{"id":"https://openalex.org/W4412373376","doi":"https://doi.org/10.56553/popets-2025-0136","title":"Privacy Bills of Materials (PriBOM): A Transparent Privacy Information Inventory for Collaborative Privacy Notice Generation in Mobile App Development","display_name":"Privacy Bills of Materials (PriBOM): A Transparent Privacy Information Inventory for Collaborative Privacy Notice Generation in Mobile App Development","publication_year":2025,"publication_date":"2025-07-13","ids":{"openalex":"https://openalex.org/W4412373376","doi":"https://doi.org/10.56553/popets-2025-0136"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2025-0136","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0136","pdf_url":null,"source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.56553/popets-2025-0136","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5110494561","display_name":"Zhen Tao","orcid":"https://orcid.org/0009-0008-6479-634X"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I118347636","display_name":"Australian National University","ror":"https://ror.org/019wvm592","country_code":"AU","type":"education","lineage":["https://openalex.org/I118347636"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Zhen Tao","raw_affiliation_strings":["CSIRO's Data61 & Australian National University"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61 & Australian National University","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I118347636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101445136","display_name":"Shidong Pan","orcid":"https://orcid.org/0000-0003-4599-8292"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I118347636","display_name":"Australian National University","ror":"https://ror.org/019wvm592","country_code":"AU","type":"education","lineage":["https://openalex.org/I118347636"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Shidong Pan","raw_affiliation_strings":["CSIRO's Data61 & Australian National University"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61 & Australian National University","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I118347636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028641941","display_name":"Zhenchang Xing","orcid":"https://orcid.org/0000-0001-7663-1421"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I118347636","display_name":"Australian National University","ror":"https://ror.org/019wvm592","country_code":"AU","type":"education","lineage":["https://openalex.org/I118347636"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Zhenchang Xing","raw_affiliation_strings":["CSIRO's Data61 & Australian National University"],"affiliations":[{"raw_affiliation_string":"CSIRO's Data61 & Australian National University","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I118347636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100745402","display_name":"Xiaoyu Sun","orcid":"https://orcid.org/0009-0005-1249-142X"},"institutions":[{"id":"https://openalex.org/I118347636","display_name":"Australian National University","ror":"https://ror.org/019wvm592","country_code":"AU","type":"education","lineage":["https://openalex.org/I118347636"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Xiaoyu Sun","raw_affiliation_strings":["Australian National University"],"affiliations":[{"raw_affiliation_string":"Australian National University","institution_ids":["https://openalex.org/I118347636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084781686","display_name":"Omar Haggag","orcid":null},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]},{"id":"https://openalex.org/I2801239119","display_name":"Australian Regenerative Medicine Institute","ror":"https://ror.org/02qa5kg76","country_code":"AU","type":"facility","lineage":["https://openalex.org/I2801037857","https://openalex.org/I2801239119","https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Omar Haggag","raw_affiliation_strings":["Monash University"],"affiliations":[{"raw_affiliation_string":"Monash University","institution_ids":["https://openalex.org/I2801239119","https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082913979","display_name":"John Grundy","orcid":"https://orcid.org/0000-0003-4928-7076"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]},{"id":"https://openalex.org/I2801239119","display_name":"Australian Regenerative Medicine Institute","ror":"https://ror.org/02qa5kg76","country_code":"AU","type":"facility","lineage":["https://openalex.org/I2801037857","https://openalex.org/I2801239119","https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"John Grundy","raw_affiliation_strings":["Monash University"],"affiliations":[{"raw_affiliation_string":"Monash University","institution_ids":["https://openalex.org/I2801239119","https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037132050","display_name":"Jingjie Li","orcid":"https://orcid.org/0000-0001-6611-7496"},"institutions":[{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jingjie Li","raw_affiliation_strings":["University of Edinburgh"],"affiliations":[{"raw_affiliation_string":"University of Edinburgh","institution_ids":["https://openalex.org/I98677209"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100748869","display_name":"Li Zhu","orcid":"https://orcid.org/0000-0001-5249-6536"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Liming Zhu","raw_affiliation_strings":["CSIRO\u2019s Data61 & UNSW"],"affiliations":[{"raw_affiliation_string":"CSIRO\u2019s Data61 & UNSW","institution_ids":["https://openalex.org/I42894916"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5110494561"],"corresponding_institution_ids":["https://openalex.org/I118347636","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":11.6895,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.9808697,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"2025","issue":"4","first_page":"392","last_page":"409"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/notice","display_name":"Notice","score":0.8461253046989441},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.7212398052215576},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.5900557041168213},{"id":"https://openalex.org/keywords/privacy-software","display_name":"Privacy software","score":0.5638245344161987},{"id":"https://openalex.org/keywords/privacy-policy","display_name":"Privacy policy","score":0.5325303077697754},{"id":"https://openalex.org/keywords/privacy-by-design","display_name":"Privacy by Design","score":0.4319719076156616},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.42983388900756836},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.37396132946014404},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.08628740906715393},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.06534501910209656}],"concepts":[{"id":"https://openalex.org/C2779913896","wikidata":"https://www.wikidata.org/wiki/Q7063001","display_name":"Notice","level":2,"score":0.8461253046989441},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.7212398052215576},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.5900557041168213},{"id":"https://openalex.org/C509729295","wikidata":"https://www.wikidata.org/wiki/Q7246032","display_name":"Privacy software","level":3,"score":0.5638245344161987},{"id":"https://openalex.org/C102938260","wikidata":"https://www.wikidata.org/wiki/Q1999831","display_name":"Privacy policy","level":3,"score":0.5325303077697754},{"id":"https://openalex.org/C193934123","wikidata":"https://www.wikidata.org/wiki/Q7246028","display_name":"Privacy by Design","level":3,"score":0.4319719076156616},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.42983388900756836},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.37396132946014404},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.08628740906715393},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.06534501910209656}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.56553/popets-2025-0136","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0136","pdf_url":null,"source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},{"id":"pmh:oai:pure.ed.ac.uk:openaire/3eabb151-dbb5-4033-9219-ba0744c1b3f5","is_oa":true,"landing_page_url":"https://www.research.ed.ac.uk/en/publications/3eabb151-dbb5-4033-9219-ba0744c1b3f5","pdf_url":null,"source":{"id":"https://openalex.org/S4406922455","display_name":"Edinburgh Research Explorer","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Tao, Z, Pan, S, Xing, Z, Sun, X, Haggag, O, Grundy, J, Li, J & Zhu, L 2025, Privacy Bills of Materials (PriBOM) : A transparent privacy information inventory for collaborative privacy notice generation in mobile app development. in R Jansen & Z Shafiq (eds), Proceedings of the 25th Privacy Enhancing Technologies Symposium. Proceedings on Privacy Enhancing Technologies, no. 4, vol. 2025, pp. 392-409, The 25th Privacy Enhancing Technologies Symposium, Washington, District of Columbia, United States, 14/07/25. https://doi.org/10.56553/popets-2025-0136","raw_type":"contributionToPeriodical"}],"best_oa_location":{"id":"doi:10.56553/popets-2025-0136","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2025-0136","pdf_url":null,"source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2116878667","https://openalex.org/W3042284153","https://openalex.org/W2994243660","https://openalex.org/W2118333568","https://openalex.org/W2132024542","https://openalex.org/W2900699882","https://openalex.org/W2549995367","https://openalex.org/W2006891491","https://openalex.org/W1598195095","https://openalex.org/W15769136"],"abstract_inverted_index":{"Privacy":[0],"regulations":[1],"mandate":[2],"that":[3,72,149],"developers":[4,35],"must":[5],"provide":[6],"authentic":[7],"and":[8,51,81,92,99,114],"comprehensive":[9],"privacy":[10,13,23,33,41,85,90,94,102,115,159],"notices,":[11,42],"e.g.,":[12],"policies":[14],"or":[15],"labels,":[16],"to":[17,27,38,78],"inform":[18],"users":[19],"of":[20,30,32,65,101,108,124,136],"their":[21],"apps\u2019":[22],"practices.":[24,103],"However,":[25],"due":[26],"a":[28,67,106,127,154],"lack":[29],"knowledge":[31],"requirements,":[34],"often":[36],"struggle":[37],"create":[39],"accurate":[40],"especially":[43],"for":[44,157,163],"sophisticated":[45],"mobile":[46,83,164],"apps":[47],"with":[48,130,145],"complex":[49],"features":[50],"in":[52,138,161],"crowded":[53],"development":[54,75],"teams.":[55],"To":[56],"address":[57],"these":[58],"challenges,":[59],"we":[60],"introduce":[61],"PriBOM":[62,87,109,125,137,150],"(Privacy":[63],"Bills":[64],"Materials),":[66],"systematic":[68],"software":[69],"engineering":[70],"approach":[71],"leverages":[73],"different":[74],"team":[76],"roles":[77],"better":[79],"capture":[80],"coordinate":[82],"app":[84],"information.":[86],"facilitates":[88],"transparency-centric":[89],"documentation":[91],"specific":[93],"notice":[95,116],"creation,":[96],"enabling":[97],"traceability":[98],"trackability":[100],"We":[104,119],"present":[105],"pre-fill":[107],"based":[110],"on":[111],"static":[112],"analysis":[113,117],"techniques.":[118],"explore":[120],"the":[121],"perceived":[122],"usefulness":[123],"through":[126],"human":[128],"evaluation":[129],"150":[131],"diverse":[132],"participants.":[133],"The":[134],"role":[135],"enhancing":[139],"privacy-related":[140],"communication":[141],"is":[142],"well":[143],"received":[144],"83.33%":[146],"agreement,":[147],"suggesting":[148],"could":[151],"serve":[152],"as":[153],"significant":[155],"solution":[156],"providing":[158],"support":[160],"DevOps":[162],"apps.":[165]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}