Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development

Zhen Tao; Shidong Pan; Zhenchang Xing; Xiaoyu Sun; Omar Haggag; John Grundy; Jingjie Li; Liming Zhu

doi:10.56553/popets-2025-0136

Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development

Zhen Tao, Shidong Pan, Zhenchang Xing, Xiaoyu Sun, Omar Haggag, John Grundy, Jingjie Li, Liming Zhu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Privacy regulations mandate that developers must provide authentic and comprehensive privacy notices, e.g., privacy policies or labels, to inform users of their apps’ privacy practices. However, due to a lack of knowledge of privacy requirements, developers often struggle to create accurate privacy notices, especially for sophisticated mobile apps with complex features and in crowded development teams. To address these challenges, we introduce PriBOM (Privacy Bills of Materials), a systematic software engineering approach that leverages different development team roles to better capture and coordinate mobile app privacy information. PriBOM facilitates transparency-centric privacy documentation and specific privacy notice creation, enabling traceability and trackability of privacy practices. We present a pre-fill of PriBOM based on static analysis and privacy notice analysis techniques. We explore the perceived usefulness of PriBOM through a human evaluation with 150 diverse participants. The role of PriBOM in enhancing privacy-related communication is well received with 83.33% agreement, suggesting that PriBOM could serve as a significant solution for providing privacy support in DevOps for mobile apps.

Original language	English
Title of host publication	Proceedings of the 25th Privacy Enhancing Technologies Symposium
Editors	Rob Jansen, Zubair Shafiq
Publisher	Privacy Enhancing Technologies Board
Pages	392-409
Number of pages	18
DOIs	https://doi.org/10.56553/popets-2025-0136
Publication status	Published - 19 Jul 2025
Event	The 25th Privacy Enhancing Technologies Symposium - George Washington University, Washington, United States Duration: 14 Jul 2025 → 19 Jul 2025 Conference number: 25 https://petsymposium.org/cfp25.php

Publication series

Name	Proceedings on Privacy Enhancing Technologies
Publisher	Privacy Enhancing Technologies Board
Number	4
Volume	2025
ISSN (Electronic)	2299-0984

Symposium

Symposium	The 25th Privacy Enhancing Technologies Symposium
Abbreviated title	PETS 2025
Country/Territory	United States
City	Washington
Period	14/07/25 → 19/07/25
Internet address	https://petsymposium.org/cfp25.php

Keywords / Materials (for Non-textual outputs)

transparency
usable privacy
mobile applications
privacy policy
privacy paradox

Access to Document

10.56553/popets-2025-0136Licence: Creative Commons: Attribution (CC-BY)

TaoEtalPETS2025PrivacyBillsofMaterialsAccepted author manuscript, 4.52 MBLicence: Creative Commons: Attribution (CC-BY)

Cite this

Tao, Z., Pan, S., Xing, Z., Sun, X., Haggag, O., Grundy, J., Li, J., & Zhu, L. (2025). Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development. In R. Jansen, & Z. Shafiq (Eds.), Proceedings of the 25th Privacy Enhancing Technologies Symposium (pp. 392-409). (Proceedings on Privacy Enhancing Technologies; Vol. 2025, No. 4). Privacy Enhancing Technologies Board. https://doi.org/10.56553/popets-2025-0136

Tao, Zhen ; Pan, Shidong ; Xing, Zhenchang et al. / Privacy Bills of Materials (PriBOM) : A transparent privacy information inventory for collaborative privacy notice generation in mobile app development. Proceedings of the 25th Privacy Enhancing Technologies Symposium. editor / Rob Jansen ; Zubair Shafiq. Privacy Enhancing Technologies Board, 2025. pp. 392-409 (Proceedings on Privacy Enhancing Technologies; 4).

@inproceedings{3eabb151dbb540339219ba0744c1b3f5,

title = "Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development",

abstract = "Privacy regulations mandate that developers must provide authentic and comprehensive privacy notices, e.g., privacy policies or labels, to inform users of their apps{\textquoteright} privacy practices. However, due to a lack of knowledge of privacy requirements, developers often struggle to create accurate privacy notices, especially for sophisticated mobile apps with complex features and in crowded development teams. To address these challenges, we introduce PriBOM (Privacy Bills of Materials), a systematic software engineering approach that leverages different development team roles to better capture and coordinate mobile app privacy information. PriBOM facilitates transparency-centric privacy documentation and specific privacy notice creation, enabling traceability and trackability of privacy practices. We present a pre-fill of PriBOM based on static analysis and privacy notice analysis techniques. We explore the perceived usefulness of PriBOM through a human evaluation with 150 diverse participants. The role of PriBOM in enhancing privacy-related communication is well received with 83.33\% agreement, suggesting that PriBOM could serve as a significant solution for providing privacy support in DevOps for mobile apps.",

keywords = "transparency, usable privacy, mobile applications, privacy policy, privacy paradox",

author = "Zhen Tao and Shidong Pan and Zhenchang Xing and Xiaoyu Sun and Omar Haggag and John Grundy and Jingjie Li and Liming Zhu",

year = "2025",

month = jul,

day = "19",

doi = "10.56553/popets-2025-0136",

language = "English",

series = "Proceedings on Privacy Enhancing Technologies",

publisher = "Privacy Enhancing Technologies Board",

number = "4",

pages = "392--409",

editor = "Rob Jansen and Zubair Shafiq",

booktitle = "Proceedings of the 25th Privacy Enhancing Technologies Symposium",

note = "The 25th Privacy Enhancing Technologies Symposium, PETS 2025 ; Conference date: 14-07-2025 Through 19-07-2025",

url = "https://petsymposium.org/cfp25.php",

}

Tao, Z, Pan, S, Xing, Z, Sun, X, Haggag, O, Grundy, J, Li, J & Zhu, L 2025, Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development. in R Jansen & Z Shafiq (eds), Proceedings of the 25th Privacy Enhancing Technologies Symposium. Proceedings on Privacy Enhancing Technologies, no. 4, vol. 2025, Privacy Enhancing Technologies Board, pp. 392-409, The 25th Privacy Enhancing Technologies Symposium, Washington, District of Columbia, United States, 14/07/25. https://doi.org/10.56553/popets-2025-0136

Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development. / Tao, Zhen; Pan, Shidong; Xing, Zhenchang et al.
Proceedings of the 25th Privacy Enhancing Technologies Symposium. ed. / Rob Jansen; Zubair Shafiq. Privacy Enhancing Technologies Board, 2025. p. 392-409 (Proceedings on Privacy Enhancing Technologies; Vol. 2025, No. 4).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Privacy Bills of Materials (PriBOM)

T2 - The 25th Privacy Enhancing Technologies Symposium

AU - Tao, Zhen

AU - Pan, Shidong

AU - Xing, Zhenchang

AU - Sun, Xiaoyu

AU - Haggag, Omar

AU - Grundy, John

AU - Li, Jingjie

AU - Zhu, Liming

N1 - Conference code: 25

PY - 2025/7/19

Y1 - 2025/7/19

N2 - Privacy regulations mandate that developers must provide authentic and comprehensive privacy notices, e.g., privacy policies or labels, to inform users of their apps’ privacy practices. However, due to a lack of knowledge of privacy requirements, developers often struggle to create accurate privacy notices, especially for sophisticated mobile apps with complex features and in crowded development teams. To address these challenges, we introduce PriBOM (Privacy Bills of Materials), a systematic software engineering approach that leverages different development team roles to better capture and coordinate mobile app privacy information. PriBOM facilitates transparency-centric privacy documentation and specific privacy notice creation, enabling traceability and trackability of privacy practices. We present a pre-fill of PriBOM based on static analysis and privacy notice analysis techniques. We explore the perceived usefulness of PriBOM through a human evaluation with 150 diverse participants. The role of PriBOM in enhancing privacy-related communication is well received with 83.33% agreement, suggesting that PriBOM could serve as a significant solution for providing privacy support in DevOps for mobile apps.

AB - Privacy regulations mandate that developers must provide authentic and comprehensive privacy notices, e.g., privacy policies or labels, to inform users of their apps’ privacy practices. However, due to a lack of knowledge of privacy requirements, developers often struggle to create accurate privacy notices, especially for sophisticated mobile apps with complex features and in crowded development teams. To address these challenges, we introduce PriBOM (Privacy Bills of Materials), a systematic software engineering approach that leverages different development team roles to better capture and coordinate mobile app privacy information. PriBOM facilitates transparency-centric privacy documentation and specific privacy notice creation, enabling traceability and trackability of privacy practices. We present a pre-fill of PriBOM based on static analysis and privacy notice analysis techniques. We explore the perceived usefulness of PriBOM through a human evaluation with 150 diverse participants. The role of PriBOM in enhancing privacy-related communication is well received with 83.33% agreement, suggesting that PriBOM could serve as a significant solution for providing privacy support in DevOps for mobile apps.

KW - transparency

KW - usable privacy

KW - mobile applications

KW - privacy policy

KW - privacy paradox

U2 - 10.56553/popets-2025-0136

DO - 10.56553/popets-2025-0136

M3 - Conference contribution

T3 - Proceedings on Privacy Enhancing Technologies

SP - 392

EP - 409

BT - Proceedings of the 25th Privacy Enhancing Technologies Symposium

A2 - Jansen, Rob

A2 - Shafiq, Zubair

PB - Privacy Enhancing Technologies Board

Y2 - 14 July 2025 through 19 July 2025

ER -

Tao Z, Pan S, Xing Z, Sun X, Haggag O, Grundy J et al. Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development. In Jansen R, Shafiq Z, editors, Proceedings of the 25th Privacy Enhancing Technologies Symposium. Privacy Enhancing Technologies Board. 2025. p. 392-409. (Proceedings on Privacy Enhancing Technologies; 4). doi: 10.56553/popets-2025-0136

Privacy Bills of Materials (PriBOM): A transparent privacy information inventory for collaborative privacy notice generation in mobile app development

Abstract

Publication series

Symposium

Keywords / Materials (for Non-textual outputs)

Access to Document

Fingerprint

Cite this