Litcius/Paper detail

On the (Un)Reliability of Privacy Policies in Android Apps

Luca Verderame, Davide Caputo, Andrea Romdhana, Alessio Merlo

2020CINECA IRIS Institutial Research Information System (University of Genoa)39 citationsDOIOpen Access PDF

Abstract

The access to privacy-sensitive information on Android is a growing concern in the mobile community. Albeit Google Play recently introduced some privacy guidelines, it is still an open problem to soundly verify whether apps actually comply with such rules. To this aim, in this paper, we discuss a novel methodology based on a fruitful combination of static analysis, dynamic analysis, and machine learning techniques, which allows assessing such compliance. More in detail, our methodology checks whether each app i) contains a privacy policy that complies with the Google Play privacy guidelines, and ii) accesses privacy-sensitive information only upon the acceptance of the policy by the user. Furthermore, the methodology also allows checking the compliance of third-party libraries embedded in the apps w.r.t. the same privacy guidelines.We implemented our methodology in a tool, 3PDroid, and we carried out an assessment on a set of recent and most-downloaded Android apps in the Google Play Store. Experimental results suggest that more than 95% of apps access user's privacy-sensitive information, but just a negligible subset of them (≈ 1%) fully complies with the Google Play privacy guidelines.

Topics & Concepts

Android (operating system)Computer sciencePrivacy policyInternet privacyInformation privacyMobile appsInformation sensitivityComputer securityWorld Wide WebOperating systemAdvanced Malware Detection TechniquesPrivacy, Security, and Data ProtectionGreen IT and Sustainability