Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Transparency in App Analytics: Analyzing the Collection of User Interaction Data

Feiyang Tang, Bjarte M. Østvold

TL;DR

The paper addresses the lack of transparency in how mobile apps collect user interaction data through analytics libraries. It introduces a standardized collection claim template and an automated static-analysis pipeline to extract collection evidence from Android apps and to compare these findings against privacy-policy disclosures. Through analysis of the top 100 Google Play apps and the top 20 analytics libraries, the study reveals pervasive collection of UI interaction data (e.g., View 89%, Button 76%, Textfield 63%) and substantial gaps between stated policies and actual practices. The work provides a practical framework for policy-to-implementation comparison, enabling developers, policymakers, and researchers to assess and improve transparency and user trust in mobile app data practices.

Abstract

The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app's data collection practices wrt. user interaction data. We selected the top 100 apps from popular categories on Google Play and used automatic static analysis to extract collection evidence from their data collection implementations. Our analysis found that a significant majority of these apps actively collected interaction data from UI types such as View (89%), Button (76%), and Textfield (63%), highlighting the pervasiveness of user interaction data collection. By comparing the collection evidence to the claims derived from privacy policy analysis, we manually fact-checked the completeness and accuracy of these claims for the top 10 apps. We found that, except for one app, they all failed to declare all types of interaction data they collect and did not specify some of the collection techniques used.

Transparency in App Analytics: Analyzing the Collection of User Interaction Data

TL;DR

The paper addresses the lack of transparency in how mobile apps collect user interaction data through analytics libraries. It introduces a standardized collection claim template and an automated static-analysis pipeline to extract collection evidence from Android apps and to compare these findings against privacy-policy disclosures. Through analysis of the top 100 Google Play apps and the top 20 analytics libraries, the study reveals pervasive collection of UI interaction data (e.g., View 89%, Button 76%, Textfield 63%) and substantial gaps between stated policies and actual practices. The work provides a practical framework for policy-to-implementation comparison, enabling developers, policymakers, and researchers to assess and improve transparency and user trust in mobile app data practices.

Abstract

The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app's data collection practices wrt. user interaction data. We selected the top 100 apps from popular categories on Google Play and used automatic static analysis to extract collection evidence from their data collection implementations. Our analysis found that a significant majority of these apps actively collected interaction data from UI types such as View (89%), Button (76%), and Textfield (63%), highlighting the pervasiveness of user interaction data collection. By comparing the collection evidence to the claims derived from privacy policy analysis, we manually fact-checked the completeness and accuracy of these claims for the top 10 apps. We found that, except for one app, they all failed to declare all types of interaction data they collect and did not specify some of the collection techniques used.
Paper Structure (22 sections, 2 figures, 4 tables)

This paper contains 22 sections, 2 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Objective
  3. Research Questions
  4. Contributions
  5. Motivation
  6. Standardizing Data Collection Claims
  7. Collection Vocabulary
  8. Terms for Types of User Interaction Data
  9. Terms for Collection Techniques
  10. From Policies to Standardized Collection Claims
  11. Identifying Relevant Policy Parts
  12. Template for Standardized Collection Claims
  13. Data Collection Evidence
  14. Identifying Data Collection Methods
  15. Extracting Collection Evidence
  16. ...and 7 more sections

Figures (2)

  • Figure 1: Overview of the approach for analyzing collection claims and evidence in apps.
  • Figure 2: Relationships between different parts of the extracted collection evidence in an Android app