Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Demystifying Privacy Enhancing Technologies Through the Lens of Software Developers

Maisha Boteju, Thilina Ranbaduge, Dinusha Vatsalan, Nalin Asanka Gamagedara Arachchilage

TL;DR

This paper addresses the gap between privacy-enhancing technologies (PETs) and software developers’ practice by conducting a systematic literature review of 39 empirical studies. It maps which PETs have been embedded in software, why they were chosen, and how they were evaluated, while cataloging the organizational and technical challenges developers face. The authors identify three clusters of solutions—knowledge enhancement, SDLC improvements, and cost reduction—but note limited empirical validation and generalisability. The findings highlight a gap between PETs research and real-world developer adoption, emphasizing the need for developer-centered education, tooling, and SDLC frameworks to enable privacy-by-design in practice.

Abstract

In the absence of data protection measures, software applications lead to privacy breaches, posing threats to end-users and software organisations. Privacy Enhancing Technologies (PETs) are technical measures that protect personal data, thus minimising such privacy breaches. However, for software applications to deliver data protection using PETs, software developers should actively and correctly incorporate PETs into the software they develop. Therefore, to uncover ways to encourage and support developers to embed PETs into software, this Systematic Literature Review (SLR) analyses 39 empirical studies on developers' privacy practices. It reports the usage of six PETs in software application scenarios. Then, it discusses challenges developers face when integrating PETs into software, ranging from intrinsic challenges, such as the unawareness of PETs, to extrinsic challenges, such as the increased development cost. Next, the SLR presents the existing solutions to address these challenges, along with the limitations of the solutions. Further, it outlines future research avenues to better understand PETs from a developer perspective and minimise the challenges developers face when incorporating PETs into software.

SoK: Demystifying Privacy Enhancing Technologies Through the Lens of Software Developers

TL;DR

This paper addresses the gap between privacy-enhancing technologies (PETs) and software developers’ practice by conducting a systematic literature review of 39 empirical studies. It maps which PETs have been embedded in software, why they were chosen, and how they were evaluated, while cataloging the organizational and technical challenges developers face. The authors identify three clusters of solutions—knowledge enhancement, SDLC improvements, and cost reduction—but note limited empirical validation and generalisability. The findings highlight a gap between PETs research and real-world developer adoption, emphasizing the need for developer-centered education, tooling, and SDLC frameworks to enable privacy-by-design in practice.

Abstract

In the absence of data protection measures, software applications lead to privacy breaches, posing threats to end-users and software organisations. Privacy Enhancing Technologies (PETs) are technical measures that protect personal data, thus minimising such privacy breaches. However, for software applications to deliver data protection using PETs, software developers should actively and correctly incorporate PETs into the software they develop. Therefore, to uncover ways to encourage and support developers to embed PETs into software, this Systematic Literature Review (SLR) analyses 39 empirical studies on developers' privacy practices. It reports the usage of six PETs in software application scenarios. Then, it discusses challenges developers face when integrating PETs into software, ranging from intrinsic challenges, such as the unawareness of PETs, to extrinsic challenges, such as the increased development cost. Next, the SLR presents the existing solutions to address these challenges, along with the limitations of the solutions. Further, it outlines future research avenues to better understand PETs from a developer perspective and minimise the challenges developers face when incorporating PETs into software.
Paper Structure (62 sections, 2 figures, 6 tables)

This paper contains 62 sections, 2 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Psuedonymisation
  4. K-Anonymity
  5. Onion Routing
  6. Homomorphic Encryption
  7. Federated Learning
  8. Differential Privacy
  9. Synthetic Data
  10. Secure Multi-Party Computation
  11. Zero-Knowledge Proof
  12. Trusted Execution Environment
  13. Related Work
  14. Methodology
  15. Planning
  16. ...and 47 more sections

Figures (2)

  • Figure 1: The search and selection strategy of the SLR. The separate phases indicate the three search processes used to identify relevant publications. A total of 39 primary articles were selected at the end of this process. n = number of papers, IC# = Inclusion Criteria, EC# = Exclusion Criteria
  • Figure 2: The overview of the themes identified from the reflexive thematic analysis of the Systematic Literature Review (SLR) and the main findings under each theme. The themes are categorised under respective research questions. The figure also mentions the sections that discuss each theme. RQ# = Research Question