PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps

Various privacy laws require mobile apps to have privacy policies. Questionnaire-based policy generators are intended to help developers with the task of policy creation. However, generated policies depend on the generators’ designs as well as developers’ abilities to correctly answer privacy questions on their apps. In this study we show that policies generated with popular policy generators are often not reflective of apps’ privacy practices. We believe that policy generation can be improved by supplementing the questionnaire-based approach with code analysis. We design and implement PrivacyFlash Pro, a privacy policy generator for iOS apps that leverages static analysis. PrivacyFlash Pro identifies code signatures — composed of Plist permission strings, framework imports, class instantiations, authorization methods, and other evidence — that are mapped to privacy practices expressed in privacy policies. Resources from package managers are used to identify libraries. We tested PrivacyFlash Pro in a usability study with 40 iOS app developers and received promising results both in terms of reliably identifying apps’ privacy practices as well as on its usability. We measured an F-1 score of 0.95 for identifying permission uses. 24 of 40 developers rated PrivacyFlash Pro with at least 9 points on a scale of 0 to 10 for a Net Promoter Score of 42.5. The mean System Usability Score of 83.4 is close to excellent. We provide PrivacyFlash Pro as an open source project to the iOS developer community. In principle, our approach is platformagnostic and adaptable to the Android and web platforms as well. To increase privacy transparency and reduce compliance issues we make the case for privacy policies as software development artifacts. Privacy policy creation should become a native extension of the software development process and adhere to the mental model of software developers.

[1]  Mark Rowan,et al.  Encouraging privacy by design concepts with privacy policy auto-generation in eclipse (page) , 2014, ETX.

[2]  Rawan Baalous,et al.  How Dangerous Permissions are Described in Android Apps' Privacy Policies? , 2018, SIN.

[3]  Christopher Krügel,et al.  PiOS: Detecting Privacy Leaks in iOS Applications , 2011, NDSS.

[4]  Philip T. Kortum,et al.  Determining what individual SUS scores mean: adding an adjective rating scale , 2009 .

[5]  Jason I. Hong,et al.  Does this App Really Need My Location? , 2017, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[6]  Daniela Yidan Miao,et al.  PrivacyInformer : an automated privacy description generator for the MIT App Inventor , 2014 .

[7]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[8]  Yu Hu,et al.  Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps , 2018, HotMobile.

[9]  Tao Zhang,et al.  AutoPPG: Towards Automatic Generation of Privacy Policy for Android Applications , 2015, SPSM@CCS.

[10]  Patrick Traynor,et al.  Regulators, Mount Up! Analysis of Privacy Policies for Mobile Money Services , 2017, SOUPS.

[11]  Lorrie Faith Cranor,et al.  Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice , 2012, J. Telecommun. High Technol. Law.

[12]  Wendy E. Mackay,et al.  Can apps play by the COPPA Rules? , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[13]  Jeff Sauro,et al.  When designing usability questionnaires, does it hurt to be positive? , 2011, CHI.

[14]  Armando Solar-Lezama,et al.  A language for automatically enforcing privacy policies , 2012, POPL '12.

[15]  Weider D. Yu,et al.  PPMLP: A Special Modeling Language Processor for Privacy Policies , 2007, 2007 12th IEEE Symposium on Computers and Communications.

[16]  Kang G. Shin,et al.  Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning , 2018, USENIX Security Symposium.

[17]  Heather Richter Lipford,et al.  Increasing User Attention with a Comic-based Policy , 2018, CHI.

[18]  Narseo Vallina-Rodriguez,et al.  50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System , 2019, USENIX Security Symposium.

[19]  Steven M. Bellovin,et al.  Privee: An Architecture for Automatically Analyzing Web Privacy Policies , 2014, USENIX Security Symposium.

[20]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[21]  Kassem Fawaz,et al.  The Privacy Policy Landscape After the GDPR , 2018, Proc. Priv. Enhancing Technol..

[22]  Florian Schaub,et al.  "We Can't Live Without Them!" App Developers' Adoption of Ad Networks and Their Considerations of Consumer Risks , 2019, SOUPS @ USENIX Security Symposium.

[23]  Blase Ur,et al.  A Large-Scale Evaluation of U.S. Financial Institutions’ Standardized Privacy Notices , 2016 .

[24]  S. Shyam Sundar,et al.  Make it Simple, or Force Users to Read?: Paraphrased Design Improves Comprehension of End User License Agreements , 2016, CHI.

[25]  Toru Nakamura,et al.  I Read but Don't Agree: Privacy Policy Benchmarking using Machine Learning and the EU GDPR , 2018, WWW.

[26]  Timothy Libert,et al.  An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies , 2018, WWW.

[27]  Michael Backes,et al.  A Stitch in Time: Supporting Android Developers in WritingSecure Code , 2017, CCS.

[28]  Fanglin Chen,et al.  PrivacyStreams , 2017, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[29]  Noah A. Smith,et al.  Unsupervised Alignment of Privacy Policies using Hidden Markov Models , 2014, ACL.

[30]  William Enck,et al.  Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck , 2020, USENIX Security Symposium.

[31]  Tianshi Li,et al.  Coconut: An IDE Plugin for Developing Privacy-Friendly Apps , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[32]  Yuan Zhang,et al.  Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps , 2018, NDSS.

[33]  Lorrie Faith Cranor,et al.  The Privacy and Security Behaviors of Smartphone App Developers , 2014 .

[34]  Tao Zhang,et al.  Can We Trust the Privacy Policies of Android Apps? , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[35]  Norman M. Sadeh,et al.  Identifying the Provision of Choices in Privacy Policy Text , 2017, EMNLP.

[36]  Ameya Sanzgiri,et al.  Notify Assist: Balancing Privacy and Convenience in Delivery of Notifications on Android Smartphones , 2017, WPES@CCS.

[37]  Xin Chen,et al.  SweetDroid: Toward a Context-Sensitive Privacy Policy Enforcement Framework for Android OS , 2017, WPES@CCS.

[38]  Norman M. Sadeh,et al.  MAPS: Scaling Privacy Compliance Analysis to a Million Apps , 2019, Proc. Priv. Enhancing Technol..

[39]  Erik Derr,et al.  The Rise of the Citizen Developer: Assessing the Security Impact of Online App Generators , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[40]  Ram Krishnan,et al.  Toward a Framework for Detecting Privacy Policy Violations in Android Application Code , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[41]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[42]  Zhuoqing Morley Mao,et al.  AppProfiler: a flexible method of exposing privacy-related behavior in android applications to end users , 2013, CODASPY.

[43]  Martin Degeling,et al.  (Un)informed Consent: Studying GDPR Consent Notices in the Field , 2019, CCS.

[44]  Michael Backes,et al.  Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[45]  Tao Xie,et al.  PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play , 2019, USENIX Security Symposium.

[46]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[47]  Frederick Liu,et al.  Towards Automatic Classification of Privacy Policy Text , 2017 .

[48]  Jacques Klein,et al.  I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis , 2014, ArXiv.

[49]  Bin Liu,et al.  Automated Analysis of Privacy Requirements for Mobile Apps , 2016, NDSS.

[50]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[51]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[52]  Xiaoyin Wang,et al.  GUILeak : Identifying Privacy Practices on GUI-Based Data , 2017 .

[53]  Mu Zhang,et al.  Towards Automatic Generation of Security-Centric Descriptions for Android Apps , 2015, CCS.

[54]  Lorrie Faith Cranor,et al.  The Impact of Timing on the Salience of Smartphone App Privacy Notices , 2015, SPSM@CCS.

[55]  Mitsuaki Akiyama,et al.  Understanding the Inconsistencies between Text Descriptions and the Use of Privacy-sensitive Resources of Mobile Apps , 2015, SOUPS.

[56]  Yi Ping Sun Investigating the Effectiveness of Android Privacy Policies , 2018 .

[57]  Michael Backes,et al.  You Get Where You're Looking for: The Impact of Information Sources on Code Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[58]  Karola Marky,et al.  Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users , 2019, Proceedings 2019 Workshop on Usable Security.