Abstract

Under the General Data Protection Regulation (GDPR), mobile app developers are required to inform users of necessary information at the time when user data is collected (called users' "Right-to-be-Informed"). This is typically done by app developers via providing runtime privacy notices (RPNs for short). However, given the heterogeneous privacy data types and data access patterns in modern apps, it is not clear to what extent apps (app developers) effectively fulfill this compliance requirement in practice.