Toward a Framework for Detecting Privacy Policy Violations in Android Application Code
| Title | Toward a Framework for Detecting Privacy Policy Violations in Android Application Code |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Slavin, Rocky, Wang, Xiaoyin, Hosseini, Mitra Bokaei, Hester, James, Krishnan, Ram, Bhatia, Jaspreet, Breaux, Travis D., Niu, Jianwei |
| Conference Name | Proceedings of the 38th International Conference on Software Engineering |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-3900-1 |
| Keywords | Android applications, Human Behavior, Privacy Policies, pubcrawl, Scalability, Violation Detection |
| Abstract | Mobile applications frequently access sensitive personal information to meet user or business requirements. Because such information is sensitive in general, regulators increasingly require mobile-app developers to publish privacy policies that describe what information is collected. Furthermore, regulators have fined companies when these policies are inconsistent with the actual data practices of mobile apps. To help mobile-app developers check their privacy policies against their apps' code for consistency, we propose a semi-automated framework that consists of a policy terminology-API method map that links policy phrases to API methods that produce sensitive information, and information flow analysis to detect misalignments. We present an implementation of our framework based on a privacy-policy-phrase ontology and a collection of mappings from API methods to policy phrases. Our empirical evaluation on 477 top Android apps discovered 341 potential privacy policy violations. |
| URL | http://doi.acm.org/10.1145/2884781.2884855 |
| DOI | 10.1145/2884781.2884855 |
| Citation Key | slavin_toward_2016 |