Can we trust the privacy policies of android apps?

Le Yu, Xiapu Luo, Xule Liu, Tao Zhang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

24 Citations (Scopus)

Abstract

Recent years have witnessed the sharp increase of malicious apps that steal users' personal information. To address users' concerns about privacy risks, more and more apps are accompanied with privacy policies written in natural language because it is difficult for users to infer an app's behaviors according to the required permissions. However, little is known whether these privacy policies are trustworthy or not. It is worth noting that a questionable privacy policy may result from careless preparation by an app developer or intentional deception by an attacker. In this paper, we conduct the first systematic study on privacy policy by proposing a novel approach to automatically identify three kinds of problems in privacy policy. After tackling several challenging issues, we realize our approach in a system, named PPChecker, and evaluate it with real apps and privacy policies. The experimental results show that PPChecker can effectively identify questionable privacy policies with high precision. Moreover, applying PPChecker to 1,197 popular apps, we found that 282 apps (i.e., 23.6%) have at least one kind of problems. This study sheds light on the research of improving and regulating apps' privacy policies.
Original languageEnglish
Title of host publicationProceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
PublisherIEEE
Pages538-549
Number of pages12
ISBN (Electronic)9781467388917
DOIs
Publication statusPublished - 29 Sep 2016
Event46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 - Toulouse, France
Duration: 28 Jun 20161 Jul 2016

Conference

Conference46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
Country/TerritoryFrance
CityToulouse
Period28/06/161/07/16

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this