Abstract
This paper tackles the pressing challenges in the digital realm, with a specific focus on privacy and security concerns in Android apps, especially regarding third-party involvement and data usage disclosures. A key issue addressed is the complexity and inaccessibility of privacy policies, which often remain obscure to users due to their technical legal language. To address these challenges, we employ cutting-edge artificial intelligence techniques, notably Generative AI (GenAI) and natural language processing (NLP), to decipher and interpret the privacy policies of Android apps with a focus on third-party data practices. A central feature of our study is the introduction of an innovative classification system that segregates app behaviors into ‘Transparent’ and ‘Opaque’ categories. This distinction is rooted in the clarity and explicitness of third-party data practice disclosures within app privacy policies. ‘Transparent’ apps are those that clearly articulate their interactions with third-party entities and the purposes for data usage, aligning with standard practices and enhancing user trust. Conversely, ‘Opaque’ apps lack clear disclosures, leaving users uninformed about potential data sharing and usage, thereby raising privacy and security concerns. Our research contributes by utilizing the capabilities of ChatGPT’s API for an in-depth analysis of privacy policies, with a particular emphasis on third-party mentions and data usage purposes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In the practices, we collected 1,351 data types (e.g., Name, Email, Transaction, etc.) from the privacy policy of 273 randomly selected Android apps. We cluster them into 17 category data types - e.g., Personal Info; Technical Data; Location Data.
References
Amaral, O., et al.: AI-enabled automation for completeness checking of privacy policies. IEEE Trans. Softw. Eng. 48(11), 4647–4674 (2021)
Hatamian, M., et al.: Revealing the unrevealed: mining smartphone users privacy perception on app markets. Comput. Secur. 83, 332–353 (2019)
Khiem, H.G., et al.: Applying blockchain technology for privacy preservation in Android platforms. In: Zhang, Y., Zhang, L.J. (eds.) ICWS 2023. LNCS, vol. 14209, pp. 47–61. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-44836-2_4
Liu, S., et al.: APPCorp: a corpus for Android privacy policy document structure analysis. Front. Comput. Sci. 17(3), 173320 (2023)
Sen, S., Can, B.: Android security using NLP techniques: a review. arXiv preprint arXiv:2107.03072 (2021)
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A., Piras, L.: Android code vulnerabilities early detection using AI-powered ACVED plugin. In: Atluri, V., Ferrara, A.L. (eds.) DBSec 2023. LNCS, vol. 13942, pp. 339–357. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-37586-6_20
Slavin, R., et al.: Toward a framework for detecting privacy policy violations in Android application code. In: Proceedings of the 38th International Conference on Software Engineering, pp. 25–36 (2016)
Son, H.X., Carminati, B., Ferrari, E.: PriApp-install: learning user privacy preferences on mobile apps’ installation. In: Su, C., Gritzalis, D., Piuri, V. (eds.) ISPEC 2022. LNCS, vol. 13620, pp. 306–323. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-21280-2_17
Son, H.X., Carminati, B., Ferrari, E.: A risk estimation mechanism for Android apps based on hybrid analysis. Data Sci. Eng. 7(3), 242–252 (2022)
Son, H.X., et al.: In2P-Med: toward the individual privacy preferences identity in the medical web apps. In: Garrigós, I., Murillo Rodríguez, J.M., Wimmer, M. (eds.) ICWE 2023. LNCS, vol. 13893, pp. 126–140. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-34444-2_10
Story, P., et al.: Natural language processing for mobile app privacy compliance. In: AAAI Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies, vol. 2, p. 4 (2019)
Tello, A.B., et al.: Quantitative evaluation of android application privacy security based on privacy policy and behaviour
Wang, X., et al.: Guileak: tracing privacy policy claims on user input data for Android applications. In: Proceedings of the 40th International Conference on Software Engineering, pp. 37–47 (2018)
Yao, Y., et al.: Privacy protocol analysis based on android application. In: 2021 8th International Conference on Dependable Systems and Their Applications (DSA), pp. 631–638. IEEE (2021)
Yao, Y., et al.: PPAdroid: an approach to android privacy protocol analysis. J. Internet Technol. 23(3), 561–571 (2022)
Yu, L., et al.: Can we trust the privacy policies of Android apps? In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 538–549. IEEE (2016)
Yu, L., et al.: PPChecker: towards accessing the trustworthiness of Android apps’ privacy policies. IEEE Trans. Softw. Eng. 47(2), 221–242 (2018)
Yu, L., et al.: Identifying privacy issues in mobile apps via synthesizing static analysis and NLP (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Phan, T.H.T. et al. (2024). Evaluating Third-Party Involvement in Android Apps: Norms and Anomalies in Usage Patterns. In: Younas, M., Awan, I., Petcu, D., Feng, B. (eds) Mobile Web and Intelligent Information Systems. MobiWIS 2024. Lecture Notes in Computer Science, vol 14792. Springer, Cham. https://doi.org/10.1007/978-3-031-68005-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-68005-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-68004-5
Online ISBN: 978-3-031-68005-2
eBook Packages: Computer ScienceComputer Science (R0)