The Google Play marketplace has introduced the Data Safety section to improve transparency regarding how mobile applications (apps) collect, share, and protect user data. This mechanism requires developers to disclose privacy and security-related practices, including data collection, data sharing, and data protection measures. However, the reliability of these disclosures depends on developer self-reporting, raising concerns about their accuracy. This study investigates the consistency between developer-reported Data Safety disclosures and observable privacy indicators extracted from Android application packages (APKs). An empirical analysis was conducted on a dataset of 41 mobile gaming apps, including 21 children-oriented and 20 general-audience apps. A static analysis approach was used to extract key privacy indicators, including device identifiers, data sharing practices, personal information access, and location access. These indicators were systematically compared with corresponding disclosures using a structured consistency evaluation framework. The results reveal varying levels of agreement across privacy categories. Device identifier disclosures show relatively high consistency (87.8%), whereas other indicators exhibit substantial mismatches. In particular, location-related disclosures show the highest inconsistency rate (56.1%), followed by personal information and data sharing indicators. Comparative analysis shows similar mismatch patterns across app categories. Chi-square tests further indicate that these differences are not statistically significant, suggesting that inconsistencies are not associated with app category but reflect broader challenges within the analyzed mobile gaming dataset. These findings highlight limitations in current marketplace transparency mechanisms and emphasize the need for improved validation approaches to ensure accurate privacy reporting.
Bakheet Aljedaani (Thu,) studied this question.