Visible to the public Toward a framework for detecting privacy policy violations in android application codeConflict Detection Enabled

TitleToward a framework for detecting privacy policy violations in android application code
Publication TypeConference Proceedings
Year of Publication2016
AuthorsRocky Slavin, Xiaoyin Wang, Mitra Bokaei Hosseini, James Hester, Ram Krishnan, Jaspreet Bhatia, Travis Breaux, Jianwei Niu
Conference NameICSE '16 Proceedings of the 38th International Conference on Software Engineering
Date Published05/2016
PublisherACM New York, NY, USA ©2016
Conference LocationAustin, TX
ISBN Number978-1-4503-3900-1
KeywordsAndroid applications, CMU, July'16, Privacy Policies, Violation Detection

Mobile applications frequently access sensitive personal information to meet user or business requirements. Because such information is sensitive in general, regulators increasingly require mobile-app developers to publish privacy policies that describe what information is collected. Furthermore, regulators have fined companies when these policies are inconsistent with the actual data practices of mobile apps. To help mobile-app developers check their privacy policies against their apps' code for consistency, we propose a semi-automated framework that consists of a policy terminology-API method map that links policy phrases to API methods that produce sensitive information, and information flow analysis to detect misalignments. We present an implementation of our framework based on a privacy-policy-phrase ontology and a collection of mappings from API methods to policy phrases. Our empirical evaluation on 477 top Android apps discovered 341 potential privacy policy violations.

Citation Keynode-30329

Other available formats:

Slavin_Toward_Framework_TB.pdfPDF document5.31 MBDownloadPreview