Jingyu WANG,Mingkun XU,Haoyu WANG,Guo＇ai XU

2019-01-01

Abstract:Mobile Apps frequently request access to sensitive information. Google recommends that developers should publish privacy policy document when uploading an App, with the aim of making the user aware of how the privacy information is used for better protection of users??privacy. Many studies focus on detecting the consistence between App behavior and privacy policy. However, most of them only focus on static analysis and use white-list to identify third-party libraries, which is inaccurate and incomplete. An automated detection tool is proposed to check whether the App privacy document is consistent with the App behavior. First, an improved natural language ap-proach is used to extract the declared sensitive behavior in the privacy policy. Then, both static analysis and dynamic analysis are used to analyze the sensitive behavior of mobile App. Besides, a clustering-based approach is used to identify third-party library used in the App, which is more accurate than the traditional white-list based approach. Finally, the consistence detection is conducted with the statement of privacy policy and the analysis of the privacy permission in code. Based on the experiment of 455 Apps, the tool can accurately extract 94.75% of the privacy information in the privacy policy statement. Experiment results show that for roughly 50% of the Apps, there exists inconsistence between App behavior and privacy policy.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Luca Verderame,Davide Caputo,Andrea Romdhana,Alessio Merlo

DOI: https://doi.org/10.1109/IJCNN48605.2020.9206660

2020-04-18

Abstract:Access to privacy-sensitive information on Android is a growing concern in the mobile community. Albeit Google Play recently introduced some privacy guidelines, it is still an open problem to soundly verify whether apps actually comply with such rules. To this aim, in this paper, we discuss a novel methodology based on a fruitful combination of static analysis, dynamic analysis, and machine learning techniques, which allows assessing such compliance. More in detail, our methodology checks whether each app i) contains a privacy policy that complies with the Google Play privacy guidelines, and ii) accesses privacy-sensitive information only upon the acceptance of the policy by the user. Furthermore, the methodology also allows checking the compliance of third-party libraries embedded in the apps w.r.t. the same privacy guidelines. We implemented our methodology in a tool, 3PDroid, and we carried out an assessment on a set of recent and most-downloaded Android apps in the Google Play Store. Experimental results suggest that more than 95% of apps access user's privacy-sensitive information, but just a negligible subset of them (around 1%) fully complies with the Google Play privacy guidelines.

Cryptography and Security

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1007/s11432-016-9072-3

2017-01-01

Abstract:The number of Android applications has increased rapidly as Android is becoming the dominant platform in the smartphone market. Security and privacy are key factors for an Android application to be successful. Android provides a permission mechanism to ensure security and privacy. This permission mechanism requires that developers declare the sensitive resources required by their applications. On installation or during runtime, users are required to agree with the permission request. However, in practice, there are numerous popular permission misuses, despite Android introducing official documents stating how to use these permissions properly. Some data mining techniques (e.g., association rule mining) have been proposed to help better recommend permissions required by an API. In this paper, based on popular techniques used to build recommendation systems, we propose two novel approaches to improve the effectiveness of the prior work. The first approach utilizes a collaborative filtering technique, which is inspired by the intuition that apps that have similar features — inferred from their APIs — usually share similar permissions. The second approach recommends permissions based on a text mining technique that uses a naive Bayes multinomial classification algorithm to build a prediction model by analyzing descriptions of apps. To evaluate these two approaches, we use 936 Android apps from F-Droid, which is a repository of free and open source Android applications. We find that our proposed approaches yield a significant improvement in terms of precision, recall, F1-score, and MAP of the top-k results over the baseline approach.

Lingfeng Bao,David Lo,Xin Xia,Shanping Li

DOI: https://doi.org/10.1109/sate.2016.13

2016-01-01

Abstract:As Android is one of the most popular open source mobile platforms, ensuring security and privacy of Android applications is very important. Android provides a permission mechanism which requires developers to declare sensitive resources their applications need, and users need to agree with this request when they install (for Android API level 22 or lower) or run (for Android API level 23) these applications. Although Android provides very good official documents to explain how to properly use permissions, unfortunately misuses even for the most popular permissions have been reported. Recently, Karim et al. propose an association rule mining based approach to better infer permissions that an API needs. In this work, to improve the effectiveness of the prior work, we propose an approach which is based on collaborative filtering technique, one of popular techniques used to build recommendation systems. Our approach is designed based on the intuition that apps that have similar features - inferred from the APIs that they use - usually share similar permissions. We evaluate the proposed approaches on 936 Android apps from F-Droid, which is a repository of free and open source Android applications. The experimental results show that our proposed approaches achieve significant improvement in terms of the precision, recall, F1-score and MAP of the top-k results over Karim et al.'s approach.

Le Yu,Xiapu Luo,Jiachi Chen,Hao Zhou,Tao Zhang,Henry Chang,Hareton K. N. Leung

DOI: https://doi.org/10.1109/tse.2018.2886875

IF: 7.4

2021-02-01

IEEE Transactions on Software Engineering

Abstract:Recent years have witnessed a sharp increase of malicious apps that steal users’ personal information. To address users’ concerns about privacy risks and to comply with data protection laws, more and more apps are supplied with privacy policies written in natural language to help users understand an app's privacy practices. However, little is known whether these privacy policies are trustworthy or not. Questionable privacy policies may be prepared by careless app developers or someone with malicious intention. In this paper, we carry out a systematic study on privacy policy by proposing a novel approach to automatically identify five kinds of problems in privacy policy. After tackling several challenging issues, we implement the approach in a system, named PPChecker, and evaluate it with real apps and their privacy policies. The experimental results show that PPChecker can effectively identify questionable privacy policies with high precision. Applying PPChecker to 2,500 popular apps, we find that 1,850 apps (i.e., 74.0 percent) have at least one kind of problems. This study sheds light on the research of improving and regulating apps’ privacy policies.

engineering, electrical & electronic,computer science, software engineering

Tengfei Tu,Hua Zhang,Bei Gong,Daizhong Du,Qiaoyan Wen

DOI: https://doi.org/10.1007/s10462-024-10798-z

IF: 9.588

2024-06-14

Artificial Intelligence Review

Abstract:With the continuous development of mobile devices, mobile applications bring a lot of convenience to people's lives. The abuse of mobile device permissions is prone to the risk of privacy leakage. The existing detection technology can detect the inconsistency between the declared authority and the actual use authority. But using the third-party privacy policy as the analysis basis for SDK permissions will result in a large set of extracted declaration permissions, which will lead to identifying risky applications as normal applications during consistency comparison. The prevailing approach involves utilizing models based on TextCNN to extract information from privacy policies. However, the training of TextCNN relies on large-scale annotated datasets, leading to high costs. This paper uses BERT as the word vector extraction model to obtain private phrases from the privacy policy. And then we use cosine similarity to automatically filter permission phrase samples, reducing the workload of manual labeling. On the other hand, existing methods do not support the analysis of Chinese privacy policies. In order to solve the problem of consistency judgment between Chinese privacy policy and permission usage, we implement a BERT-based Android privacy policy and permission usage consistency analysis engine. The engine first uses static analysis to obtain the permission list of Android applications, and then combines the BERT model to achieve consistency analysis. After functional and speed testing, we found that the engine can successfully run the consistency analysis function of Chinese declaration permissions and usage permissions, and it is better than the existing detection methods.

computer science, artificial intelligence

Saad Sajid Hashmi,Nazar Waheed,Gioacchino Tangari,Muhammad Ikram,Stephen Smith

DOI: https://doi.org/10.48550/arXiv.2106.10035

2021-07-28

Abstract:Contemporary mobile applications (apps) are designed to track, use, and share users' data, often without their consent, which results in potential privacy and transparency issues. To investigate whether mobile apps have always been (non-)transparent regarding how they collect information about users, we perform a longitudinal analysis of the historical versions of 268 Android apps. These apps comprise 5,240 app releases or versions between 2008 and 2016. We detect inconsistencies between apps' behaviors and the stated use of data collection in privacy policies to reveal compliance issues. We utilize machine learning techniques for the classification of the privacy policy text to identify the purported practices that collect and/or share users' personal information, such as phone numbers and email addresses. We then uncover the data leaks of an app through static and dynamic analysis. Over time, our results show a steady increase in the number of apps' data collection practices that are undisclosed in the privacy policies. This behavior is particularly troubling since privacy policy is the primary tool for describing the app's privacy protection practices. We find that newer versions of the apps are likely to be more non-compliant than their preceding versions. The discrepancies between the purported and the actual data practices show that privacy policies are often incoherent with the apps' behaviors, thus defying the 'notice and choice' principle when users install apps.

Cryptography and Security

WANG Yin,FAN Ming,TAO Jun-Jie,LEI Jing-Yi,JIN Wu-Xia,HAN De-Qiang,LIU Ting

DOI: https://doi.org/10.13328/j.cnki.jos.007121

2024-01-01

International Journal of Software and Informatics

Abstract:The privacy policy statement of a mobile application serves as a crucial document that must be disclosed to users before collecting their information.However,current privacy policy statements face various issues,such as missing key disclosure items,omitting information collection purposes,and using vague descriptions.With an increasing number of legal provisions,the requirements for privacy policy statements vary,making compliance verification more burdensome.This study proposes a multi-label classification method for mobile application privacy policy statements.This method compares the requirements of four core laws and regulations regarding privacy policy statements,summarizes and organizes 31 categories of core item labels and features.Under this label system,the study designs and implements a classification model for privacy policy statement sentences,which achieves a 94%accuracy rate in item classification.Using this model,compliance verification was conducted in Android applications and mini-program scenarios,revealing issues such as missing items(79%),omitted purposes(63%),and vague descriptions(94%)in privacy policy statements.

Yin Wang,Ming Fan,Junfeng Liu,Junjie Tao,Wuxia Jin,Qi Xiong,Yuhao Liu,Qinghua Zheng,Ting Liu

DOI: https://doi.org/10.48550/arXiv.2302.13860

2023-02-27

Cryptography and Security

Abstract:Mini-app is an emerging form of mobile application that combines web technology with native capabilities. Its features, e.g., no need to download and no installation, have made it popular rapidly. However, privacy issues that violate the laws or regulations are breeding in the swiftly expanding mini-app ecosystem. The consistency between what the mini-app does about the data in the program code and what it declares in its privacy policy description is important. But no work has systematically investigated the privacy problem of the mini-app before. In this paper, to our best knowledge, we are the first to conduct the compliance detection of data practice and policy description in mini-apps. In this paper, we first customize a taint analysis method based on data entity dependency network to adapt to the characteristics of the JavaScript language in the mini-apps. Then, we transform data types and data operations to data practices in program codes and privacy policies, so as to finish a fine-grained consistency matching model.We crawl 100,000 mini-apps on WeChat client in the wild and extract 2,998 with a privacy policy. Among them, only 318 meet the consistency requirements, 2,680 are inconsistent, and the proportion of inconsistencies is as high as 89.4%. The inconsistency in the mini-app is very serious. Based on 6 real-world cases analyzed, in order to reduce this potential data leakage risk, we suggest that the developer should reduce the collection of irrelevant information and the straightforward use of templates, and the platform should provide data flow detection tools and privacy policy writing support.

Tong Wu,Qinbo Liu,Binchang Li,Feng Luo,Weilong Li,Yang Liu

DOI: https://doi.org/10.1109/CSP58884.2023.00015

2023-01-01

Abstract:Leaks of user privacy in the mobile cloud environment have been common in recent years. Common APP stores require apps to have a user privacy policy that complies with applicable laws. Due to the problem of lengthy papers or difficult-to-understand sentences in privacy policies, users frequently skip reading them or fail to comprehend them. Moreover, there may be conflicts between the privacy policy and the actual behaviors. In order to alleviate these problems above, we design a security analysis system that employs natural language processing to detect conflicts between an APP's privacy policy and its actual behaviors. Experimental results show that the analysis accuracy is improved compared with existing methods.

Ming Fan,Jifei Shi,Yin Wang,Le Yu,Xicheng Zhang,Haijun Wang,Wuxia Jin,Ting Liu

DOI: https://doi.org/10.1145/3691620.3695528

2024-01-01

Abstract:Mobile apps often access personal information to meet business needs, raising concerns about privacy breaches. Compliance detection methods are proposed to check for inconsistencies between program code and privacy policies. However, existing methods face challenges with the low efficiency of static data flow analysis tools and often neglect physical data transmission destinations. To address these issues, we propose an automated compliance detection method called GNChecker. It uses an efficient static data flow analysis technique with a segmentation strategy, significantly reducing the search scope and improving efficiency. Additionally, a fine-grained consistency detection framework is proposed by integrating static data flow and dynamic traffic flow results into a unified tuple form, i.e., (information type, transmission address). Evaluation results on 50 popular apps show that GNChecker outperforms state-of-the-art data flow analysis tools. Among 1,134 real-world apps, GNChecker identified 1,410 true non-compliant transmission behaviors in 379 apps, significantly surpassing existing compliance detection tools.

Kaifa Zhao,Xian Zhan,Le Yu,Shiyao Zhou,Hao Zhou,Xiapu Luo,Haoyu Wang,Yepang Liu

2023-09-09

Abstract:The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about investigating regulation requirements for third-party libraries (TPLs). The regulators enacted multiple regulations to regulate the usage of personal information for TPLs (e.g., the "California Consumer Privacy Act" requires businesses clearly notify consumers if they share consumers' data with third parties or not). However, it remains challenging to analyze the legality of TPLs due to three reasons: 1) TPLs are mainly published on public repositoriesinstead of app market (e.g., Google play). The public repositories do not perform privacy compliance analysis for each TPL. 2) TPLs only provide independent functions or function sequences. They cannot run independently, which limits the application of performing dynamic analysis. 3) Since not all the functions of TPLs are related to user privacy, we must locate the functions of TPLs that access/process personal information before performing privacy compliance analysis. To overcome the above challenges, in this paper, we propose an automated system named ATPChecker to analyze whether the Android TPLs meet privacy-related regulations or not. Our findings remind developers to be mindful of TPL usage when developing apps or writing privacy policies to avoid violating regulations.

Software Engineering,Cryptography and Security

Jingyi Lei,Yi Wu,Nan Hu,Junjie Tao,Yin Wang,Haijun Wang,Ming Fan

DOI: https://doi.org/10.1109/issrew63542.2024.00061

2024-01-01

Abstract:The privacy policy of a mobile application is a key document for users to understand how their personal information is handled, but its presentation can be opaque, difficult to access, and require default consent. These issues not only undermine user trust but can also pose legal and compliance risks. In this paper, we propose a method to detect privacy text presentation compliance in mobile applications using dynamic testing techniques. This method aims to identify both the presence and consent-by-default of privacy texts. By extracting UI tree information via a dynamic testing engine, locating the privacy text pages using a heuristic search algorithm, and determining the checkbox states with the help of an image classifier, We collected 1,000 application samples as a dataset and demonstrated a precision rate of 83.6% and a recall rate of 86.6% for display violations. We launched a massive test on Alipay’s real-world application and uncovered 97 issues. The proposed detection method shows advantages in enhancing privacy text presentation compliance.

Shidong Pan,Dawen Zhang,Mark Staples,Zhenchang Xing,Jieshan Chen,Xiwei Xu,James Hoang

2023-09-23

Abstract:Privacy regulations protect and promote the privacy of individuals by requiring mobile apps to provide a privacy policy that explains what personal information is collected and how these apps process this information. However, developers often do not have sufficient legal knowledge to create such privacy policies. Online Automated Privacy Policy Generators (APPGs) can create privacy policies, but their quality and other characteristics can vary. In this paper, we conduct the first large-scale empirical study and comprehensive assessment of APPGs for mobile apps. Specifically, we scrutinize 10 APPGs on multiple dimensions. We further perform the market penetration analysis by collecting 46,472 Android app privacy policies from Google Play, discovering that nearly 20.1% of privacy policies could be generated by existing APPGs. Lastly, we point out that generated policies in our study do not fully comply with GDPR, CCPA, or LGPD. In summary, app developers must carefully select and use the appropriate APPGs with careful consideration to avoid potential pitfalls.

Software Engineering,Cryptography and Security

Fuman Xie,Yanjun Zhang,Chuan Yan,Suwan Li,Lei Bu,Kai Chen,Zi Huang,Guangdong Bai

DOI: https://doi.org/10.1145/3551349.3560416

2022-10-10

Abstract:A large number of functionality-rich and easily accessible applications have become popular among various virtual personal assistant (VPA) services such as Amazon Alexa. VPA applications (or VPA apps for short) are accompanied by a privacy policy document that informs users of their data handling practices. These documents are usually lengthy and complex for users to comprehend, and developers may intentionally or unintentionally fail to comply with them. In this work, we conduct the first systematic study on the privacy policy compliance issue of VPA apps. We develop Skipper, which targets Amazon Alexa skills. It automatically depicts the skill into the declared privacy profile by analyzing their privacy policy documents with Natural Language Processing (NLP) and machine learning techniques, and derives the behavioral privacy profile of the skill through a black-box testing. We conduct a large-scale analysis on all skills listed on Alexa store, and find that a large number of skills suffer from the privacy policy noncompliance issues.

Cheng Chang,Huaxin Li,Yichi Zhang,Suguo Du,Hui Cao,Haojin Zhu

DOI: https://doi.org/10.1007/978-3-030-23597-0_4

2019-01-01

Abstract:Along with the popularity of mobile devices, people share a growing amount of personal data to a variety of mobile applications for personalized services. In most cases, users can learn their data usage from the privacy policy along with the application. However, current privacy policies are always too long and obscure to provide readability and comprehensibility to users. To address this issue, we propose an automated privacy policy extraction system considering users' personal privacy concerns under different contexts. The system is implemented on Android smartphones and evaluated feedbacks from a group of users (n = 96) as a field study. Experiments are conducted on both our dataset, which is the first user privacy concern profile dataset to the best of our knowledge, and a public dataset containing 115 privacy policies with 23K data practices. We achieve 0.94 precision for privacy category classification and 0.81 accuracy for policy segment extraction, which attests to the significance of our work as a direction towards meeting the transparency requirement of the General Data Protection Regulation (GDPR).

Benjamin Andow,Samin Yaseer Mahmud,Wenyu Wang,Justin Whitaker,William Enck,Bradley Reaves,Kapil Singh,Tao Xie

2019-01-01

Abstract:Privacy policies are the primary mechanism by which companies inform users about data collection and sharing practices. To help users better understand these long and complex legal documents, recent research has proposed tools that summarize collection and sharing. However, these tools have a significant oversight: they do not account for contradictions that may occur within an individual policy. In this paper, we present PolicyLint, a privacy policy analysis tool that identifies such contradictions by simultaneously considering negation and varying semantic levels of data objects and entities. To do so, PolicyLint automatically generates ontologies from a large corpus of privacy policies and uses sentence-level natural language processing to capture both positive and negative statements of data collection and sharing. We use PolicyLint to analyze the policies of 11,430 apps and find that 14.2% of these policies contain contradictions that may be indicative of misleading statements. We manually verify 510 contradictions, identifying concerning trends that include the use of misleading presentation, attempted redefinition of common understandings of terms, conflicts in regulatory definitions (e.g., US and EU), and "laundering" of tracking information facilitated by sharing or collecting data that can be used to derive sensitive information. In doing so, PolicyLint significantly advances automated analysis of privacy policies.

Yuxi Ling,Kailong Wang,Guangdong Bai,Haoyu Wang,Jin Song Dong

DOI: https://doi.org/10.1145/3551349.3560436

2022-01-01

Abstract:Browser extensions have emerged as integrated characteristics in modern browsers, with the aim to boost the online browsing experience. Their advantageous position between a user and the Internet endows them with easy access to the user's sensitive data, which has raised mounting privacy concerns from both legislators and extension users. In this work, we propose an end-to-end approach to automatically diagnosing the privacy compliance violations among extensions. It analyzes the compliance of privacy policy versus regulation requirements and their actual privacy-related practices during runtime. This approach can serve the extension users, developers and store operators as an efficient and practical detection mechanism for privacy compliance violations. Our approach utilizes the state-of-the-art language processing model BERT for annotating the policy texts, and a hybrid technique to analyze an extension's source code and runtime behavior. To facilitate the model training, we construct a corpus named PrivAud-100 which contains 100 manually annotated privacy policies. Our large-scale diagnostic evaluation reveals that the vast majority of existing extensions suffer from privacy non-compliance issues. Around 92% of them have at least one violation of either their privacy policies or data collection practices. Based on our findings, we further propose an index to facilitate the filtering and identification of privacy-incompliant extensions with high accuracy (over 90%). Our work should raise the awareness of extension users, service providers, and platform operators, and encourage them to implement solutions toward better privacy compliance. To facilitate future research in this area, we have released our dataset, corpus and analyzer.

Ming Fan,Le Yu,Sen Chen,Hao Zhou,Xiapu Luo,Shuyue Li,Yang Liu,Jun Liu,Ting Liu

DOI: https://doi.org/10.1109/issre5003.2020.00032

2020-01-01

Abstract:The purpose of the General Data Protection Regulation (GDPR) is to provide improved privacy protection. If an app controls personal data from users, it needs to be compliant with GDPR. However, GDPR lists general rules rather than exact step-by-step guidelines about how to develop an app that fulfills the requirements. Therefore, there may exist GDPR compliance violations in existing apps, which would pose severe privacy threats to app users. In this paper, we take mobile health applications (mHealth apps) as a peephole to examine the status quo of GDPR compliance in Android apps. We first propose an automated system, named HPDROID, to bridge the semantic gap between the general rules of GDPR and the app implementations by identifying the data practices declared in the app privacy policy and the data relevant behaviors in the app code. Then, based on HPDROID, we detect three kinds of GDPR compliance violations, including the incompleteness of privacy policy, the inconsistency of data collections, and the insecurity of data transmission. We perform an empirical evaluation of 796 mHealth apps. The results reveal that 189 (23.7%) of them do not provide complete privacy policies. Moreover, 59 apps collect sensitive data through different measures, but 46 (77.9%) of them contain at least one inconsistent collection behavior. Even worse, among the 59 apps, only 8 apps try to ensure the transmission security of collected data. However, all of them contain at least one encryption or SSL misuse. Our work exposes severe privacy issues to raise awareness of privacy protection for app users and developers.