@inbook{494d8c0c71f14527a84d71f0228abf7c,
title = "Automated Analysis of Privacy Requirements for Mobile Apps",
abstract = "Mobile apps have to satisfy various privacy requirements. App publishers are often obligated to provide a privacy pol-icy and notify users of their apps' privacy practices. But how can we tell whether an app behaves as its policy promises? In this study we introduce a scalable system to help analyze and predict Android apps' compliance with privacy requirements. Our system is not only intended for regulators and privacy ac-tivists, but also meant to assist app publishers and app store owners in their internal assessments of privacy requirement compliance. Our analysis of 17,991 free apps shows the viability of com-bining machine learning-based privacy policy analysis with static code analysis of apps. Results suggest that 71\% of apps that lack a privacy policy should have one. Also, for 9,050 apps that have a policy, we find many instances of potential inconsistencies between what the app policy seems to state and what the code of the app appears to do. Our results sug-gest that as many as 41\% of these apps could be collecting lo-cation information and 17\% could be sharing such with third parties without disclosing so in their policies. Overall, it ap-pears that each app exhibits a mean of 1.83 inconsistencies.",
author = "Sebastian Zimmeck and Ziqi Wang and Lieyong Zou and Roger Iyengar and Bin Liu and Florian Schaub and Shomir Wilson and Norman Sadeh and Bellovin, \{Steven M.\} and Joel Reidenberg",
year = "2017",
doi = "10.14722/ndss.2017.23034",
language = "English (US)",
isbn = "1-891562-46-0",
series = "Proceedings 2017 Network and Distributed System Security Symposium",
publisher = "Korea Society of Internet Information",
booktitle = "Proceedings 2017 Network and Distributed System Security Symposium",
address = "Korea, Republic of",
}