Data Safety vs. App Privacy: Comparing the Usability of Android and iOS Privacy Labels

Authors: Yanzi Lin (Wellesley College), Jaideep Juneja (Carnegie Mellon University), Eleanor Birrell (Pomona College), Lorrie Faith Cranor (Carnegie Mellon University)

Volume: 2024
Issue: 2
Pages: 182–210
DOI: https://doi.org/10.56553/popets-2024-0047

Download PDF

Abstract: Privacy labels---standardized, compact representations of data collection and data use practices---are often presented as a solution to the shortcomings of privacy policies. Apple introduced mandatory privacy labels for apps in its App Store in December 2020; Google introduced mandatory labels for Android apps in July 2022. iOS app privacy labels have been evaluated and critiqued in prior work. In this work, we evaluated Android Data Safety Labels and explored how differences between the two label designs impact user comprehension and label utility. We conducted a between-subjects, semi-structured interview study with 12 Android users and 12 iOS users. While some users found Android Data Safety Labels informative and helpful, other users found them too vague. Compared to iOS App Privacy Labels, Android users found the distinction between data collection groups more intuitive and found explicit inclusion of omitted data collection groups more salient. However, some users expressed skepticism regarding elided information about collected data type categories. Most users missed critical information due to not expanding the accordion interface, and they were surprised by collection practices excluded from Android's definitions. Our findings also revealed that Android users generally appreciated information about security practices included in the labels, and iOS users wanted that information added.

Keywords: Usable Privacy and Security, Privacy Nutrition Label, Mobile App Privacy, Usability, Interview Study

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.