Empowering IoT Developers with Privacy-Preserving End-User Development Tools

Abstract

Internet of Things applications (IoT) have the potential to derive sensitive user data, necessitating adherence to privacy and data protection laws. However, developers often struggle with privacy issues, resulting in personal data misuse. Despite the proposed Privacy by Design (PbD) approach, criticism arises due to its ambiguity and lack of practical tools for educating software engineers. We introduce Canella, an integrated IoT development ecosystem with privacy-preserving components leveraging End-User Development (EUD) tools Blockly@rduino and Node-RED, to help developers build end-to-end IoT applications that prioritize privacy and comply with regulations. It helps developers integrate privacy during the development process and rapid prototyping phases, offering real-time feedback on privacy concerns. We start by conducting a focus group study to explore the applicability of designing and implementing PbD schemes within different development environments. Based on this, we implemented a proof-of-concept prototype of Canella and evaluated it in controlled lab studies with 18 software developers. The findings reveal that developers using Canella created more privacy-preserving applications, gained a deeper understanding of personal data management, and achieved better privacy compliance. Our results also highlight Canella's role in educating and promoting privacy awareness, enhancing productivity, streamlining privacy implementation, and significantly reducing cognitive load. Overall, developers found Canella and its privacy-preserving components useful, easy to use, and easy to learn, which could potentially improve IoT application privacy. Watch the demo video.