Note: More often than not apps will claim to handle certain data, but in reality that's not the case. The IEEE article "Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers" by Majid Hatamian gives a very nice introduction to this topic.
See Section 5.1.1 "Introduction to data protection goals" in ENISA's "Privacy and data protection in mobile applications" for more detailed descriptions.
You can find more common violations in Google Play Console Help (Policy Centre -> Privacy, deception and device abuse -> User data).
It's possible that the developers are not declaring certain information that is indeed being collected and or shared, but that's a topic for a different test extending this one here. As part of this test you are not supposed to provide privacy violations assurance.
Ideally, the information available should be compared against what the app is actually meant to do. However, that's far from a trivial task that could take from several days to weeks to complete depending on your resources and support from automated tooling. It also heavily depends on the app functionality and context and should be ideally performed on a whitebox setup working very closely with the app developers.