Participant Information Sheet

Summary

This research aims to evaluate why developers use specific WebView settings and whether they are aware of the security implications. By assessing your answers to a survey, we can identify patterns in developer behavior and understanding of WebView security.

The survey will take approximately 10 minutes to complete.
We use your unique token to match your survey answers with your organization.
We do not link your answers to you as an individual.
We never publicly link your survey answers, and share your organization with third-parties or disclose it.

Dear participant,

Thank you for your interest in our study! Your participation will help us gain valuable insights into developer practices, understanding, and awareness regarding WebView security. Please read the following information carefully to make an informed decision about participating.

Study Process

The study consists of a survey that you can complete online. The survey will ask you whether you have experience with Android WebView and whether you have used it in your apps. If you have used it, we will ask you whether you have used specific features and why you have used them. Finally, we will ask you about your understanding of the security implications of using WebView.

The study will take about 10 minutes of your time

Voluntary Participation

Your participation is entirely voluntary. You may withdraw at any time without consequences.

Risks and Benefits

This study does not pose any risks beyond those you might encounter in your daily life. While there are no direct benefits to you, your participation will contribute to research aimed at enhancing the security of the mobile-Web ecosystem. The results will be published in anonymized and aggregated form at academic venues.

Data Collection, Processing, and Usage

As part of this study, we collect the following information about you:

Your unqiue token
Your survey answers

Please note that we have no direct way of identifying individual participants from the data we collect but refer to the token as a unique identifier.

We are committed to keeping your data private and confidential. Once all participants' responses are aggregated, the mapping between your token (i.e., your organization) and your survey answers is deleted, ensuring that your answers can no longer be traced back to the organization.

Your data is subject to the General Data Protection Regulation (GDPR). The legal basis for processing your personal data is your explicit consent. It will solely be processed for the purposes of this study and not used for future purposes without your consent.

In accordance with the GDPR, you have the right to information, rectification, erasure, restriction of processing, data portability, and withdrawal. Please note that your right to information, rectification, and restriction of processing may be limited if fulfilling these rights would make it impossible or seriously impair the research objectives, in accordance with Article 89(2) GDPR.

We are required to retain your personal data for the duration required by applicable laws and regulations, after which it will be securely deleted. Access to your data is strictly restricted to the research team and will not be shared with third parties or transferred outside the European Union. We will use encryption and strict access controls to ensure its safety. If you wish to exercise your rights, please contact the data controller.

Data Controller

Philipp Beer
Favoritenstraße 9-11, HA 01 09
1040 Vienna, Austria

Data Protection Officer

Christina Thirsfeld
Karlsplatz 10/018
1040 Vienna, Austria

Withdrawal of Consent

If you withdraw your consent to participate in this study or request the erasure of data (i.e., your survey answers) before we process your survey answers and aggregate them, we will delete them, and they will not be included in any publications.

If you withdraw after your data has been processed and anonymized, we, unfortunately, cannot remove your survey answers, as it is impossible to identify and remove individual responses at that stage.

Further Project Information

This study is funded by the Wiener Wissenschafts-, Forschungs- und Technologiefonds (WWTF). Findings will be published in academic conferences or journals, with all participating data remaining anonymous.

Contact Information

If you have any questions or concerns before, during, or after the survey, please do not hesitate to get in touch with the research team:

Philipp Beer
Favoritenstraße 9-11, HA 01 09
1040 Vienna, Austria
Email: webview-security@secpriv.tuwien.ac.at
Phone: +43 1 58801 192610

Thank you for considering participating in our survey!

For research purposes, and in our legitimate interest, we are recording your IP address, your token, as well as if and when you have visited key pages on this website. This allows us to measure the effectiveness of our outreach efforts. You can find more information in our Privacy Policy.