Identifying Unusual Personal Data in Mobile Apps for Better Privacy Compliance Check
摘要
Automatically identifying a user’s personal data in mobile apps is crucial for various downstream tasks in mobile privacy, such as detecting privacy compliance issues like unexpected data collection and sharing. The general approaches are pinpointing the in-app user personal data by comparing text similarity with a limited number of keywords (e.g., location, phone number). However, the expression of personal data has constantly been evolving. For example, “pronouns” is used to refer to gender identity nowadays. This type of Unusual Personal Data (UPD for short) is hardly covered by previous mechanisms. In this paper we propose FiCo, a new framework to identify in-app UPD for mobile apps through Fine-grained Context-aware UI analysis. In particular, to uncover UPD, we developed a new methodology that leverages the contextual affinity of UI elements, bridging the knowledge gap caused by the evolving nature of natural language expressions. From experimental evaluation and measurement, we present that FiCo is capable of handling Unusual Personal Data and enhancing privacy compliance.