The rise of mobile apps has brought greater convenience and customization for users. However, many apps use analytics services to collect a wide range of user interaction data purportedly to improve their service, while presenting app users with vague or incomplete information about this collection in their privacy policies. Typically, such policies neglect to describe all types of user interaction data or how the data is collected. User interaction data is not directly regulated by privacy legislation such as the GDPR. However, the extent and hidden nature of its collection means both that apps are walking a legal tightrope and that users' trust is at risk. To facilitate transparency and comparison, and based on common phrases used in published privacy policies and Android documentation, we make a standardized collection claim template. Based on static analysis of actual data collection implementations, we compare the privacy policy claims of the top 10 apps to fact-checked collection claims. Our findings reveal that all the claims made by these apps are incomplete. By providing a standardized way of describing user interaction data collection in mobile apps and comparing actual collection practices to privacy policies, this work aims to increase transparency and establish trust between app developers and users.

翻译：移动应用的兴起为用户带来了更大的便利性和个性化体验。然而，许多应用利用分析服务收集广泛的用户交互数据，声称是为了改进其服务，同时在隐私政策中向用户提供关于这些收集的模糊或不完整信息。通常，此类政策未能描述所有类型的用户交互数据或数据的收集方式。用户交互数据并未直接受GDPR等隐私立法的监管。然而，其收集的广泛性和隐蔽性意味着应用正在法律边缘行走，且用户信任面临风险。为了促进透明度和比较，基于已发布的隐私政策和Android文档中常用的短语，我们制定了一个标准化的收集声明模板。基于对实际数据收集实现的静态分析，我们将排名前10的应用的隐私政策声明与事实核查的收集声明进行了比较。我们的研究结果显示，这些应用的所有声明都不完整。通过提供在移动应用中描述用户交互数据收集的标准化方式，并将实际收集实践与隐私政策进行比较，本研究旨在提高透明度并建立应用开发者与用户之间的信任。