NDSS 2017: Automated Analysis of Privacy Requirements for Mobile Apps





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Apr 26, 2017

Video taken during the Network and Distributed System Security (NDSS) Symposium 2017, held February 26 through March 1, 2017, at Catamaran Resort Hotel & Spa in San Diego, California.

Automated Analysis of Privacy Requirements for Mobile Apps

Mobile apps have to satisfy various privacy requirements. Notably, app publishers are often obligated to provide a privacy policy and notify users of their apps privacy practices. But how can a user tell whether an app behaves as its policy promises? In this study we introduce a scalable system to help analyze and predict Android apps compliance with privacy requirements. We discuss how we customized our system in a collaboration with the California Office of the Attorney General. Beyond its use by regulators and activists our system is also meant to assist app publishers and app store owners in their internal assessments of privacy requirement compliance.
Our analysis of 17,991 free Android apps shows the viability of combining machine learning-based privacy policy analysis with static code analysis of apps. Results suggest that 71% of apps that lack a privacy policy should have one. Also, for 9,050 apps that have a policy, we find many instances of potential inconsistencies between what the app policy seems to state and what the code of the app appears to do. In particular, as many as 41% of these apps could be collecting location information and 17% could be sharing such with third parties without disclosing so in their policies. Overall, each app exhibits a mean of 1.83 potential privacy requirement inconsistencies.

Authors: Sebastian Zimmeck (Carnegie Mellon University), Ziqi Wang (Carnegie Mellon University), Lieyong Zou (Carnegie Mellon University), Roger Iyengar (Washington Univ. in St. Louis), Bin Liu (Carnegie Mellon University), Florian Shaub (University of Michigan), Shomir Wilson (University of Cincinnati), Norman Sadeh (Carnegie Mellon University), Steven M. Bellovin (Columbia University), Joel Reidenberg (Fordham University)


to add this to Watch Later

Add to

Loading playlists...