Helping Mobile App Developers Create Accurate Privacy Labels

Thursday, June 23, 2022 - 4:05 pm4:30 pm

Jack Gardner and Akshath Jain, Carnegie Mellon University


This talk is based on research conducted in collaboration with Yuanyuan Feng, Kayla Reiman, Zhi Lin, and Norman Sadeh.

Apple and Google recently began requiring developers to disclose their data collection and use practices to generate a “privacy label” for their applications. The use of mobile application Software Development Kits (SDKs) and third-party libraries, coupled with a typical lack of expertise in privacy, makes it challenging for developers to accurately report their data collection and use practices. In this presentation we discuss the design and evaluation of a tool to help iOS developers generate privacy labels. The tool combines static code analysis to identify likely data collection and use practices with interactive functionality designed to prompt developers to elucidate analysis results and carefully reflect on their applications' data practices. We conducted semi-structured interviews with iOS developers as they used an initial version of the tool. We discuss how these results motivated us to develop an enhanced software tool, Privacy Label Wiz, that more closely resembles interactions developers reported to be most useful in our semi-structured interviews. We present findings from our interviews and the enhanced tool motivated by our study. We also outline future directions for software tools to better assist developers communicating their mobile application’s data practices.

Jack Gardner, Carnegie Mellon University

Jack Gardner is a Master’s student in Privacy Engineering at Carnegie Mellon University. He is studying what resources are available to mobile application developers and how software tools can support them as they work to achieve privacy compliance. Jack’s other interests include integrating privacy into the software development lifecycle and promoting user adoption of privacy enhancing technologies.

Akshath Jain, Carnegie Mellon University

Akshath Jain is currently a Master’s student at Carnegie Mellon studying Computer Science. Having recently finished his undergraduate work there as well, he’s investigating how developers and users interact with privacy policies and their associated privacy labels. He’s also researching how automation strategies can help generate privacy labels to ensure compliance with privacy regulations. In his free time, you can often find him biking and playing tennis.

@conference {280290,
author = {Jack Gardner and Akshath Jain},
title = {Helping Mobile App Developers Create Accurate Privacy Labels},
year = {2022},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun

Presentation Video