Automated Analysis of Privacy Requirements for Mobile Apps

Zimmeck, Sebastian; Wang, Ziqi; Zou, Lieyong; Iyengar, Roger; Liu, Bin; Schaub, Florian; Wilson, Shomir; Sadeh, Norman; Bellovin, Steven M.; Reidenberg, Joël R.

doi:10.14722/ndss.2017.23034

Cited by 137 publications

(118 citation statements)

References 23 publications

Supporting

Mentioning

112

Contrasting

Unclassified

Order By: Relevance

“…However, several studies have performed privacy analyses of smaller numbers of apps. Zimmeck et al [67] previously analyzed potential compliance issues for a set of 17,991 apps. Wang et al [61] analyzed 80 health and finance apps for compliance with their privacy policies, detecting 20 "strong" and 10 "weak" violations.…”

Section: Privacy Surveysmentioning

confidence: 99%

MAPS: Scaling Privacy Compliance Analysis to a Million Apps

Zimmeck

Story

Smullen

et al. 2019

Proceedings on Privacy Enhancing Technologies

Self Cite

132

159

View full text Add to dashboard Cite

The app economy is largely reliant on data collection as its primary revenue model. To comply with legal requirements, app developers are often obligated to notify users of their privacy practices in privacy policies. However, prior research has suggested that many developers are not accurately disclosing their apps’ privacy practices. Evaluating discrepancies between apps’ code and privacy policies enables the identification of potential compliance issues. In this study, we introduce the Mobile App Privacy System (MAPS) for conducting an extensive privacy census of Android apps. We designed a pipeline for retrieving and analyzing large app populations based on code analysis and machine learning techniques. In its first application, we conduct a privacy evaluation for a set of 1,035,853 Android apps from the Google Play Store. We find broad evidence of potential non-compliance. Many apps do not have a privacy policy to begin with. Policies that do exist are often silent on the practices performed by apps. For example, 12.1% of apps have at least one location-related potential compliance issue. We hope that our extensive analysis will motivate app stores, government regulators, and app developers to more effectively review apps for potential compliance issues.

show abstract

Section: Privacy Surveysmentioning

confidence: 99%

MAPS: Scaling Privacy Compliance Analysis to a Million Apps

Zimmeck

Story

Smullen

et al. 2019

Proceedings on Privacy Enhancing Technologies

Self Cite

132

159

View full text Add to dashboard Cite

show abstract

“…A large-scale analysis of 18 000 popular free apps available on the Google Play Store recently highlighted that ~50% were missing a privacy policy, despite ~70% processing personally identifiable information,22 synonymous with the 63.2% and 68.4% observed respectively in this study. Additionally, just 36.8% of apps with a data privacy policy in this study stated that no user data would be shared without explicit user consent, a finding also synonymous with existing estimates of 17%19 to 50% 23.…”

Section: Discussionmentioning

confidence: 59%

Effective? Engaging? Secure? Applying the ORCHA-24 framework to evaluate apps for chronic insomnia disorder

Leigh¹,

Ouyang

Mimnagh³

2017

Evid Based Mental Health

View full text Add to dashboard Cite

show abstract

“…Zimmeck et al propose to combine machine learning and static analysis technique to detect incomplete privacy policy and incorrect privacy policy [90]. Other three kinds of issues detected by PPChecker are not considered by their system (i.e., imprecise privacy policy, inconsistent privacy policy, and unfriendly privacy policy).…”

Section: Analysis Of Android Apps' Privacy Policiesmentioning

confidence: 99%

PPChecker: Towards Accessing the Trustworthiness of Android Apps’ Privacy Policies

Wang

Chen

et al. 2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Recent years have witnessed a sharp increase of malicious apps that steal users' personal information. To address users' concerns about privacy risks and to comply with data protection laws, more and more apps are supplied with privacy policies written in natural language to help users understand an app's privacy practices. However, little is known whether these privacy policies are trustworthy or not. Questionable privacy policies may be prepared by careless app developers or someone with malicious intention. In this paper, we carry out a systematic study on privacy policy by proposing a novel approach to automatically identify five kinds of problems in privacy policy. After tackling several challenging issues, we implement the approach in a system, named PPChecker, and evaluate it with real apps and their privacy policies. The experimental results show that PPChecker can effectively identify questionable privacy policies with high precision. Applying PPChecker to 2,500 popular apps, we find that 1,850 apps (i.e., 74.0%) have at least one kind of problems. This study sheds light on the research of improving and regulating apps' privacy policies.

show abstract

Automated Analysis of Privacy Requirements for Mobile Apps

Cited by 137 publications

References 23 publications

MAPS: Scaling Privacy Compliance Analysis to a Million Apps

MAPS: Scaling Privacy Compliance Analysis to a Million Apps

Effective? Engaging? Secure? Applying the ORCHA-24 framework to evaluate apps for chronic insomnia disorder

PPChecker: Towards Accessing the Trustworthiness of Android Apps’ Privacy Policies

Contact Info

Product

Resources

About