AutoPPG: Towards automatic generation of privacy policy for android applications

SPSM 2015 - Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, co-located with: CCS 2015

Volumn , Issue , 2015, Pages 39-50

  Yu, Le ^a   Zhang, Tao ^a   Luo, Xiapu ^a   Xue, Lei ^a  

^a HONG KONG POLYTECHNIC UNIVERSITY   (Hong Kong)

Author keywords

Document generation; Information extraction; Mobile applications; Privacy policy; Program analysis

Indexed keywords

APPLICATION PROGRAMS; CODES (SYMBOLS); COMPUTER PROGRAMMING; INFORMATION RETRIEVAL; MOBILE DEVICES; NATURAL LANGUAGE PROCESSING SYSTEMS; SMARTPHONES;

ANDROID APPLICATIONS; AUTOMATIC GENERATION; DOCUMENT GENERATION; MOBILE APPLICATIONS; NATURAL LANGUAGE PROCESSING; PRIVACY POLICIES; PROGRAM ANALYSIS; STATIC CODE ANALYSIS;

ANDROID (OPERATING SYSTEM);

EID: 84955498728     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2808117.2808125     Document Type: Conference Paper

References (42)

1. Android input event. http://goo.gl/enQtDI.
2. Natural language toolkit. http://www.nltk.org/.
3. Neo4j graph database. http://neo4j.com/.
4. Privacy policies for android apps. https://termsfeed.com.
5. Wordnet. http://wordnet.princeton.edu/.
6. Mobile privacy disclosures: Building trust through transparency. Technical report, FTC Staff Report, 2013.
7. The need for privacy policies in mobile apps - an overview. http://goo.gl/7AB2aB, 2013.
8. Path social networking app settles ftc charges it deceived consumers and improperly collected personal information from users' mobile address books. https://goo.gl/Z31BAU, 2013.
9. Google java style. https://goo.gl/1RtxN1, 2015.
10. Ontology structure. http://goo.gl/sBGgzZ, 2015.
11. K. Au, Y. Zhou, Z. Huang, and D. Lie. Pscout: Analyzing the android permission specification. In Proc. ACM CCS, 2012.
12. T. Breaux and A. Anton. Analyzing regulatory rules for privacy and security requirements. IEEE Trans. on Software Eng., 2008.
13. D. Cer, M. Marnee, D. Jurafsky, and C. Manning. Parsing to stanford dependencies: Trade-offs between speed and accuracy. In Proc. LREC, 2010.
14. E. Costante, Y. Sun, M. Petkovic, and J. Hartog. A machine learning solution to assess privacy policy completeness. In Proc. ACM WPES, 2012.
15. J. Cowie and W. Lehnert. Information extraction. Communications of the ACM, 39(1), 1996.
16. A. Felt, S. Egelman, and D. Wagner. I've got 99 problems, but vibration ain't one: A survey of smartphone users' concerns. In Proc. ACM SPSM, 2012.
17. E. Gabrilovich and S. Markovitch. Computing semantic relatedness using wikipedia-based explicit semantic analysis. In Proc. IJCAI, 2007.
18. H. Halpin, B. Suda, and N. Walsh. An ontology for vcard. http://www.w3.org/2006/vcard/, 2015.
19. M. Harman, Y. Jia, and W. B. Langdon. Strong higher order mutation-based test data generation. In Proc. ESEC/FSE, 2011.
20. R. Iannella and S. Identity. vcard ontology - for describing people and organizations. http://www.w3.org/TR/vcard-rdf/, 2015.
21. A. Javed, P. Strooper, and G. Watson. Automated generation of test cases using model-driven architecture. In Proc. AST, 2007.
22. L. Li, A. Bartel, T. Bissyande, J. Klein, Y. Traon, S. Arzt, R. Siegfried, E. Bodden, D. Octeau, and P. Mcdaniel. Iccta: Detecting inter-component privacy leaks in android apps. In Proc. ICSE, 2015.
23. F. Liu, R. Ramanath, N. Sadeh, and N. Smith. A step towards usable privacy policy: Automatic alignment of privacy statements. In Proc. COLING, 2014.
24. C. Manning, P. Raghavan, and H. Schutze. Introduction to Information Retrieval. Cambridge University Press, 2008.
25. C. Meyer, E. Broeker, A. Pierce, and J. Gatto. Ftc issues new guidance for mobile app developers that collect location data. http://goo.gl/weSNRB, 2015.
26. D. Miao and L. Kagal. Privacy informer: An automatic privacy description generator for mobile apps. In Proc. ASE PASSAT, 2014.
27. M. Nauman, S. Khan, and X. Zhang. Apex: Extending android permission model and enforcement with user-defined runtime constraints. In Proc. ACM ASIACCS, 2010.
28. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Traon. Effective inter-component communication mapping in android with epicc: An essential step towards holistic security analysis. In Proc. USENIX Security, 2013.
29. Plain English Campaign. How to write in plain english. http://goo.gl/qwq2Sh.
30. C. Qian, X. Luo, Y. Le, and G. Gu. Vulhunter: Toward discovering vulnerabilities in android applications. IEEE Micro, 2015.
31. R. Ramanath, F. Liu, N. Sadeh, and N. Smith. Unsupervised alignment of privacy policies using hidden markov models. In Proc. ACL, 2014.
32. S. Rasthofer, S. Arzt, and E. Bodden. A machine-learning approach for classifying and categorizing android sources and sinks. In Proc. NDSS, 2014.
33. S. Rayadurgam and M. P. Heimdahl. Coverage based test-case generation using model checkers. In Proc. ECBS, 2001.
34. S. Rosen, Z. Qian, and Z. M. Mao. Appprofiler: A exible method of exposing privacy-related behavior in android applications to end users. In Proc. CODASPY, 2013.
35. M. Rowan and J. Dehlinger. Encouraging privacy by design concepts with privacy policy auto-generation in eclipse (page). In Proc. ETX, 2014.
36. M. Rutherford and A. Wolf. A case for test-code generation in model-driven systems. In Proc. GPCE, 2003.
37. F. Shen, N. Vishnubhotla, C. Todarka, M. Arora, B. Dhandapani, E. J. Lehner, S. Y. Ko, and L. Ziarek. Information ows as a permission mechanism. In Proc. ASE, 2014.
38. J. Slankas, X. Xiao, L. Williams, and T. Xie. Relation extraction for inferring access control rules from natural language artifacts. In Proc. ACSAC, 2014.
39. X. Xiao, A. Paradkar, S. Thummalapenta, and T. Xie. Automated extraction of security policies from natural language software documents. In Proc. ACM FSE, 2012.
40. Y. Xu, M.-Y. Kim, K. Quinn, R. Goebel, and D. Barbosa. Open information extraction with tree kernels. In HLT-NAACL, 2013.
41. Y. Yang, C. L. Teo, H. Daume III, and Y. Aloimonos. Corpus-guided sentence generation of natural images. In Proc. EMNLP, 2011.
42. S. Zimmeck and S. M. Bellovin. Privee: An architecture for automatically analyzing web privacy policies. In Proc. USENIX Security, 2014.