Identifying privacy data flows and verifying regulatory compliance in Android applications remains challenging due to complex inter-component communication and insufficient tool support. Method: This paper introduces SliceViz—the first lightweight privacy compliance analysis tool integrating static program slicing with interactive visualization. It performs precise static slicing on Android bytecode and combines pattern matching of privacy-sensitive APIs to automatically identify sensitive data sources (e.g., location, contacts) and trace their cross-component propagation paths. End-to-end data flows are rendered via D3.js for explainable, interactive visualization. Contribution/Results: SliceViz is the first to deeply integrate static slicing into an interactive compliance analysis framework, significantly improving developers’ understanding and verification efficiency under regulations such as GDPR. A user study with 12 participants demonstrated a 42% increase in privacy data flow identification accuracy and a 38% improvement in analysis efficiency, validating the feasibility and practicality of static slicing for automated privacy auditing.

Android applications collecting data from users must protect it according to the current legal frameworks. Such data protection has become even more important since in 2018 the European Union rolled out the General Data Protection Regulation (GDPR). Since app developers are not legal experts, they find it difficult to integrate privacy-aware practices into source code development. Despite these legal obligations, developers have limited tool support to reason about data protection throughout their app development process. This paper explores the use of static program slicing and software visualization to analyze privacy-relevant data flows in Android apps. We introduce SliceViz, a web tool that analyzes an Android app by slicing all privacy-relevant data sources detected in the source code on the back-end. It then helps developers by visualizing these privacy-relevant program slices. We conducted a user study with 12 participants demonstrating that SliceViz effectively aids developers in identifying privacy-relevant properties in Android apps. Our findings indicate that program slicing can be employed to identify and reason about privacy-relevant data flows in Android applications. With further usability improvements, developers can be better equipped to handle privacy-sensitive information.