigators are comprehensively analyzing the privacy of mobile health apps. They will learn the app’s actual data practices by studying their sensitive resource usage and communication over the network. The investigators are examining how current privacy laws do and don’t apply to health apps, and comparing them with both users’ and developers’ expectations. Studies of health app users will identify users’ privacy expectations and test the usability of privacy interfaces. Studies of health app developers will identify their views on privacy and test privacy-promoting development tools. The combination of these studies will point to interventions, and develop and test practical interface improvements and development tools. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.