Assessor View: Introducing Tool Support for Android Privacy Assessments

Assessor View: Introducing Tool Support for Android Privacy Assessments | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Assessor View: Introducing Tool Support for Android Privacy Assessments Mugdha Khedkar, Michael Schlichtig, Nihad Atakishiyev, Eric Bodden This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6323701/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 27 Feb, 2026 Read the published version in Automated Software Engineering → Version 1 posted 11 You are reading this latest preprint version Abstract Android apps collecting data from users must comply with legal frameworks toensure data protection. This requirement has become even more important since the implementation of the General Data Protection Regulation (GDPR) by the European Union in 2018. Moreover, with the proposed Cyber Resilience Act on the horizon, stakeholders will soon need to assess software against even more stringent security and privacy standards. Effective privacy assessments require collaboration among groups with diverse expertise to function effectively as acohesive unit. This paper addresses the need for an automated approach to improve the understanding of data protection in Android apps and enhance communication between the various parties involved in privacy assessments. We present Assessor View, a tool designed to bridge knowledge gaps and support more effective privacy assessments of Android applications. We conducted a user study with five legal and privacy experts. In the interview part of this study, we identified key challenges in conducting privacy assessments, including knowledge gaps, poor communication between legal and technical experts, the absence of automated privacy tools, and the delayed involvement of privacy professionals. The user study results indicate that the GDPR warnings and guidance provided by Assessor View are valuable to DPOs and privacy experts, and its design is particularly well suited for these stakeholders. Our findings indicate that Assessor View represents a significant step toward improving communication between legal and technical experts and automating privacy assessments. static analysis data collection data protection privacy-aware reporting Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 27 Feb, 2026 Read the published version in Automated Software Engineering → Version 1 posted Editorial decision: Revision requested 08 Nov, 2025 Reviews received at journal 08 Nov, 2025 Reviews received at journal 08 Nov, 2025 Reviews received at journal 06 Nov, 2025 Reviewers agreed at journal 01 Nov, 2025 Reviewers agreed at journal 01 Nov, 2025 Reviewers agreed at journal 01 Nov, 2025 Reviewers invited by journal 31 Oct, 2025 Editor assigned by journal 29 Mar, 2025 Submission checks completed at journal 29 Mar, 2025 First submitted to journal 27 Mar, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6323701","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":435795365,"identity":"19ecc6f1-fe10-460a-8daf-275b21f43278","order_by":0,"name":"Mugdha Khedkar","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABM0lEQVRIie3RMUvDQBgG4E8Kd8sF15TUnyBcOUgoDfktDYFkKSgEMrkVMkXn/oxAByk4nASSpaS4BTKYLp0yOBUFtV6lBTVBcRO8F447XniG+z4AGZk/Gk0cSgGYuE2Azq5DooL94wfi/p4k++4bcjr17srzC2AGnszo083SvsaAqsfAPDPw5bqCwPxK9GLsD6cp6IMo9e1oXdrzCeB+lLuDeZQZFHK3hbgaQWDSYsw44aUdJ8cbVQkTSgsXqUdh0k5eBbmv2e0zzwUB1H0JtweybRIv1ZQQdFoQ5hDO34lo+IHwBlnUnaFypTK6cH3W4w4TBLNe7lDxO6SOcqdBMm9Vko3Zj7Nk1q25dRIvOVrVgUUNHCL1IbCaWyG7+aufqg+7GDUBAK4aVfvGZWRkZP5t3gAACG3r3WHUhwAAAABJRU5ErkJggg==","orcid":"","institution":"Heinz Nixdorf Institute, Paderborn University","correspondingAuthor":true,"prefix":"","firstName":"Mugdha","middleName":"","lastName":"Khedkar","suffix":""},{"id":435795369,"identity":"375fc22d-44a9-47a3-a899-0f77274c29eb","order_by":1,"name":"Michael Schlichtig","email":"","orcid":"","institution":"Heinz Nixdorf Institute, Paderborn University","correspondingAuthor":false,"prefix":"","firstName":"Michael","middleName":"","lastName":"Schlichtig","suffix":""},{"id":435795371,"identity":"81dc5a5e-2795-4e53-81d2-1ea6f52a05bf","order_by":2,"name":"Nihad Atakishiyev","email":"","orcid":"","institution":"Paderborn University","correspondingAuthor":false,"prefix":"","firstName":"Nihad","middleName":"","lastName":"Atakishiyev","suffix":""},{"id":435795373,"identity":"6438428d-d638-4301-b125-fb86109a8b46","order_by":3,"name":"Eric Bodden","email":"","orcid":"","institution":"Heinz Nixdorf Institute, Paderborn University","correspondingAuthor":false,"prefix":"","firstName":"Eric","middleName":"","lastName":"Bodden","suffix":""}],"badges":[],"createdAt":"2025-03-28 00:38:08","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-6323701/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6323701/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1007/s10515-026-00601-4","type":"published","date":"2026-02-27T15:59:00+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":103765673,"identity":"613b1640-9c40-43c1-b3bd-edfc1419861e","added_by":"auto","created_at":"2026-03-02 16:07:07","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1284231,"visible":true,"origin":"","legend":"","description":"","filename":"ASEJournalAssessorView.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6323701/v1_covered_be9a7be1-d46c-4877-89be-4ddea241bf8c.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Assessor View: Introducing Tool Support for Android Privacy Assessments","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"automated-software-engineering","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ause","sideBox":"Learn more about [Automated Software Engineering](http://link.springer.com/journal/10515)","snPcode":"10515","submissionUrl":"https://submission.nature.com/new-submission/10515/3","title":"Automated Software Engineering","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"static analysis, data collection, data protection, privacy-aware reporting","lastPublishedDoi":"10.21203/rs.3.rs-6323701/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6323701/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Android apps collecting data from users must comply with legal frameworks toensure data protection. This requirement has become even more important since the implementation of the General Data Protection Regulation (GDPR) by the European Union in 2018. Moreover, with the proposed Cyber Resilience Act on the horizon, stakeholders will soon need to assess software against even more stringent security and privacy standards. Effective privacy assessments require collaboration among groups with diverse expertise to function effectively as acohesive unit.\n\nThis paper addresses the need for an automated approach to improve the understanding of data protection in Android apps and enhance communication between the various parties involved in privacy assessments. We present Assessor View, a tool designed to bridge knowledge gaps and support more effective privacy assessments of Android applications. \n\nWe conducted a user study with five legal and privacy experts. In the interview part of this study, we identified key challenges in conducting privacy assessments, including knowledge gaps, poor communication between legal and technical experts, the absence of automated privacy tools, and the delayed involvement of privacy professionals. The user study results indicate that the GDPR warnings and guidance provided by Assessor View are valuable to DPOs and privacy experts, and its design is particularly well suited for these stakeholders.\n\nOur findings indicate that Assessor View represents a significant step toward improving communication between legal and technical experts and automating privacy assessments.","manuscriptTitle":"Assessor View: Introducing Tool Support for Android Privacy Assessments","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-04-23 04:47:49","doi":"10.21203/rs.3.rs-6323701/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2025-11-08T11:13:37+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-11-08T07:49:09+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-11-08T06:14:19+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-11-07T04:55:01+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"313677468431783792905620364966672638704","date":"2025-11-01T15:21:03+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"292949485955852154663612403693504253127","date":"2025-11-01T11:38:25+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"21080321133239290196765949807033516435","date":"2025-11-01T06:13:46+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2025-11-01T03:25:46+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2025-03-29T20:30:25+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2025-03-29T17:44:23+00:00","index":"","fulltext":""},{"type":"submitted","content":"Automated Software Engineering","date":"2025-03-28T00:26:08+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"automated-software-engineering","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ause","sideBox":"Learn more about [Automated Software Engineering](http://link.springer.com/journal/10515)","snPcode":"10515","submissionUrl":"https://submission.nature.com/new-submission/10515/3","title":"Automated Software Engineering","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"148ebb2d-25ee-40b6-b5ce-c132390a1022","owner":[],"postedDate":"April 23rd, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2026-03-02T16:03:48+00:00","versionOfRecord":{"articleIdentity":"rs-6323701","link":"https://doi.org/10.1007/s10515-026-00601-4","journal":{"identity":"automated-software-engineering","isVorOnly":false,"title":"Automated Software Engineering"},"publishedOn":"2026-02-27 15:59:00","publishedOnDateReadable":"February 27th, 2026"},"versionCreatedAt":"2025-04-23 04:47:49","video":"","vorDoi":"10.1007/s10515-026-00601-4","vorDoiUrl":"https://doi.org/10.1007/s10515-026-00601-4","workflowStages":[]},"version":"v1","identity":"rs-6323701","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6323701","identity":"rs-6323701","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}