Toward Automatically Generating Privacy Policy for Android Apps

Le Yu, Tao Zhang, Xiapu Luo, Lei Xue, Henry Chang

Research output: Journal article publicationJournal articleAcademic researchpeer-review

12 Citations (Scopus)

Abstract

A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. However, writing privacy policy is tedious and error-prone, because the author may not understand the source code well as it could have been written by others (e.g., outsourcing), or the author does not know the internal working of third-party libraries used. In this paper, we propose and develop a novel system named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts static code analysis to characterize its behaviors related to users' personal information, and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: 1) AutoPPG creates correct and easy-to-understand descriptions for privacy policies; 2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' personal information than existing privacy policies; and 3) most developers, who reply us, would like to use AutoPPG to facilitate them.
Original languageEnglish
Article number7782398
Pages (from-to)865-880
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume12
Issue number4
DOIs
Publication statusPublished - 1 Apr 2017

Keywords

  • Mobile applications
  • natural language processing
  • privacy policy
  • static code analysis

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this