---
_id: '64823'
abstract:
- lang: eng
text: "Current legal frameworks enforce that Android developers accurately report
the data their apps collect. However, large codebases can make this reporting
challenging. This paper employs an empirical approach to understand developers'
experience with Google Play Store's Data Safety Section (DSS) form.\r\n\r\nWe
first survey 41 Android developers to understand how they categorize privacy-related
data into DSS categories and how confident they feel when completing the DSS form.
To gain a broader and more detailed view of the challenges developers encounter
during the process, we complement the survey with an analysis of 172 online developer
discussions, capturing the perspectives of 642 additional developers. Together,
these two data sources represent insights from 683 developers.\r\n\r\nOur findings
reveal that developers often manually classify the privacy-related data their
apps collect into the data categories defined by Google-or, in some cases, omit
classification entirely-and rely heavily on existing online resources when completing
the form. Moreover, developers are generally confident in recognizing the data
their apps collect, yet they lack confidence in translating this knowledge into
DSS-compliant disclosures. Key challenges include issues in identifying privacy-relevant
data to complete the form, limited understanding of the form, and concerns about
app rejection due to discrepancies with Google's privacy requirements.\r\nThese
results underscore the need for clearer guidance and more accessible tooling to
support developers in meeting privacy-aware reporting obligations. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Mohamed Aboubakr Mohamed
full_name: Soliman, Mohamed Aboubakr Mohamed
id: '102489'
last_name: Soliman
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Schlichtig M, Soliman MAM, Bodden E. Challenges in Android Data
Disclosure: An Empirical Study. In: Proceedings of the IEEE/ACM 13th International
Conference on Mobile Software Engineering and Systems (MOBILESoft ’26). Association
for Computing Machinery, New York, NY, USA, 65–68. ; 2026.'
apa: 'Khedkar, M., Schlichtig, M., Soliman, M. A. M., & Bodden, E. (2026). Challenges
in Android Data Disclosure: An Empirical Study. Proceedings of the IEEE/ACM
13th International Conference on Mobile Software Engineering and Systems (MOBILESoft
’26). Association for Computing Machinery, New York, NY, USA, 65–68. 13th
International Conference on Mobile Software Engineering and Systems 2024, Rio
de Janeiro, Brazil.'
bibtex: '@inproceedings{Khedkar_Schlichtig_Soliman_Bodden_2026, title={Challenges
in Android Data Disclosure: An Empirical Study.}, booktitle={Proceedings of the
IEEE/ACM 13th International Conference on Mobile Software Engineering and Systems
(MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA, 65–68.},
author={Khedkar, Mugdha and Schlichtig, Michael and Soliman, Mohamed Aboubakr
Mohamed and Bodden, Eric}, year={2026} }'
chicago: 'Khedkar, Mugdha, Michael Schlichtig, Mohamed Aboubakr Mohamed Soliman,
and Eric Bodden. “Challenges in Android Data Disclosure: An Empirical Study.”
In Proceedings of the IEEE/ACM 13th International Conference on Mobile Software
Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery,
New York, NY, USA, 65–68., 2026.'
ieee: 'M. Khedkar, M. Schlichtig, M. A. M. Soliman, and E. Bodden, “Challenges in
Android Data Disclosure: An Empirical Study.,” presented at the 13th International
Conference on Mobile Software Engineering and Systems 2024, Rio de Janeiro, Brazil,
2026.'
mla: 'Khedkar, Mugdha, et al. “Challenges in Android Data Disclosure: An Empirical
Study.” Proceedings of the IEEE/ACM 13th International Conference on Mobile
Software Engineering and Systems (MOBILESoft ’26). Association for Computing Machinery,
New York, NY, USA, 65–68., 2026.'
short: 'M. Khedkar, M. Schlichtig, M.A.M. Soliman, E. Bodden, in: Proceedings of
the IEEE/ACM 13th International Conference on Mobile Software Engineering and
Systems (MOBILESoft ’26). Association for Computing Machinery, New York, NY, USA,
65–68., 2026.'
conference:
end_date: 2026-04-18
location: Rio de Janeiro, Brazil
name: 13th International Conference on Mobile Software Engineering and Systems 2024
start_date: 2026-04-12
date_created: 2026-03-04T08:10:43Z
date_updated: 2026-03-13T12:10:10Z
department:
- _id: '76'
external_id:
arxiv:
- '2601.20459'
keyword:
- static analysis
- data collection
- data protection
- privacy-aware reporting
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 13th International Conference on Mobile Software
Engineering and Systems (MOBILESoft '26). Association for Computing Machinery, New
York, NY, USA, 65–68.
status: public
title: 'Challenges in Android Data Disclosure: An Empirical Study.'
type: conference
user_id: '88024'
year: '2026'
...
---
_id: '52235'
abstract:
- lang: eng
text: "Android applications collecting data from users must protect it according
to the current legal frameworks. Such data protection has become even more important
since the European Union rolled out the General Data Protection Regulation (GDPR).
Since app developers are not legal experts, they find it difficult to write privacy-aware
source code. Moreover, they have limited tool support to reason about data protection
throughout their app development process.\r\nThis paper motivates the need for
a static analysis approach to diagnose and explain data protection in Android
apps. The analysis will recognize personal data sources in the source code, and
aims to further examine the data flow originating from these sources. App developers
can then address key questions about data manipulation, derived data, and the
presence of technical measures. Despite challenges, we explore to what extent
one can realize this analysis through static taint analysis, a common method for
identifying security vulnerabilities. This is a first step towards designing a
tool-based approach that aids app developers and assessors in ensuring data protection
in Android apps, based on automated static program analysis. "
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: 'Khedkar M, Bodden E. Toward an Android Static Analysis Approach for Data Protection.
In: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
New York, NY, USA, 65–68. ; 2024. doi:10.1145/3647632.3651389'
apa: Khedkar, M., & Bodden, E. (2024). Toward an Android Static Analysis Approach
for Data Protection. Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68. 11th International Conference on Mobile
Software Engineering and Systems 2024, Lisbon, Portugal. https://doi.org/10.1145/3647632.3651389
bibtex: '@inproceedings{Khedkar_Bodden_2024, title={Toward an Android Static Analysis
Approach for Data Protection}, DOI={10.1145/3647632.3651389},
booktitle={Proceedings of the IEEE/ACM 11th International Conference on Mobile
Software Engineering and Systems (MOBILESoft ’24). Association for Computing Machinery,
New York, NY, USA, 65–68.}, author={Khedkar, Mugdha and Bodden, Eric}, year={2024}
}'
chicago: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” In Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68., 2024. https://doi.org/10.1145/3647632.3651389.
ieee: 'M. Khedkar and E. Bodden, “Toward an Android Static Analysis Approach for
Data Protection,” presented at the 11th International Conference on Mobile Software
Engineering and Systems 2024, Lisbon, Portugal, 2024, doi: 10.1145/3647632.3651389.'
mla: Khedkar, Mugdha, and Eric Bodden. “Toward an Android Static Analysis Approach
for Data Protection.” Proceedings of the IEEE/ACM 11th International Conference
on Mobile Software Engineering and Systems (MOBILESoft ’24). Association for Computing
Machinery, New York, NY, USA, 65–68., 2024, doi:10.1145/3647632.3651389.
short: 'M. Khedkar, E. Bodden, in: Proceedings of the IEEE/ACM 11th International
Conference on Mobile Software Engineering and Systems (MOBILESoft ’24). Association
for Computing Machinery, New York, NY, USA, 65–68., 2024.'
conference:
end_date: 2024-04-15
location: Lisbon, Portugal
name: 11th International Conference on Mobile Software Engineering and Systems 2024
start_date: 2024-04-14
date_created: 2024-03-03T14:37:53Z
date_updated: 2026-03-04T08:11:48Z
ddc:
- '006'
department:
- _id: '76'
doi: 10.1145/3647632.3651389
external_id:
arxiv:
- '2402.07889'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2024-03-03T14:39:08Z
date_updated: 2024-03-03T14:39:08Z
file_id: '52236'
file_name: 2402.07889v1.pdf
file_size: 530812
relation: main_file
success: 1
file_date_updated: 2024-03-03T14:39:08Z
has_accepted_license: '1'
keyword:
- static program analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: Proceedings of the IEEE/ACM 11th International Conference on Mobile Software
Engineering and Systems (MOBILESoft '24). Association for Computing Machinery, New
York, NY, USA, 65–68.
status: public
title: Toward an Android Static Analysis Approach for Data Protection
type: conference
user_id: '88024'
year: '2024'
...
---
_id: '44146'
abstract:
- lang: eng
text: "Many Android applications collect data from users. When they do, they must\r\nprotect
this collected data according to the current legal frameworks. Such\r\ndata protection
has become even more important since the European Union rolled\r\nout the General
Data Protection Regulation (GDPR). App developers have limited\r\ntool support
to reason about data protection throughout their app development\r\nprocess. Although
many Android applications state a privacy policy, privacy\r\npolicy compliance
checks are currently manual, expensive, and prone to error.\r\nOne of the major
challenges in privacy audits is the significant gap between\r\nlegal privacy statements
(in English text) and technical measures that Android\r\napps use to protect their
user's privacy. In this thesis, we will explore to\r\nwhat extent we can use static
analysis to answer important questions regarding\r\ndata protection. Our main
goal is to design a tool based approach that aids app\r\ndevelopers and auditors
in ensuring data protection in Android applications,\r\nbased on automated static
program analysis."
author:
- first_name: Mugdha
full_name: Khedkar, Mugdha
id: '88024'
last_name: Khedkar
citation:
ama: 'Khedkar M. Static Analysis for Android GDPR Compliance Assurance. In: 2023
IEEE/ACM 45th International Conference on Software Engineering: Companion Proceedings
(ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199. doi:10.1109/ICSE-Companion58688.2023.00054'
apa: 'Khedkar, M. (n.d.). Static Analysis for Android GDPR Compliance Assurance.
2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199. https://doi.org/10.1109/ICSE-Companion58688.2023.00054'
bibtex: '@inproceedings{Khedkar, title={Static Analysis for Android GDPR Compliance
Assurance}, DOI={10.1109/ICSE-Companion58688.2023.00054},
booktitle={2023 IEEE/ACM 45th International Conference on Software Engineering:
Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199},
author={Khedkar, Mugdha} }'
chicago: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
In 2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199, n.d.
https://doi.org/10.1109/ICSE-Companion58688.2023.00054.'
ieee: 'M. Khedkar, “Static Analysis for Android GDPR Compliance Assurance,” doi:
10.1109/ICSE-Companion58688.2023.00054.'
mla: 'Khedkar, Mugdha. “Static Analysis for Android GDPR Compliance Assurance.”
2023 IEEE/ACM 45th International Conference on Software Engineering: Companion
Proceedings (ICSE-Companion), Melbourne, Australia, 2023, Pp. 197-199, doi:10.1109/ICSE-Companion58688.2023.00054.'
short: 'M. Khedkar, in: 2023 IEEE/ACM 45th International Conference on Software
Engineering: Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023,
Pp. 197-199, n.d.'
date_created: 2023-04-24T12:14:17Z
date_updated: 2024-09-16T08:46:25Z
ddc:
- '004'
department:
- _id: '76'
doi: 10.1109/ICSE-Companion58688.2023.00054
external_id:
arxiv:
- '2303.09606'
file:
- access_level: closed
content_type: application/pdf
creator: khedkarm
date_created: 2023-04-24T12:15:27Z
date_updated: 2023-04-24T12:15:27Z
file_id: '44147'
file_name: 2023047614.pdf
file_size: 85313
relation: main_file
success: 1
file_date_updated: 2023-04-24T12:15:27Z
has_accepted_license: '1'
keyword:
- static analysis
- data protection and privacy
- GDPR compliance
language:
- iso: eng
publication: '2023 IEEE/ACM 45th International Conference on Software Engineering:
Companion Proceedings (ICSE-Companion), Melbourne, Australia, 2023, pp. 197-199'
publication_status: accepted
status: public
title: Static Analysis for Android GDPR Compliance Assurance
type: conference
user_id: '88024'
year: '2023'
...