Saved in:
Bibliographic Details
Main Authors: Tang, Feiyang, Østvold, Bjarte M.
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2306.11447
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917566923931648
author Tang, Feiyang
Østvold, Bjarte M.
author_facet Tang, Feiyang
Østvold, Bjarte M.
contents The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app's data collection practices wrt. user interaction data. We selected the top 100 apps from popular categories on Google Play and used automatic static analysis to extract collection evidence from their data collection implementations. Our analysis found that a significant majority of these apps actively collected interaction data from UI types such as View (89%), Button (76%), and Textfield (63%), highlighting the pervasiveness of user interaction data collection. By comparing the collection evidence to the claims derived from privacy policy analysis, we manually fact-checked the completeness and accuracy of these claims for the top 10 apps. We found that, except for one app, they all failed to declare all types of interaction data they collect and did not specify some of the collection techniques used.
format Preprint
id arxiv_https___arxiv_org_abs_2306_11447
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Transparency in App Analytics: Analyzing the Collection of User Interaction Data
Tang, Feiyang
Østvold, Bjarte M.
Software Engineering
Cryptography and Security
The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app's data collection practices wrt. user interaction data. We selected the top 100 apps from popular categories on Google Play and used automatic static analysis to extract collection evidence from their data collection implementations. Our analysis found that a significant majority of these apps actively collected interaction data from UI types such as View (89%), Button (76%), and Textfield (63%), highlighting the pervasiveness of user interaction data collection. By comparing the collection evidence to the claims derived from privacy policy analysis, we manually fact-checked the completeness and accuracy of these claims for the top 10 apps. We found that, except for one app, they all failed to declare all types of interaction data they collect and did not specify some of the collection techniques used.
title Transparency in App Analytics: Analyzing the Collection of User Interaction Data
topic Software Engineering
Cryptography and Security
url https://arxiv.org/abs/2306.11447