Authors : Le Yu , Tao Zhang , Xiapu Luo , Lei Xue , Henry Chang Authors Info & Claims
Pages 865 - 880 Published : 01 April 2017 Publication History 17 citation 0 Downloads Total Citations 17 Total Downloads 0 Last 12 Months 0 Last 6 weeks 0 Get Citation AlertsThis alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
A privacy policy is a statement informing users how their information will be collected, used, and disclosed. Failing to provide a correct privacy policy may result in a fine. However, writing privacy policy is tedious and error-prone, because the author may not understand the source code well as it could have been written by others (e.g., outsourcing), or the author does not know the internal working of third-party libraries used. In this paper, we propose and develop a novel system named AutoPPG to automatically construct correct and readable descriptions to facilitate the generation of privacy policy for Android applications (i.e., apps). Given an app, AutoPPG first conducts static code analysis to characterize its behaviors related to users' personal information, and then applies natural language processing techniques to generating correct and accessible sentences for describing these behaviors. The experimental results using real apps and crowdsourcing indicate that: 1) AutoPPG creates correct and easy-to-understand descriptions for privacy policies; 2) the privacy policies constructed by AutoPPG usually reveal more operations related to users' personal information than existing privacy policies; and 3) most developers, who reply us, would like to use AutoPPG to facilitate them.
M. Nauman, S. Khan, and X. Zhang, “ Apex: Extending Android permission model and enforcement with user-defined runtime constraints,” in Proc. ASIACCS, 2010, pp. 328–332.
