Helping Mobile App Developers Create Accurate Privacy Labels

This talk is based on research conducted in collaboration with Yuanyuan Feng, Kayla Reiman, Zhi Lin, and Norman Sadeh.

Apple and Google recently began requiring developers to disclose their data collection and use practices to generate a “privacy label” for their applications. The use of mobile application Software Development Kits (SDKs) and third-party libraries, coupled with a typical lack of expertise in privacy, makes it challenging for developers to accurately report their data collection and use practices. In this presentation we discuss the design and evaluation of a tool to help iOS developers generate privacy labels. The tool combines static code analysis to identify likely data collection and use practices with interactive functionality designed to prompt developers to elucidate analysis results and carefully reflect on their applications' data practices. We conducted semi-structured interviews with iOS developers as they used an initial version of the tool. We discuss how these results motivated us to develop an enhanced software tool, Privacy Label Wiz, that more closely resembles interactions developers reported to be most useful in our semi-structured interviews. We present findings from our interviews and the enhanced tool motivated by our study. We also outline future directions for software tools to better assist developers communicating their mobile application’s data practices.