AutoPPG: Towards automatic generation of privacy policy for android applications

Le Yu; Tao Zhang; Xiapu Luo; Lei Xue

doi:10.1145/2808117.2808125

AutoPPG: Towards automatic generation of privacy policy for android applications

Le Yu, Tao Zhang, Xiapu Luo, Lei Xue

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

42 Citations (Scopus)

Abstract

A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. How- ever, writing privacy policy is tedious and error-prone, be- cause the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel sys- tem named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to char- acterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates cor- rect and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.

Original language	English
Title of host publication	SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with
Subtitle of host publication	CCS 2015
Publisher	Association for Computing Machinery, Inc
Pages	39-50
Number of pages	12
ISBN (Electronic)	9781450338196
DOIs	https://doi.org/10.1145/2808117.2808125
Publication status	Published - 12 Oct 2015
Event	5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015 - Denver, United States Duration: 12 Oct 2015 → …

Conference

Conference	5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015
Country/Territory	United States
City	Denver
Period	12/10/15 → …

Keywords

Document generation
Information extraction
Mobile applications
Privacy policy
Program analysis

ASJC Scopus subject areas

Software
Computer Networks and Communications
Information Systems
Human-Computer Interaction

More information

10.1145/2808117.2808125

Cite this

@inproceedings{0c1c3a1afcf34204840f1660d31b407c,

title = "AutoPPG: Towards automatic generation of privacy policy for android applications",

abstract = "A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. How- ever, writing privacy policy is tedious and error-prone, be- cause the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel sys- tem named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to char- acterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates cor- rect and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.",

keywords = "Document generation, Information extraction, Mobile applications, Privacy policy, Program analysis",

author = "Le Yu and Tao Zhang and Xiapu Luo and Lei Xue",

year = "2015",

month = oct,

day = "12",

doi = "10.1145/2808117.2808125",

language = "English",

pages = "39--50",

booktitle = "SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with",

publisher = "Association for Computing Machinery, Inc",

note = "5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015 ; Conference date: 12-10-2015",

}

Yu, L, Zhang, T, Luo, X & Xue, L 2015, AutoPPG: Towards automatic generation of privacy policy for android applications. in SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with: CCS 2015. Association for Computing Machinery, Inc, pp. 39-50, 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015, Denver, United States, 12/10/15. https://doi.org/10.1145/2808117.2808125

AutoPPG: Towards automatic generation of privacy policy for android applications. / Yu, Le; Zhang, Tao; Luo, Xiapu et al.
SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with: CCS 2015. Association for Computing Machinery, Inc, 2015. p. 39-50.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - AutoPPG: Towards automatic generation of privacy policy for android applications

AU - Yu, Le

AU - Zhang, Tao

AU - Luo, Xiapu

AU - Xue, Lei

PY - 2015/10/12

Y1 - 2015/10/12

N2 - A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. How- ever, writing privacy policy is tedious and error-prone, be- cause the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel sys- tem named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to char- acterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates cor- rect and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.

AB - A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. How- ever, writing privacy policy is tedious and error-prone, be- cause the author may not well understand the source code, which could be written by others (e.g., outsourcing), or does not know the internals of third-party libraries without source codes. In this paper, we propose and develop a novel sys- tem named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts various static code analyses to char- acterize its behaviors related to users' private information and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: (1) AutoPPG creates cor- rect and easy-to-understand descriptions for privacy policies; and (2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' private information than existing privacy policies.

KW - Document generation

KW - Information extraction

KW - Mobile applications

KW - Privacy policy

KW - Program analysis

UR - http://www.scopus.com/inward/record.url?scp=84955498728&partnerID=8YFLogxK

U2 - 10.1145/2808117.2808125

DO - 10.1145/2808117.2808125

M3 - Conference article published in proceeding or book

SP - 39

EP - 50

BT - SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with

PB - Association for Computing Machinery, Inc

T2 - 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, SPSM 2015

Y2 - 12 October 2015

ER -

AutoPPG: Towards automatic generation of privacy policy for android applications

Abstract

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this