Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps

01/29/2023
by   Kaifa Zhao, et al.
0

The privacy of personal information has received significant attention in mobile software. Although previous researchers have designed some methods to identify the conflict between app behavior and privacy policies, little is known about investigating regulation requirements for third-party libraries (TPLs). The regulators enacted multiple regulations to regulate the usage of personal information for TPLs (e.g., the "California Consumer Privacy Act" requires businesses clearly notify consumers if they share consumers' data with third parties or not). However, it remains challenging to analyze the legality of TPLs due to three reasons: 1) TPLs are mainly published on public repositoriesinstead of app market (e.g., Google play). The public repositories do not perform privacy compliance analysis for each TPL. 2) TPLs only provide independent functions or function sequences. They cannot run independently, which limits the application of performing dynamic analysis. 3) Since not all the functions of TPLs are related to user privacy, we must locate the functions of TPLs that access/process personal information before performing privacy compliance analysis. To overcome the above challenges, in this paper, we propose an automated system named ATPChecker to analyze whether the Android TPLs meet privacy-related regulations or not. Our findings remind developers to be mindful of TPL usage when developing apps or writing privacy policies to avoid violating regulations

READ FULL TEXT
research
04/03/2023

Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) provides California residents...
research
04/18/2020

On the (Un)Reliability of Privacy Policies in Android Apps

Access to privacy-sensitive information on Android is a growing concern ...
research
05/05/2023

A Large-scale Empirical Study of Online Automated Privacy Policy Generators for Mobile Apps

Mobile phones and apps have become a ubiquitous part of digital life. Th...
research
03/12/2021

Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications

The General Data Protection Regulation (GDPR) aims to ensure that all pe...
research
08/29/2022

NL2GDPR: Automatically Develop GDPR Compliant Android Application Features from Natural Language

The recent privacy leakage incidences and the more strict policy regulat...
research
02/19/2020

Caveats in Eliciting Mobile App Requirements

Factors such as app stores or platform choices heavily affect functional...
research
06/04/2021

You can't always get what you want: towards user-controlled privacy on Android

Mobile applications (hereafter, apps) collect a plethora of information ...

Please sign up or login with your details

Forgot password? Click here to reset