Apple and Google introduced their versions of privacy nutrition labels to the mobile app stores to better inform users of the apps' data practices. However, these labels are self-reported by developers and have been found to contain many inaccuracies due to misunderstandings of the label taxonomy. In this work, we present Matcha, an IDE plugin that uses automated code analysis to help developers create accurate Google Play data safety labels. Developers can benefit from Matcha's ability to detect user data accesses and transmissions while staying in control of the generated label by adding custom Java annotations and modifying an auto-generated XML specification. Our evaluation with 12 developers showed that Matcha helped our participants improved the accuracy of a label they created with Google's official tool for a real-world app they developed. We found that participants preferred Matcha for its accuracy benefits. Drawing on Matcha, we discuss general design recommendations for developer tools used to create accurate standardized privacy notices.

翻译：苹果和谷歌在其移动应用商店中引入了各自版本的隐私营养标签，以便更好地告知用户应用的数据实践。然而，这些标签由开发者自行报告，由于对标签分类体系的理解偏差，已被发现存在大量不准确之处。本研究提出Matcha，一款利用自动化代码分析帮助开发者创建准确的Google Play数据安全标签的IDE插件。开发者可通过添加自定义Java注解并修改自动生成的XML规范，在保持对生成标签控制的同时，受益于Matcha检测用户数据访问和传输的能力。我们与12名开发者的评估表明，Matcha帮助参与者提升了他们使用谷歌官方工具为其开发的实际应用所创建标签的准确性。我们发现参与者更偏好Matcha因其准确性优势。基于Matcha，我们讨论了用于创建准确标准化隐私通知的开发者工具通用设计建议。