Privacy Consistency Analyzer for Android Applications

Recent studies show that many Android applications either do not have a privacy policy in place or there are some inconsistencies between their application and the corresponding privacy policies. In this paper, we propose a new Privacy Consistency framework and its tool-support which aims to detect the inconsistencies between the Android applications and their privacy policies. We have evaluated our framework on 54 Android applications and have identified several mismatches and inconsistencies. Our Privacy Consistency framework serves as the first step towards a better understanding of permissions and the risks associated with them.

[1]  Ram Krishnan,et al.  PVDetector: A Detector of Privacy-Policy Violations for Android Apps , 2016, 2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft).

[2]  Ram Krishnan,et al.  Toward a Framework for Detecting Privacy Policy Violations in Android Application Code , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[3]  Hella Kaffel Ben Ayed,et al.  Assessment for Android apps permissions a proactive approach toward privacy risk , 2017, 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC).

[4]  Steven M. Bellovin,et al.  Privee: An Architecture for Automatically Analyzing Web Privacy Policies , 2014, USENIX Security Symposium.

[5]  Bin Liu,et al.  Automated Analysis of Privacy Requirements for Mobile Apps , 2016, NDSS.

[6]  Ashwini Rao,et al.  Eddy, a formal language for specifying and analyzing data flow specifications for conflicting privacy requirements , 2014, Requirements Engineering.

[7]  Sepideh Ghanavati,et al.  Toward an Approach to Privacy Notices in IoT , 2017, 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW).

[8]  Bashar Nuseibeh,et al.  PrimAndroid: Privacy Policy Modelling and Analysis for Android Applications , 2011, 2011 IEEE International Symposium on Policies for Distributed Systems and Networks.

[9]  Mohammed M. Alani Android Users Privacy Awareness Survey , 2017, Int. J. Interact. Mob. Technol..

[10]  Romain Laborde,et al.  Demonstration of KAPUER: A privacy policy manager on Android , 2016, 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC).