Measuring Compliance Implications of Third-party Libraries' Privacy Label Disclosure Guidelines

Privacy label disclosure guideline, which specifies the data usage practices of third-party libraries (TPL), is a valuable resource for iOS app developers to accurately complete their iOS privacy labels. This is particularly important given the mandatory requirement for all apps on the App Store to disclose their data practices via privacy labels. However, it is essential to ensure the accuracy and compliance of these guidelines to ensure that accurate TPL data usage has been provided to app developers. Despite the significance of these guidelines, there is little understanding of how accurate and compliant they are in reflecting the actual data practices of third-party libraries used in iOS apps. To address this issue, our study implements a tool called Colaine to automatically check the compliance of privacy label disclosure guidelines, taking into account the configurable data practices in TPLs. Colaine analyzed 107 TPLs associated with 1,605 different configurations, shedding light on the prevalence and seriousness of privacy label disclosure guideline non-compliance issues.