Android数据披露的挑战：一项实证研究 (Challenges in Android Data Disclosure: An Empirical Study)

Current legal frameworks enforce that Android developers accurately report the data their apps collect. However, large codebases can make this reporting challenging. This paper employs an empirical approach to understand developers' experience with Google Play Store's Data Safety Section (DSS) form. We first survey 41 Android developers to understand how they categorize privacy-related data into DSS categories and how confident they feel when completing the DSS form. To gain a broader and more detailed view of the challenges developers encounter during the process, we complement the survey with an analysis of 172 online developer discussions, capturing the perspectives of 642 additional developers. Together, these two data sources represent insights from 683 developers. Our findings reveal that developers often manually classify the privacy-related data their apps collect into the data categories defined by Google-or, in some cases, omit classification entirely-and rely heavily on existing online resources when completing the form. Moreover, developers are generally confident in recognizing the data their apps collect, yet they lack confidence in translating this knowledge into DSS-compliant disclosures. Key challenges include issues in identifying privacy-relevant data to complete the form, limited understanding of the form, and concerns about app rejection due to discrepancies with Google's privacy requirements. These results underscore the need for clearer guidance and more accessible tooling to support developers in meeting privacy-aware reporting obligations.

翻译：现行法律框架要求Android开发者准确报告其应用收集的数据。然而，庞大的代码库使得此项报告工作充满挑战。本文采用实证方法，旨在理解开发者在填写Google Play商店数据安全版块表单时的实际体验。我们首先对41位Android开发者进行了调查，以了解他们如何将隐私相关数据归类至数据安全版块的分类中，以及他们在填写表单时的信心程度。为更全面、细致地把握开发者在填写过程中遇到的挑战，我们补充分析了172个在线开发者讨论，获取了另外642位开发者的观点。这两项数据源共同代表了683位开发者的见解。我们的研究发现，开发者通常需要手动将其应用收集的隐私相关数据归类至Google定义的数据类别中——有时甚至完全跳过分类——并且在填写表单时严重依赖现有的在线资源。此外，开发者普遍对识别其应用收集的数据有信心，但在将这些知识转化为符合数据安全版块要求的披露内容时则信心不足。主要挑战包括：识别需要填写的隐私相关数据存在困难、对表单的理解有限，以及对因与Google隐私要求不符而导致应用被拒的担忧。这些结果凸显了提供更清晰的指导与更易用的工具的必要性，以支持开发者履行注重隐私的报告义务。