The Google Play marketplace has introduced the Data Safety section to improve transparency regarding how mobile applications (apps) collect, share, and protect user data. This mechanism requires developers to disclose privacy and security-related practices. However, the reliability of these disclosures remains dependent on developer self-reporting, raising concerns about their accuracy. This study investigates the consistency between developer-reported Data Safety disclosures and observable privacy indicators extracted from Android Application Packages (APKs). An empirical analysis was conducted on a dataset of 41 mobile gaming apps. A static analysis approach was used to extract key privacy indicators from APK files, including device IDs, data sharing, personal information access, and location access. These indicators were systematically compared with the corresponding disclosures reported in the Google Play Data Safety labels using a structured consistency evaluation framework. The results revealed varying levels of agreement across privacy categories. Device ID disclosures demonstrated relatively high consistency (87.8%), whereas other indicators exhibited substantial mismatches. Location-related disclosures showed the highest inconsistency rate (56.1%), followed by personal information and data sharing. Comparative analysis between children-oriented and general-audience apps revealed similar mismatch patterns. Also, Chi-square statistical tests indicate that these differences are not statistically significant, suggesting that disclosure inconsistencies are not associated with app category but instead reflect broader ecosystem-level challenges. These findings highlight limitations in the reliability of current marketplace transparency mechanisms and emphasize the need for improved validation and verification approaches to ensure accurate privacy reporting in mobile app ecosystems.

翻译：摘要：Google Play市场引入“数据安全”板块，旨在提升移动应用收集、共享及保护用户数据方式的透明度。该机制要求开发者主动披露隐私与安全相关实践，然而其可靠性仍依赖于开发者的自主申报，这引发了对其准确性的担忧。本研究探讨了开发者申报的数据安全披露信息与从Android应用程序包（APK）中提取的可观察隐私指标之间的一致性。我们基于41款移动游戏应用的数据集开展实证分析，采用静态分析方法从APK文件中提取关键隐私指标，包括设备标识符、数据共享、个人信息访问及位置信息访问。通过结构化一致性评估框架，将这些指标与Google Play数据安全标签中披露的对应信息进行系统比较。结果显示，不同隐私类别的一致性水平存在差异：设备标识符披露的一致性相对较高（87.8%），而其他指标呈现显著偏差。位置相关披露的不一致率最高（56.1%），其次为个人信息与数据共享。面向儿童与面向普通受众的应用之间的对比分析揭示了相似的偏差模式。此外，卡方统计检验表明这些差异在统计上不显著，说明披露不一致性与应用类别无关，而是反映了更广泛的生态系统层面挑战。上述发现凸显当前市场透明度机制可靠性的局限性，并强调需改进验证与审核方法，以确保移动应用生态中隐私报告的准确性。