AutoPPG: Towards automatic generation of privacy policy for android applications

Le Yu, Tao Zhang, Xiapu Luo, Lei Xue

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

23 Citations (Scopus)

Abstract

A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. How- ever, writing privacy policy is tedious and error-prone, be- cause the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel sys- tem named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to char- acterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates cor- rect and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.
Original languageEnglish
Title of host publicationSPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with
Subtitle of host publicationCCS 2015
PublisherAssociation for Computing Machinery, Inc
Pages39-50
Number of pages12
ISBN (Electronic)9781450338196
DOIs
Publication statusPublished - 12 Oct 2015
Event5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015 - Denver, United States
Duration: 12 Oct 2015 → …

Conference

Conference5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015
Country/TerritoryUnited States
CityDenver
Period12/10/15 → …

Keywords

  • Document generation
  • Information extraction
  • Mobile applications
  • Privacy policy
  • Program analysis

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Information Systems
  • Human-Computer Interaction

Cite this