TY - GEN
T1 - Giving without Notifying
T2 - 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
AU - Fan, Ming
AU - Shi, Jifei
AU - Wang, Yin
AU - Yu, Le
AU - Zhang, Xicheng
AU - Wang, Haijun
AU - Jin, Wuxia
AU - Liu, Ting
N1 - Publisher Copyright:
© 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/10/27
Y1 - 2024/10/27
N2 - Mobile apps often access personal information to meet business needs, raising concerns about privacy breaches. Compliance detection methods are proposed to check for inconsistencies between program code and privacy policies. However, existing methods face challenges with the low efficiency of static data flow analysis tools and often neglect physical data transmission destinations.To address these issues, we propose an automated compliance detection method called GNChecker. It uses an efficient static data flow analysis technique with a segmentation strategy, significantly reducing the search scope and improving efficiency. Additionally, a fine-grained consistency detection framework is proposed by integrating static data flow and dynamic traffic flow results into a unified tuple form, i.e., (information type, transmission address). Evaluation results on 50 popular apps show that GNChecker outperforms state-of-the-art data flow analysis tools. Among 1,134 real-world apps, GNChecker identified 1,410 true non-compliant transmission behaviors in 379 apps, significantly surpassing existing compliance detection tools.
AB - Mobile apps often access personal information to meet business needs, raising concerns about privacy breaches. Compliance detection methods are proposed to check for inconsistencies between program code and privacy policies. However, existing methods face challenges with the low efficiency of static data flow analysis tools and often neglect physical data transmission destinations.To address these issues, we propose an automated compliance detection method called GNChecker. It uses an efficient static data flow analysis technique with a segmentation strategy, significantly reducing the search scope and improving efficiency. Additionally, a fine-grained consistency detection framework is proposed by integrating static data flow and dynamic traffic flow results into a unified tuple form, i.e., (information type, transmission address). Evaluation results on 50 popular apps show that GNChecker outperforms state-of-the-art data flow analysis tools. Among 1,134 real-world apps, GNChecker identified 1,410 true non-compliant transmission behaviors in 379 apps, significantly surpassing existing compliance detection tools.
KW - Android apps
KW - compliance detection
KW - privacy policy
UR - https://www.scopus.com/pages/publications/85212439613
U2 - 10.1145/3691620.3695528
DO - 10.1145/3691620.3695528
M3 - 会议稿件
AN - SCOPUS:85212439613
T3 - Proceedings - 2024 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
SP - 1595
EP - 1606
BT - Proceedings - 2024 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
PB - Association for Computing Machinery, Inc
Y2 - 28 October 2024 through 1 November 2024
ER -