Table of Contents
Fetching ...

Challenges in Android Data Disclosure: An Empirical Study

Mugdha Khedkar, Michael Schlichtig, Mohamed Soliman, Eric Bodden

TL;DR

This paper investigates Android developers' experiences with Google Play's Data Safety Section (DSS) disclosures, addressing how data are categorized, developers' confidence in completing the DSS, and the challenges encountered. Using a dual approach—an online survey of 41 developers and a qualitative analysis of 172 online discussions involving 642 developers—the study reveals widespread reliance on manual data categorization or omission, and heavy use of online resources to complete the DSS. It also shows a pronounced gap between knowledge of collected data and the ability to translate that knowledge into DSS-compliant disclosures, with major challenges centered on identifying privacy-relevant data, understanding the DSS form, and concerns about app rejections. The findings call for clearer guidelines from Google and improved developer tooling to support accurate and consistent privacy disclosures, ultimately enhancing user trust in Play Store privacy information.

Abstract

Current legal frameworks enforce that Android developers accurately report the data their apps collect. However, large codebases can make this reporting challenging. This paper employs an empirical approach to understand developers' experience with Google Play Store's Data Safety Section (DSS) form. We first survey 41 Android developers to understand how they categorize privacy-related data into DSS categories and how confident they feel when completing the DSS form. To gain a broader and more detailed view of the challenges developers encounter during the process, we complement the survey with an analysis of 172 online developer discussions, capturing the perspectives of 642 additional developers. Together, these two data sources represent insights from 683 developers. Our findings reveal that developers often manually classify the privacy-related data their apps collect into the data categories defined by Google-or, in some cases, omit classification entirely-and rely heavily on existing online resources when completing the form. Moreover, developers are generally confident in recognizing the data their apps collect, yet they lack confidence in translating this knowledge into DSS-compliant disclosures. Key challenges include issues in identifying privacy-relevant data to complete the form, limited understanding of the form, and concerns about app rejection due to discrepancies with Google's privacy requirements. These results underscore the need for clearer guidance and more accessible tooling to support developers in meeting privacy-aware reporting obligations.

Challenges in Android Data Disclosure: An Empirical Study

TL;DR

This paper investigates Android developers' experiences with Google Play's Data Safety Section (DSS) disclosures, addressing how data are categorized, developers' confidence in completing the DSS, and the challenges encountered. Using a dual approach—an online survey of 41 developers and a qualitative analysis of 172 online discussions involving 642 developers—the study reveals widespread reliance on manual data categorization or omission, and heavy use of online resources to complete the DSS. It also shows a pronounced gap between knowledge of collected data and the ability to translate that knowledge into DSS-compliant disclosures, with major challenges centered on identifying privacy-relevant data, understanding the DSS form, and concerns about app rejections. The findings call for clearer guidelines from Google and improved developer tooling to support accurate and consistent privacy disclosures, ultimately enhancing user trust in Play Store privacy information.

Abstract

Current legal frameworks enforce that Android developers accurately report the data their apps collect. However, large codebases can make this reporting challenging. This paper employs an empirical approach to understand developers' experience with Google Play Store's Data Safety Section (DSS) form. We first survey 41 Android developers to understand how they categorize privacy-related data into DSS categories and how confident they feel when completing the DSS form. To gain a broader and more detailed view of the challenges developers encounter during the process, we complement the survey with an analysis of 172 online developer discussions, capturing the perspectives of 642 additional developers. Together, these two data sources represent insights from 683 developers. Our findings reveal that developers often manually classify the privacy-related data their apps collect into the data categories defined by Google-or, in some cases, omit classification entirely-and rely heavily on existing online resources when completing the form. Moreover, developers are generally confident in recognizing the data their apps collect, yet they lack confidence in translating this knowledge into DSS-compliant disclosures. Key challenges include issues in identifying privacy-relevant data to complete the form, limited understanding of the form, and concerns about app rejection due to discrepancies with Google's privacy requirements. These results underscore the need for clearer guidance and more accessible tooling to support developers in meeting privacy-aware reporting obligations.
Paper Structure (18 sections, 6 figures, 5 tables)

This paper contains 18 sections, 6 figures, 5 tables.

Figures (6)

  • Figure 1: Data Safety Section of Signal signal. ① Data sharing. ② Data collection. ③ Security practices (encryption and data deletion).
  • Figure 2: Data collected part of the DSS of Signal signal. 1. Data category. 2. Data type. 3. Purpose.
  • Figure 3: Our study design.
  • Figure 4: Methods and resources participants use to categorize privacy-related data collected by their app into the DSS data categories (RQ1).
  • Figure 5: Survey participants' responses to the questions about confidence levels for different processes (RQ2).
  • ...and 1 more figures