The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app's data collection practices wrt. user interaction data. We selected the top 100 apps from popular categories on Google Play and used automatic static analysis to extract collection evidence from their data collection implementations. Our analysis found that a significant majority of these apps actively collected interaction data from UI types such as View (89%), Button (76%), and Textfield (63%), highlighting the pervasiveness of user interaction data collection. By comparing the collection evidence to the claims derived from privacy policy analysis, we manually fact-checked the completeness and accuracy of these claims for the top 10 apps. We found that, except for one app, they all failed to declare all types of interaction data they collect and did not specify some of the collection techniques used.

翻译：移动应用的兴起为用户带来了极大的便利和丰富的选择。然而，许多应用使用分析服务来收集广泛的用户交互数据，而隐私政策往往未能揭示所收集的交互数据类型或数据收集实践的规模。这种透明度不足可能违反数据保护法律，同时也削弱了用户信任。我们对安卓应用排名前20的分析库进行了分析，以识别用户交互数据收集的常见实践，并利用这些信息开发了一个标准化收集声明模板，用于总结应用在用户交互数据方面的数据收集实践。我们从Google Play热门类别中选取了排名前100的应用，采用自动静态分析从数据收集实现中提取收集证据。我们的分析发现，绝大多数应用积极收集来自UI类型如View（89%）、Button（76%）和Textfield（63%）的交互数据，凸显了用户交互数据收集的普遍性。通过将收集证据与隐私政策分析得出的声明进行对比，我们对排名前10的应用手动核查了这些声明的完整性和准确性。结果发现，除了一款应用外，其他所有应用都未能声明其收集的所有交互数据类型，且未说明所使用的某些收集技术。