Papers
Topics
Authors
Recent
Search
2000 character limit reached

Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety Section

Published 13 Jun 2023 in cs.CY and cs.HC | (2306.08111v1)

Abstract: Google has mandated developers to use Data Safety Sections (DSS) to increase transparency in data collection and sharing practices. In this paper, we present a comprehensive analysis of Google's Data Safety Section (DSS) using both quantitative and qualitative methods. We conduct the first large-scale measurement study of DSS using apps from Android Play store (n=1.1M). We find that there are internal inconsistencies within the reported practices. We also find trends of both over and under-reporting practices in the DSSs. Next, we conduct a longitudinal study of DSS to explore how the reported practices evolve over time, and find that the developers are still adjusting their practices. To contextualize these findings, we conduct a developer study, uncovering the process that app developers undergo when working with DSS. We highlight the challenges faced and strategies employed by developers for DSS submission, and the factors contributing to changes in the DSS. Our research contributes valuable insights into the complexities of implementing and maintaining privacy labels, underlining the need for better resources, tools, and guidelines to aid developers. This understanding is crucial as the accuracy and reliability of privacy labels directly impact their effectiveness.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (34)
  1. K. Allix, T. F. Bissyandé, J. Klein, and Y. Le Traon, “Androzoo: Collecting millions of android apps for the research community,” in Proceedings of the 13th International Conference on Mining Software Repositories, ser. MSR ’16.   New York, NY, USA: ACM, 2016, pp. 468–471. [Online]. Available: http://doi.acm.org/10.1145/2901739.2903508
  2. D. G. Balash, M. M. Ali, X. Wu, C. Kanich, and A. J. Aviv, “Longitudinal analysis of privacy labels in the apple app store,” arXiv preprint arXiv:2206.02658, 2022.
  3. R. Balebako, A. Marsh, J. Lin, J. I. Hong, and L. F. Cranor, “The privacy and security behaviors of smartphone app developers,” Citeseer, 2014.
  4. R. Balebako, F. Schaub, I. Adjerid, A. Acquisti, and L. Cranor, “The impact of timing on the salience of smartphone app privacy notices,” in Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, 2015, pp. 63–74.
  5. N. Castelly and F. Hurley, “Introducing Checks: simplifying privacy for app developers - Google: The Keyword,” https://blog.google/technology/area-120/checks/, Feb 2022, date accessed: 2023-06-01.
  6. F. H. Cate, “The limits of notice and choice,” IEEE Security & Privacy, vol. 8, no. 2, pp. 59–62, 2010.
  7. L. F. Cranor, “Necessary but not sufficient: Standardized mechanisms for privacy notice and choice,” J. on Telecomm. & High Tech. L., vol. 10, p. 273, 2012.
  8. ——, “Mobile-app privacy nutrition labels missing key ingredients for success,” Communications of the ACM, vol. 65, no. 11, pp. 26–28, 2022.
  9. P. Emami-Naeini, Y. Agarwal, L. F. Cranor, and H. Hibshi, “Ask the experts: What should be on an iot privacy and security label?” in 2020 IEEE Symposium on Security and Privacy (SP).   IEEE, 2020, pp. 447–464.
  10. P. Emami-Naeini, J. Dheenadhayalan, Y. Agarwal, and L. F. Cranor, “Which privacy and security attributes most impact consumers’ risk perception and willingness to purchase iot devices?” in 2021 IEEE Symposium on Security and Privacy (SP).   IEEE, 2021, pp. 519–536.
  11. G. Fox, C. Tonge, T. Lynn, and J. Mooney, “Communicating compliance: developing a GDPR privacy label,” in 24th Americas Conference on Information Systems, 2018.
  12. J. Gardner, Y. Feng, K. Reiman, Z. Lin, A. Jain, and N. Sadeh, “Helping mobile application developers create accurate privacy labels,” in 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).   IEEE, 2022, pp. 212–230.
  13. J. Gluck, F. Schaub, A. Friedman, H. Habib, N. Sadeh, L. F. Cranor, and Y. Agarwal, “How short is too short? implications of length and framing on the effectiveness of privacy notices,” in Twelfth symposium on usable privacy and security (SOUPS 2016), 2016, pp. 321–340.
  14. G. P. Help, “Understand app privacy & security practices with Google Play’s Data safety section,” https://support.google.com/googleplay/answer/11416267?sjid=17006176392115416702-NA, 2022, date accessed: 2023-06-01.
  15. G. P. C. Help, “Make informed choices with Google Play SDK Index,” https://support.google.com/googleplay/android-developer/answer/12034434?hl=en, 2022, date accessed: 2023-06-01.
  16. G. P. C. Help, “Provide information for Google Play’s data safety section,” https://support.google.com/googleplay/android-developer/answer/10787469?hl=en, Mar 2023, date accessed: 2023-06-01.
  17. JoMingyu, “google-play-scraper: Google play scraper for python,” https://github.com/JoMingyu/google-play-scraper, 2022, date accessed: 2023-06-01.
  18. P. G. Kelley, J. Bresee, L. F. Cranor, and R. W. Reeder, “A ”nutrition label” for privacy,” in Proceedings of the 5th Symposium on Usable Privacy and Security, ser. SOUPS ’09.   New York, NY, USA: Association for Computing Machinery, 2009. [Online]. Available: https://doi.org/10.1145/1572532.1572538
  19. P. G. Kelley, L. Cesca, J. Bresee, and L. F. Cranor, “Standardizing privacy notices: An online study of the nutrition label approach,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ser. CHI ’10.   New York, NY, USA: Association for Computing Machinery, 2010, pp. 1573––1582. [Online]. Available: https://doi.org/10.1145/1753326.1753561
  20. P. G. Kelley, L. F. Cranor, and N. Sadeh, “Privacy as part of the app decision-making process,” in Proceedings of the SIGCHI conference on human factors in computing systems, 2013, pp. 3393–3402.
  21. ——, “Privacy as part of the app decision-making process,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ser. CHI ’13.   New York, NY, USA: Association for Computing Machinery, 2013, p. 3393–3402. [Online]. Available: https://doi.org/10.1145/2470654.2466466
  22. T. Li, K. Reiman, Y. Agarwal, L. F. Cranor, and J. I. Hong, “Understanding challenges for developers to create accurate privacy nutrition labels,” in CHI Conference on Human Factors in Computing Systems, 2022, pp. 1–24.
  23. Y. Li, D. Chen, T. Li, Y. Agarwal, L. F. Cranor, and J. I. Hong, “Understanding ios privacy nutrition labels: An exploratory large-scale analysis of app store data,” in CHI Conference on Human Factors in Computing Systems Extended Abstracts, 2022, pp. 1–7.
  24. J. Lin, “Understanding and capturing people’s mobile app privacy preferences,” Ph.D. dissertation, Carnegie Mellon University, 2013.
  25. Z. Ma, H. Wang, Y. Guo, and X. Chen, “Libradar: Fast and accurate detection of third-party libraries in android apps,” in 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C), 2016, pp. 653–656.
  26. A. M. McDonald, R. W. Reeder, P. G. Kelley, and L. F. Cranor, “A comparative study of online privacy policies and formats,” in International Symposium on Privacy Enhancing Technologies Symposium.   Springer, 2009, pp. 37–55.
  27. B. Saunders, J. Sim, T. Kingstone, S. Baker, J. Waterfield, B. Bartlam, H. Burroughs, and C. Jinks, “Saturation in qualitative research: Exploring its conceptualization and operationalization,” Quality & Quantity, vol. 52, no. 4, p. 1893–1907, Sep 2017.
  28. F. Schaub, R. Balebako, A. L. Durity, and L. F. Cranor, “A design space for effective privacy notices,” in Eleventh symposium on usable privacy and security (SOUPS 2015), 2015, pp. 1–17.
  29. G. L. Scoccia, M. Autili, G. Stilo, and P. Inverardi, “An empirical study of privacy labels on the apple ios mobile app store,” in 9th IEEE/ACM International Conference on Mobile Software Engineering and Systems 2022, 2022.
  30. A. Support, “About app privacy report,” https://support.apple.com/en-us/HT212958, Jul 2022, date accessed: 2023-06-01.
  31. H. Wang, Y. Guo, Z. Ma, and X. Chen, “Wukong: A scalable and accurate two-phase approach to android app clone detection,” in Proceedings of the 2015 International Symposium on Software Testing and Analysis, 2015, pp. 71–82.
  32. G. Workspace, “About app review,” https://developers.google.com/workspace/marketplace/about-app-review#areas, May 2023, date accessed: 2023-06-01.
  33. Y. Xiao, Z. Li, Y. Qin, J. Guan, X. Bai, X. Liao, and L. Xing, “Lalaine: Measuring and characterizing non-compliance of apple privacy labels at scale,” arXiv preprint arXiv:2206.06274, 2022.
  34. S. Zhang, Y. Feng, Y. Yao, L. F. Cranor, and N. Sadeh, “How usable are ios app privacy labels?” UMBC Faculty Collection, 2022.
Citations (10)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up