Assessor View: Introducing Tool Support for Android Privacy Assessments

Android apps collecting data from users must comply with legal frameworks toensure data protection. This requirement has become even more important since the implementation of the General Data Protection Regulation (GDPR) by the European Union in 2018. Moreover, with the proposed Cyber Resilience Act on the horizon, stakeholders will soon need to assess software against even more stringent security and privacy standards. Effective privacy assessments require collaboration among groups with diverse expertise to function effectively as acohesive unit. This paper addresses the need for an automated approach to improve the understanding of data protection in Android apps and enhance communication between the various parties involved in privacy assessments. We present Assessor View, a tool designed to bridge knowledge gaps and support more effective privacy assessments of Android applications. We conducted a user study with five legal and privacy experts. In the interview part of this study, we identified key challenges in conducting privacy assessments, including knowledge gaps, poor communication between legal and technical experts, the absence of automated privacy tools, and the delayed involvement of privacy professionals. The user study results indicate that the GDPR warnings and guidance provided by Assessor View are valuable to DPOs and privacy experts, and its design is particularly well suited for these stakeholders. Our findings indicate that Assessor View represents a significant step toward improving communication between legal and technical experts and automating privacy assessments.