**3. Application design strategies**

Applications that cause serious privacy threats were listed in **Table 1**. For each application, design strategies and guidelines are provided, so that the applications cannot harm the privacy of the user.

### **3.1 Design guidelines for smart phone apps**

It is a common practice that most of the users do not read the privacy policy and the network permissions which an app demands before installation. People ignore and will agree for all permissions the app demands which lead to serious privacy concerns. To ensure inherent privacy protection, smart phone apps must be designed with following features.


i18n applications: The word i18n represents internationalization. In the word "internationalization", the number of characters between the first and last characters i.e. i and n are 18, hence the name i18n. Applications are said to be i18n applications when they support multilingual user interface. Applications read the request headers to know the language preferences of the user. For example if the user's language preference is Spanish, then the user interface will automatically reflect the content in Spanish. Generally i18n is applied to web applications. In web applications, http protocol is used for request and responses. When a http request is made, along with the request few request headers will also be sent to the web application. One of the request header is "*accept-language*" which contains the language which the user prefers to use. These language preferences can be changed by the users through browser settings. If the web application is i18n enabled then it will read the value of the *accept-language* header and display the user interface in the language mentioned by the user. Such applications are called i18n applications.

#### **3.2 Design guidelines for e-commerce sites**

e-commerce sites use recommendations to offer value added services to the customers. Recommendations are used as part of improved service. However, there is always a possibility of information disclosure. For example, a person wanted to buy some product for personal use. He/she wanted this to be confidential and by virtue of recommendations, he/she may see a pop up or alert showing a better offer on that product which is visible to the people sitting nearby and this will lead to discrimination and personal embarrassment. Based on the type of products bought, the gender of the person can also be inferred which is an unwanted disclosure. In order to ensure privacy protection, following features need to be incorporated in the design of the e-commerce sites in line with the privacy legislations.

1.Privacy Quotient (Pμ): Recommendations are used by ecommerce firms to provide value added services and best possible offers to the customers based on their buying habits and transaction history. Recommendation systems lead to

serious privacy concern which is not addressed by any ecommerce firm and the same is illustrated here. For example a person regularly bought some product online, related to personal care and does not want to disclose this to anyone. However, since it is a regular transaction the ecommerce firm would like to recommend the same product to him by offering decent discount on the product and the same will displayed on his screen when he/she logs into their account and it is a privacy breach if someone else sees the same. It can lead to discrimination of the person in the family or profession. To address this problem, we introduce the concept of privacy quotient. For every product the ecommerce firm should provide an option where in user can opt, whether this product and purchase is to be made private or not, thereby excluding it from any form of analytics or recommendations. If 40% buyers of a product opt for transaction privacy i.e. the product purchase is not to be used for recommendations, then the product must be considered as private and for all buyers of this product, the transaction must be made private. This percentage of transactions which decide the transaction privacy is called as privacy quotient (Pμ) [11].

