The General Data Protection Regulation (GDPR) is the benchmark in the European Union (EU) for privacy and data protection standards. Substantial research has been conducted in the requirements engineering (RE) literature investigating the elicitation, representation, and verification of privacy requirements in GDPR. Software systems including mobile apps must comply with the GDPR. With the growing pervasiveness of mobile apps and their increasing demand for personal data, privacy concerns have acquired further interest within the software engineering (SE) community at large. Despite the extensive literature on GDPR-relevant privacy concerns in mobile apps, there is no secondary study that describes, analyzes, and categorizes the current focus. Research gaps and persistent challenges are thus left unnoticed. In this article, we aim to systematically review existing primary studies highlighting various GDPR concepts and how these concepts are addressed in mobile apps research. The objective is to reconcile the existing work on GDPR in the RE literature with the research on GDPR-related privacy concepts in mobile apps in the SE literature. Our findings show that the current research landscape reflects a rather shallow understanding of GDPR requirements. Some GDPR concepts such as data subject rights (i.e., the rights of individuals over their personal data) are fundamental to GDPR, yet under-explored in the literature. In this article, we highlight future directions to be pursued by the SE community for supporting the development of GDPR-compliant mobile apps.

翻译：《通用数据保护条例》（GDPR）是欧盟隐私与数据保护标准的基准规范。在需求工程（RE）研究领域，已有大量文献探讨GDPR中隐私需求的获取、表示与验证方法。包括移动应用在内的软件系统必须符合GDPR规定。随着移动应用的日益普及及其对个人数据需求的持续增长，隐私问题在软件工程（SE）学界引起了更广泛的关注。尽管现有文献对移动应用中GDPR相关隐私问题进行了大量探讨，但尚未出现系统描述、分析并归类当前研究焦点的二次研究，导致研究空白与持续挑战未被充分揭示。本文旨在系统综述现有基础研究，重点梳理各类GDPR概念及其在移动应用研究中的实践路径。研究目标在于整合需求工程文献中关于GDPR的研究成果与软件工程文献中关于GDPR隐私概念在移动应用领域的探索。研究发现表明，当前研究格局反映出对GDPR要求的理解仍较为浅表。某些GDPR核心概念（如数据主体权利——即个人对其个人数据的控制权）在现有文献中尚未得到充分探索。本文进一步提出了软件工程学界未来应关注的研究方向，以支持开发符合GDPR规范的移动应用。