With the rapid development of mobile internet and the increasing number of smartphone users, various applications have become easily accessible. Although most mobile applications publish corresponding privacy policies before being re-leased on app markets, there persists a critical issue of inconsistency between declared privacy policies and actual application behaviors, leading to user privacy breaches. This makes the detection and analysis of privacy leakage behaviors in Android applications and their third-party libraries an urgent research challenge. Natural Language Processing (NLP), which focuses on enabling effective human-machine interaction through natural language, proves particularly suitable for analyzing decompiled Android bytecode as an inspection medium. By employing NLP-based semantic analysis for static code examination, this research addresses privacy leakage detection in Android applications. This paper presents an NLP-based system for detecting consistency between application privacy policies and behaviors. The system utilizes NLP techniques to extract and process privacy-related declarations from policy documents and sensitive behaviors from applications. Through static analysis, it distinguishes actual sensitive behaviors and private data handling between core applications and third-party libraries. The system establishes a correlation model by mapping permission requirements with privacy information disclosures, ultimately achieving consistency verification. For experimental validation, we selected 100 Chinese mobile applications and their third-party libraries. Experimental results reveal that approximately 80% of applications exhibited inconsistencies between documented policies and actual behaviors (including third-party components).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

NLP-Based Detecting Privacy Policy and Behavior Inconsistencies in Android Apps

  • Cheng Yu,
  • Xinyu Yuan,
  • Xin Tian,
  • Xiangyu Wan

摘要

With the rapid development of mobile internet and the increasing number of smartphone users, various applications have become easily accessible. Although most mobile applications publish corresponding privacy policies before being re-leased on app markets, there persists a critical issue of inconsistency between declared privacy policies and actual application behaviors, leading to user privacy breaches. This makes the detection and analysis of privacy leakage behaviors in Android applications and their third-party libraries an urgent research challenge. Natural Language Processing (NLP), which focuses on enabling effective human-machine interaction through natural language, proves particularly suitable for analyzing decompiled Android bytecode as an inspection medium. By employing NLP-based semantic analysis for static code examination, this research addresses privacy leakage detection in Android applications. This paper presents an NLP-based system for detecting consistency between application privacy policies and behaviors. The system utilizes NLP techniques to extract and process privacy-related declarations from policy documents and sensitive behaviors from applications. Through static analysis, it distinguishes actual sensitive behaviors and private data handling between core applications and third-party libraries. The system establishes a correlation model by mapping permission requirements with privacy information disclosures, ultimately achieving consistency verification. For experimental validation, we selected 100 Chinese mobile applications and their third-party libraries. Experimental results reveal that approximately 80% of applications exhibited inconsistencies between documented policies and actual behaviors (including third-party components).