Vijayanta Jain,Sepideh Ghanavati,Sai Teja Peddinti,Collin McMillan

DOI: https://doi.org/10.48550/arXiv.2305.15314

2023-05-24

Software Engineering

Abstract:Mobile applications are required to give privacy notices to users when they collect or share personal information. Creating consistent and concise privacy notices can be a challenging task for developers. Previous work has attempted to help developers create privacy notices through a questionnaire or predefined templates. In this paper, we propose a novel approach and a framework, called PriGen, that extends these prior work. PriGen uses static analysis to identify Android applications' code segments that process sensitive information (i.e. permission-requiring code segments) and then leverages a Neural Machine Translation model to translate them into privacy captions. We present the initial evaluation of our translation task for ~300,000 code segments.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Trudy-Ann Campbell,Samson Eromonsei,Olusegun Afolabi

DOI: https://doi.org/10.30574/wjaets.2024.12.2.0317

2024-07-30

World Journal of Advanced Engineering Technology and Sciences

Abstract:Ensuring compliance with the General Data Protection Regulation (GDPR) presents significant challenges for organizations, especially those developing web and mobile applications. This study investigates the use of automation to enhance GDPR compliance by generating privacy policy captions through static code analysis and deep learning models. Privacy policy captions offer concise, user-friendly summaries of data processing practices, improving transparency and user trust. The research combines qualitative and quantitative methodologies, including static code analysis of application source codes and the application of neural machine translation models to generate privacy policy captions. Findings indicate that automation can effectively produce accurate, consistent, and comprehensible privacy policy captions that align with GDPR requirements. However, limitations such as tool capabilities, dataset diversity, and user testing scale highlight areas for future research. This study provides practical guidelines for implementing automated privacy policy captions, emphasizing the importance of continuous monitoring and updates to maintain compliance. By leveraging automation, organizations can enhance their data protection practices, build user trust, and achieve efficient GDPR compliance.

Shidong Pan,Zhen Tao,Thong Hoang,Dawen Zhang,Tianshi Li,Zhenchang Xing,Sherry Xu,Mark Staples,Thierry Rakotoarivelo,David Lo

2024-02-22

Abstract:Privacy policies have emerged as the predominant approach to conveying privacy notices to mobile application users. In an effort to enhance both readability and user engagement, the concept of contextual privacy policies (CPPs) has been proposed by researchers. The aim of CPPs is to fragment privacy policies into concise snippets, displaying them only within the corresponding contexts within the application's graphical user interfaces (GUIs). In this paper, we first formulate CPP in mobile application scenario, and then present a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications. This method uniquely integrates vision-based GUI understanding with privacy policy analysis, achieving 0.88 precision and 0.90 recall to detect contexts, as well as 0.98 precision and 0.96 recall in extracting corresponding policy segments. A human evaluation shows that 77% of the extracted privacy policy segments were perceived as well-aligned with the detected contexts. These findings suggest that SeePrivacy could serve as a significant tool for bolstering user interaction with, and understanding of, privacy policies. Furthermore, our solution has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic. A demonstration of our work can be accessed at https://cpp4app.github.io/SeePrivacy/

Software Engineering,Cryptography and Security

Shidong Pan,Zhen Tao,Thong Hoang,Dawen Zhang,Zhenchang Xing,Xiwei Xu,Mark Staples,David Lo

2023-07-09

Abstract:Privacy policies have become the most critical approach to safeguarding individuals' privacy and digital security. To enhance their presentation and readability, researchers propose the concept of contextual privacy policies (CPPs), aiming to fragment policies into shorter snippets and display them only in corresponding contexts. In this paper, we propose a novel multi-modal framework, namely SeePrivacy, designed to automatically generate contextual privacy policies for mobile apps. Our method synergistically combines mobile GUI understanding and privacy policy document analysis, yielding an impressive overall 83.6% coverage rate for privacy-related context detection and an accuracy of 0.92 in extracting corresponding policy segments. Remarkably, 96% of the retrieved policy segments can be correctly matched with their contexts. The user study shows SeePrivacy demonstrates excellent functionality and usability (4.5/5). Specifically, participants exhibit a greater willingness to read CPPs (4.1/5) compared to original privacy policies (2/5). Our solution effectively assists users in comprehending privacy notices, and this research establishes a solid foundation for further advancements and exploration.

Cryptography and Security,Software Engineering

Faysal Hossain Shezan,Yingjie Lao,Minlong Peng,Xin Wang,Mingming Sun,Ping Li

DOI: https://doi.org/10.48550/arXiv.2208.13361

2022-08-29

Abstract:The recent privacy leakage incidences and the more strict policy regulations demand a much higher standard of compliance for companies and mobile apps. However, such obligations also impose significant challenges on app developers for complying with these regulations that contain various perspectives, activities, and roles, especially for small companies and developers who are less experienced in this matter or with limited resources. To address these hurdles, we develop an automatic tool, NL2GDPR, which can generate policies from natural language descriptions from the developer while also ensuring the app's functionalities are compliant with General Data Protection Regulation (GDPR). NL2GDPR is developed by leveraging an information extraction tool, OIA (Open Information Annotation), developed by Baidu Cognitive Computing Lab. At the core, NL2GDPR is a privacy-centric information extraction model, appended with a GDPR policy finder and a policy generator. We perform a comprehensive study to grasp the challenges in extracting privacy-centric information and generating privacy policies, while exploiting optimizations for this specific task. With NL2GDPR, we can achieve 92.9%, 95.2%, and 98.4% accuracy in correctly identifying GDPR policies related to personal data storage, process, and share types, respectively. To the best of our knowledge, NL2GDPR is the first tool that allows a developer to automatically generate GDPR compliant policies, with only the need of entering the natural language for describing the app features. Note that other non-GDPR-related features might be integrated with the generated features to build a complex app.

Cryptography and Security,Computation and Language

Meixue Si,Shidong Pan,Dianshu Liao,Xiaoyu Sun,Zhen Tao,Wenchang Shi,Zhenchang Xing

2024-07-22

Abstract:The rapid development and widespread adoption of Generative Artificial Intelligence-based (GAI) applications have greatly enriched our daily lives, benefiting people by enhancing creativity, personalizing experiences, improving accessibility, and fostering innovation and efficiency across various domains. However, along with the development of GAI applications, concerns have been raised about transparency in their privacy practices. Traditional privacy policies often fail to effectively communicate essential privacy information due to their complexity and length, and open-source community developers often neglect privacy practices even more. Only 12.2% of examined open-source GAI apps provide a privacy policy. To address this, we propose a regulation-driven GAI Privacy Label and introduce Repo2Label, a novel framework for automatically generating these labels based on code repositories. Our user study indicates a common endorsement of the proposed GAI privacy label format. Additionally, Repo2Label achieves a precision of 0.81, recall of 0.88, and F1-score of 0.84 based on the benchmark dataset, significantly outperforming the developer self-declared privacy notices. We also discuss the common regulatory (in)compliance of open-source GAI apps, comparison with other privacy notices, and broader impacts to different stakeholders. Our findings suggest that Repo2Label could serve as a significant tool for bolstering the privacy transparency of GAI apps and make them more practical and responsible.

Cryptography and Security,Software Engineering

Shao Yang,Yuehan Wang,Yuan Yao,Haoyu Wang,Yanfang (Fanny) Ye,Xusheng Xiao

DOI: https://doi.org/10.1145/3510003.3510058

2022-01-01

Abstract:While mobile applications (i.e., apps) are becoming capable of handling various needs from users, their increasing access to sensitive data raises privacy concerns. To inform such sensitive behaviors to users, existing techniques propose to automatically identify explanatory sentences from app descriptions; however, many sensitive behaviors are not explained in the corresponding app descriptions. There also exist general techniques that translate code to sentences. However, these techniques lack the vocabulary to explain the uses of sensitive data and fail to consider the context (i.e., the app functionalities) of the sensitive behaviors. To address these limitations, we propose DescribeCtx, a context-aware description synthesis approach that trains a neural machine translation model using a large set of popular apps, and generates app-specific descriptions for sensitive behaviors. Specifically, DescribeCtx encodes three heterogeneous sources as input, i.e., vocabularies provided by privacy policies, behavior summary provided by the call graphs in code, and contextual information provided by GUI texts. Our evaluations on 1,262 Android apps show that, compared with existing baselines, DescribeCtx produces more accurate descriptions (24.96 in BLEU) and achieves higher user ratings with respect to the reference sentences manually identified in the app descriptions.

Ryoma Sato

2023-12-07

Abstract:We propose PRISM to enable users of machine translation systems to preserve the privacy of data on their own initiative. There is a growing demand to apply machine translation systems to data that require privacy protection. While several machine translation engines claim to prioritize privacy, the extent and specifics of such protection are largely ambiguous. First, there is often a lack of clarity on how and to what degree the data is protected. Even if service providers believe they have sufficient safeguards in place, sophisticated adversaries might still extract sensitive information. Second, vulnerabilities may exist outside of these protective measures, such as within communication channels, potentially leading to data leakage. As a result, users are hesitant to utilize machine translation engines for data demanding high levels of privacy protection, thereby missing out on their benefits. PRISM resolves this problem. Instead of relying on the translation service to keep data safe, PRISM provides the means to protect data on the user's side. This approach ensures that even machine translation engines with inadequate privacy measures can be used securely. For platforms already equipped with privacy safeguards, PRISM acts as an additional protection layer, reinforcing their security furthermore. PRISM adds these privacy features without significantly compromising translation accuracy. Our experiments demonstrate the effectiveness of PRISM using real-world translators, T5 and ChatGPT (GPT-3.5-turbo), and the datasets with two languages. PRISM effectively balances privacy protection with translation accuracy.

Cryptography and Security,Artificial Intelligence,Computation and Language,Machine Learning

Shidong Pan,Thong Hoang,Dawen Zhang,Zhenchang Xing,Xiwei Xu,Qinghua Lu,Mark Staples

2023-06-19

Abstract:Software applications have become an omnipresent part of modern society. The consequent privacy policies of these applications play a significant role in informing customers how their personal information is collected, stored, and used. However, customers rarely read and often fail to understand privacy policies because of the ``Privacy Policy Reading Phobia'' (PPRP). To tackle this emerging challenge, we propose the first framework that can automatically generate privacy nutrition labels from privacy policies. Based on our ground truth applications about the Data Safety Report from the Google Play app store, our framework achieves a 0.75 F1-score on generating first-party data collection practices and an average of 0.93 F1-score on general security practices. We also analyse the inconsistencies between ground truth and curated privacy nutrition labels on the market, and our framework can detect 90.1% under-claim issues. Our framework demonstrates decent generalizability across different privacy nutrition label formats, such as Google's Data Safety Report and Apple's App Privacy Details.

Cryptography and Security,Software Engineering

Harichandana B S S,Vibhav Agarwal,Sourav Ghosh,Gopi Ramena,Sumit Kumar,Barath Raj Kandur Raja

DOI: https://doi.org/10.48550/arXiv.2202.02524

2022-02-05

Computer Vision and Pattern Recognition

Abstract:With 3.78 billion social media users worldwide in 2021 (48% of the human population), almost 3 billion images are shared daily. At the same time, a consistent evolution of smartphone cameras has led to a photography explosion with 85% of all new pictures being captured using smartphones. However, lately, there has been an increased discussion of privacy concerns when a person being photographed is unaware of the picture being taken or has reservations about the same being shared. These privacy violations are amplified for people with disabilities, who may find it challenging to raise dissent even if they are aware. Such unauthorized image captures may also be misused to gain sympathy by third-party organizations, leading to a privacy breach. Privacy for people with disabilities has so far received comparatively less attention from the AI community. This motivates us to work towards a solution to generate privacy-conscious cues for raising awareness in smartphone users of any sensitivity in their viewfinder content. To this end, we introduce PrivPAS (A real time Privacy-Preserving AI System) a novel framework to identify sensitive content. Additionally, we curate and annotate a dataset to identify and localize accessibility markers and classify whether an image is sensitive to a featured subject with a disability. We demonstrate that the proposed lightweight architecture, with a memory footprint of a mere 8.49MB, achieves a high mAP of 89.52% on resource-constrained devices. Furthermore, our pipeline, trained on face anonymized data, achieves an F1-score of 73.1%.

Vaibhav Gulati,Shambo Guha Roy,Ahmed Moawad,Daniela Garcia,Aparna Babu,Jeffrey D Poot,Oleg M Teytelboym

DOI: https://doi.org/10.1016/j.jacr.2024.05.009

2024-06-14

Abstract:Objective: To explore the capabilities of Chat Generative Pre-trained Transformer (ChatGPT) for the purpose of simplifying and translating radiology reports into Spanish, Hindi, and Russian languages, with comparisons to its performance in simplifying to the English language. Methods: Fifty deidentified abdomen-pelvis CT reports were fed to ChatGPT (4.0), instructing it to simplify and translate the report. The processed reports were rated on factual correctness (category 1), potential harmful errors (category 2), completeness (category 3), and explanation of medical terms (category 4). The translated versions were also rated on the quality of translation (category 5). The scores in each category were compared between the translated versions and each translated version was compared with the English version in the first four categories. The original reports and the simplified English reports were rated on the Flesch Reading Ease Score and the Flesch Kincaid Grade Level. Results: The Spanish translation outperformed the Hindi and Russian version significantly in categories 1 and 3 (P < .05). All translated versions performed significantly worse compared with the English version in category 4 (P < .001). Notably, the Hindi translated version performed significantly worse in all four categories (P < .05). The Russian translated version was also significantly worse in category 3 (P < .05). In the first three categories, the Spanish translation, and in the first two categories, the Russian translation demonstrated no statistically significant difference from the English version. No statistically significant difference was observed in the Flesch Reading Ease Score and Flesch Kincaid Grade Level of the simplified English reports. Typographical errors in the original reports negatively affected the translation. Conclusion: ChatGPT demonstrates potential ability in translating reports and communicating pertinent clinical information with limited errors. More training and tailoring are required for languages that are not as commonly used in medical literature. Large language models can be used for translating and simplifying radiology reports, potentially improving access to health care and helping reduce health care costs.

Feiyang Tang,Bjarte M. Østvold,Magiel Bruntink

DOI: https://doi.org/10.3233/FAIA230228

2023-06-20

Abstract:Ensuring compliance with the General Data Protection Regulation (GDPR) is a crucial aspect of software development. This task, due to its time-consuming nature and requirement for specialized knowledge, is often deferred or delegated to specialized code reviewers. These reviewers, particularly when external to the development organization, may lack detailed knowledge of the software under review, necessitating the prioritization of their resources. To address this, we have designed two specialized views of a codebase to help code reviewers in prioritizing their work related to personal data: one view displays the types of personal data representation, while the other provides an abstract depiction of personal data processing, complemented by an optional detailed exploration of specific code snippets. Leveraging static analysis, our method identifies personal data-related code segments, thereby expediting the review process. Our approach, evaluated on four open-source GitHub applications, demonstrated a precision rate of 0.87 in identifying personal data flows. Additionally, we fact-checked the privacy statements of 15 Android applications. This solution, designed to augment the efficiency of GDPR-related privacy analysis tasks such as the Record of Processing Activities (ROPA), aims to conserve resources, thereby saving time and enhancing productivity for code reviewers.

Software Engineering

Zhengyang Qu,Vaibhav Rastogi,Xinyi Zhang,Yan Chen,Tiantian Zhu,Zhong Chen

DOI: https://doi.org/10.1145/2660267.2660287

2014-01-01

Abstract:The booming popularity of smartphones is partly a result of application markets where users can easily download wide range of third-party applications. However, due to the open nature of markets, especially on Android, there have been several privacy and security concerns with these applications. On Google Play, as with most other markets, users have direct access to natural-language descriptions of those applications, which give an intuitive idea of the functionality including the security-related information of those applications. Google Play also provides the permissions requested by applications to access security and privacy-sensitive APIs on the devices. Users may use such a list to evaluate the risks of using these applications. To best assist the end users, the descriptions should reflect the need for permissions, which we term description-to-permission fidelity. In this paper, we present a system AUTOCOG to automatically assess description-to-permission fidelity of applications. AUTOCOG employs state-of-the-art techniques in natural language processing and our own learning-based algorithm to relate description with permissions. In our evaluation, AUTOCOG outperforms other related work on both performance of detection and ability of generalization over various permissions by a large extent. On an evaluation of eleven permissions, we achieve an average precision of 92.6% and an average recall of 92.0%. Our large-scale measurements over 45,811 applications demonstrate the severity of the problem of low description-to-permission fidelity. AUTOCOG helps bridge the long-lasting usability gap between security techniques and average users.

Shan Qiao,Xingyu Fang,Camryn Garrett,Ran Zhang,Xiaoming Li,Yuhao Kang

DOI: https://doi.org/10.1101/2024.09.16.24313707

2024-09-16

Abstract:Study Objectives: In-depth interviews are one of the most widely used approaches for qualitative studies in public health. The coding of transcripts is a critical step for information extraction and preliminary analysis. However, manual coding is often labor-intensive and time-consuming. The emergence of generative artificial intelligence (GenAI), supported by Large Language Models (LLMs), presents new opportunities to understand human languages, which may significantly facilitate the coding process. This study aims to build a computational coding framework that uses GenAI to automatically detect and extract themes from in-depth interview transcripts. Methods: We conducted an experiment using transcripts of in-depth interviews with maternity care providers in South Carolina. We leveraged ChatGPT to perform two tasks automatically: (1) deductive coding, which involves applying a predefined set of codes to dialogues; and (2) inductive coding, which can generate codes from dialogues without any preconceptions or assumptions. We fine-tuned ChatGPT to understand the content of the interview transcripts, enabling it to detect and summarize codes. We then evaluated the performance of the proposed approach by comparing the codes generated by ChatGPT with those generated manually by human coders, involving human-in-the-loop evaluation. Results: The results demonstrated the potential of GenAI in detecting and summarizing codes from in-depth interview transcripts. ChatGPT could be utilized for both deductive and inductive coding processes. The overall accuracy of GenAI is higher than 80% and the codes it generated showed high positive associations with those generated manually. More impressively, GenAI reduced the time required for coding by 81%, demonstrating its efficiency compared to traditional methods. Discussion: GenAI models like ChatGPT show high generalizability, scalability and efficiency in handling large datasets, and are proficient in multi-level semantic structure identification. They demonstrate promising results in qualitative coding, making it a valuable tool for supporting people in public health research. However, challenges such as inaccuracy, systematic biases, and privacy concerns must be addressed when using them in practice. GenAI-based coding results should be handled with caution and reviewed by human coders to ensure accuracy and reliability.

Public and Global Health

Pattaraporn Sangaroonsilp,Hoa Khanh Dam,Omar Haggag,John Grundy

2024-10-04

Abstract:Software applications are designed to assist users in conducting a wide range of tasks or interactions. They have become prevalent and play an integral part in people's lives in this digital era. To use those software applications, users are sometimes requested to provide their personal information. As privacy has become a significant concern and many data protection regulations exist worldwide, software applications must provide users with a privacy policy detailing how their personal information is collected and processed. We propose an approach that generates a comprehensive and compliant privacy policy with respect to the General Data Protection Regulation (GDPR) for diverse software applications. To support this, we first built a library of privacy clauses based on existing privacy policy analysis. We then developed an interactive rule-based system that prompts software developers with a series of questions and uses their answers to generate a customised privacy policy for a given software application. We evaluated privacy policies generated by our approach in terms of readability, completeness and coverage and compared them to privacy policies generated by three existing privacy policy generators and a Generative AI-based tool. Our evaluation results show that the privacy policy generated by our approach is the most complete and comprehensive.

Software Engineering

Hamza Harkous,Kassem Fawaz,Rémi Lebret,Florian Schaub,Kang G. Shin,Karl Aberer

DOI: https://doi.org/10.48550/arXiv.1802.02561

2018-02-07

Computation and Language

Abstract:Privacy policies are the primary channel through which companies inform users about their data collection and sharing practices. These policies are often long and difficult to comprehend. Short notices based on information extracted from privacy policies have been shown to be useful but face a significant scalability hurdle, given the number of policies and their evolution over time. Companies, users, researchers, and regulators still lack usable and scalable tools to cope with the breadth and depth of privacy policies. To address these hurdles, we propose an automated framework for privacy policy analysis (Polisis). It enables scalable, dynamic, and multi-dimensional queries on natural language privacy policies. At the core of Polisis is a privacy-centric language model, built with 130K privacy policies, and a novel hierarchy of neural-network classifiers that accounts for both high-level aspects and fine-grained details of privacy practices. We demonstrate Polisis' modularity and utility with two applications supporting structured and free-form querying. The structured querying application is the automated assignment of privacy icons from privacy policies. With Polisis, we can achieve an accuracy of 88.4% on this task. The second application, PriBot, is the first freeform question-answering system for privacy policies. We show that PriBot can produce a correct answer among its top-3 results for 82% of the test questions. Using an MTurk user study with 700 participants, we show that at least one of PriBot's top-3 answers is relevant to users for 89% of the test questions.

Mohamed K Badawy,Daniel Carrion,Kitiwat Khamwan

DOI: https://doi.org/10.1101/2024.11.06.24316678

2024-11-08

Abstract:Purpose: Effective patient communication in procedures involving radiation is crucial, especially for patients facing literacy or language barriers. Generative Artificial Intelligence offers innovative solutions for creating personalised, multilingual patient education materials. This pilot study assesses the effectiveness of GenAI, specifically using HeyGen, in generating personalised patient information videos in the Thai language. Methods: An avatar of a medical physicist was created using HeyGen. Two English health information scripts on nuclear medicine and radiology were translated into Thai with HeyGen's translation tool, and videos were generated featuring the avatar delivering the content in Thai. Native Thai-speaking medical physicists and postgraduate students (n = 13) evaluated the videos using a 5-point Likert scale on criteria such as translation accuracy, naturalness of delivery, and usefulness as a patient education tool. Objective translation quality was assessed using the Bilingual Evaluation Understudy scoring system. Results: Both videos received high median scores for translation accuracy (median = 4.0), with BLEU scores of 0.57 and 0.66, indicating good translation quality. Participants noted minor issues with formal language and unnatural phrasing but generally found the videos understandable and valuable. Feedback suggested improvements in the naturalness of the avatar's delivery to enhance relatability. Conclusions: This pilot study shows that GenAI can effectively create personalised patient information videos and translate them into Thai, helping to bridge communication gaps in procedures involving radiation. While minor issues remain, the findings suggest that tools like HeyGen could significantly support patient communication with further refinement, especially for those facing language barriers.

Radiology and Imaging

David Rodriguez,Jose M. Del Alamo,Celia Fernández-Aller,Norman Sadeh

DOI: https://doi.org/10.1109/access.2024.3349425

IF: 3.9

2024-01-01

IEEE Access

Abstract:In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve into this issue, this article describes an automated method to capture data-sharing practices in Android apps and assess their proper disclosure according to the EU General Data Protection Regulation. We applied the method to 9,000 random Android apps, unveiling an uncomfortable reality: over 80% of Android applications that transfer personal data off device potentially fail to meet GDPR transparency requirements. We further investigate the role of third-party libraries, shedding light on the source of this problem and pointing towards measures to address it.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiaqi Liu,Fengming Zhang,Xin Zhang,Zhiwen Yu,Liang Wang,Yao Zhang,Bin Guo

DOI: https://doi.org/10.1109/tse.2024.3379583

IF: 7.4

2024-01-01

IEEE Transactions on Software Engineering

Abstract:Code translation, i.e., translating one kind of code language to another, plays an important role in scenarios such as application modernization and multi-language versions of applications on different platforms. Even the most advanced machine-based code translation methods can not guarantee an error-free result. Therefore, the participance of software engineer is necessary. Considering both accuracy and efficiency, it is suggested to work in a human-machine collaborative way. However, in many realistic scenarios, human and machine collaborate ineffectively - model translates first and then human makes further editing, without any interaction. To solve this problem, we propose hmCodeTrans, a novel method that achieves code translation in an interactive human-machine collaborative way. It can (1) save the human effort by introducing two novel human-machine collaboration patterns: prefix-based and segment-based ones, which feed the software engineer’s sequential or scattered editing back to model and thus enabling the model to make a better retranslation; (2) reduce the response time based on two proposed modules: attention cache module that avoids duplicate prefix inference with cached attention information, and suffix splicing module that reduces invalid suffix inference by splicing a predefined suffix. The experiments are conducted on two real datasets. Results show that compared with the baselines, our approach can effectively save the human effort and reduce the response time. Last but not least, a user study involving five real software engineers is given, which validates that the proposed approach owns the lowest human effort and shows the users’ satisfaction towards the approach.

engineering, electrical & electronic,computer science, software engineering