More Web Proxy on the site http://driver.im/

research-article

Free access

Actions speak louder than words: entity-sensitive privacy policy and data flow analysis with POLICHECK

AUTHORs:

Benjamin Andow,

Samin Yaseer Mahmud,

Justin Whitaker,

Bradley Reaves,

Serge EgelmanAuthors Info & Claims

SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

Article No.: 56, Pages 985 - 1002

Published: 12 August 2020 Publication History

PDF eReader Publisher Site

Abstract

Identifying privacy-sensitive data leaks by mobile applications has been a topic of great research interest for the past decade. Technically, such data flows are not "leaks" if they are disclosed in a privacy policy. To address this limitation in automated analysis, recent work has combined program analysis of applications with analysis of privacy policies to determine the flow-to-policy consistency, and hence violations thereof. However, this prior work has a fundamental weakness: it does not differentiate the entity (e.g., first-party vs. third-party) receiving the privacy-sensitive data. In this paper, we propose POLICHECK, which formalizes and implements an entity-sensitive flow-to-policy consistency model. We use POLICHECK to study 13,796 applications and their privacy policies and find that up to 42.4% of applications either incorrectly disclose or omit disclosing their privacy-sensitive data flows. Our results also demonstrate the significance of considering entities: without considering entity, prior approaches would falsely classify up to 38.4% of applications as having privacy-sensitive data flows consistent with their privacy policies. These false classifications include data flows to third-parties that are omitted (e.g., the policy states only the first-party collects the data type), incorrect (e.g., the policy states the third-party does not collect the data type), and ambiguous (e.g., the policy has conflicting statements about the data type collection). By defining a novel automated, entity-sensitive flow-to-policy consistency analysis, POLICHECK provides the highest-precision method to date to determine if applications properly disclose their privacy-sensitive behaviors.

References

[1]

California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa.

[2]

Children's Online Privacy Protection Rule. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.

[3]

The EU General Data Protection Regulation. https://eugdpr.org.

[4]

Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In Proceedings of the USENIX Security Symposium, August 2019.

[5]

Android Studio. UI/Application Exerciser Monkey. https://developer.android.com/studio/test/monkey.html, 2019. Accessed: May 15, 2019.

[6]

AppCensus AppSearch. https://search.appcensus.io/.

[7]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flow-Droid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI), 2014.

Digital Library

[8]

David Barrera, H. Güneş Kayacik, Paul C. van Oorschot, and Anil Somayaji. A Methodology for Empirical Analysis of Permission-based Security Models and Its Application to Android. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), October 2010.

Digital Library

[9]

J. Bowers, B. Reaves, I. Sherman, P. Traynor, and K. Butler. Regulators, Mount Up! Analysis of Privacy Policies for Mobile Money Applications. In Proceedings of the USENIX Symposium on Usable Privacy and Security (SOUPS), 2017.

[10]

Manuel Egele, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. PiOS: Detecting Privacy Leaks in iOS Applications. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), February 2011.

[11]

William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N. Sheth. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010.

Digital Library

[12]

William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri. A Study of Android Application Security. In Proceedings of the USENIX Security Symposium, August 2011.

[13]

Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David Wagner. Android Permissions Demystified. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), October 2011.

[14]

Xinming Ou Fengguo Wei, Sankardas Roy and Robby. Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), November 2014.

[15]

In the Matter of Goldenshores Technologies, LLC, and Erik M. Geidl. https://www.ftc.gov/enforcement/cases-proceedings/132-3087/goldenshores-technologies-llc-erik-m-geidl-matter.

[16]

Michael Grace, Wu Zhou, Xuxian Jiang, and Ahmad-Reza Sadeghi. Unsafe Exposure Analysis of Mobile In-App Advertisements. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2012.

Digital Library

[17]

Catherine Han, Irwin Reyes, Amit Elazari Bar On, Joel Reardon, Álvaro Feal, Kenneth A. Bamberger, Serge Egelman, and Narseo Vallina-Rodriguez. Do You Get What You Pay For? Comparing The Privacy Behaviors of Free vs. Paid Apps. In Workshop on Technology and Consumer Protection (ConPro), May 2019.

[18]

Jin Han, Qiang Yan, Debin Gao, Jianying Zhou, and Robert Deng. Comparing Mobile Privacy Protection through Cross-Platform Applications. In Proceedings of the ISOC Network and Distributed Systems Symposium (NDSS), February 2013.

[19]

Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. In Proceedings of the USENIX Security Symposium, 2018.

Digital Library

[20]

K. Butler J. Bowers, I. Sherman and P. Traynor. Characterizing Security and Privacy Practices in Emerging Digital Credit Applications. In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2019.

Digital Library

[21]

Ehimare Okoyomon, Nikita Samarin, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, Irwin Reyes, Álvaro Feal, and Serge Egelman. On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies. In Workshop on Technology and Consumer Protection (ConPro), May 2019.

[22]

Hao Peng, Chris Gates, Bhaskar Sarma, Ninghui Li, Alan Qi, Rahul Potharaju, Cristina Nita-Rotaru, and Ian Molloy. Using Probabilistic Generative Models for Ranking Risks of Android Apps. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), October 2012.

[23]

Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, and Phillipa Gill. Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2018.

[24]

Joel Reardon, Alvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman. 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permission System. In Proceedings of the USENIX Security Symposium, 2019.

[25]

Jingjing Ren, Ashwin Rao, Martina Lindorfer, Arnaud Legout, and David R. Choffnes. ReCon: Revealing and Controlling Privacy Leaks in Mobile Network Traffic. In Proceedings of the ACM SIGMOBILE MobiSys, pages 361-374, 2016.

Digital Library

[26]

Irwin Reyes, Primal Wiesekera, Abbas Razaghpanah, Joel Reardon, Narseo Vallina-Rodriguez, Serge Egelman, and Christian Kreibich. "Is Our Children's Apps Learning?" Automatically Detecting COPPA Violations. In Workshop on Technology and Consumer Protection (ConPro), May 2017.

[27]

Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. "Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale. In Proceedings on Privacy Enhancing Technologies (PETS), July 2018.

[28]

Sanae Rosen, Zhiyun Qian, and Z. Morely Mao. App-Profiler: A Flexible Method of Exposing Privacy-related Behavior in Android Applications to End Users. In Proceedings of the ACM Conference on Data and Application Security and Privacy (CODASPY, February 2013.

[29]

Rocky Slavin, Xiaoyin Wang, Mitra Bokaei Hosseini, James Hester, Ram Krishnan, Jaspreet Bhatia, Travis D. Breaux, and Jianwei Niu. Toward a Framework for Detecting Privacy Policy Violations in Android Application Code. In Proceedings of the International Conference on Software Engineering (ICSE), 2016.

Digital Library

[30]

In the Matter of Snapchat, Inc. https://www.ftc.gov/enforcement/cases-proceedings/132-3078/snapchat-inc-matter.

[31]

John W. Stamey and Ryan A. Rossi. Automatically Identifying Relations in Privacy Policies. In Proceedings of the ACM International Conference on Design of Communication (SIGDOC), 2009.

Digital Library

[32]

Xiaoyin Wang, Xue Qin, Mitra Bokaei Hosseini, Rocky Slavin, Travis D. Breaux, and Jianwei Niu. GUILeak: Tracing Privacy Policy Claims on User Input Data for Android Applications. In Proceedings of the International Conference of Software Engineering (ICSE), 2018.

Digital Library

[33]

Primal Wijesekera, Arjun Baokar, Ashkan Hosseini, Serge Egelman, David Wagner, and Konstantin Beznosov. Android Permissions Remystified: A Field Study on Contextual Integrity. In Proceedings of the USENIX Security Symposium, August 2015.

[34]

Le Yu, Xiapu Luo, Xule Liu, and Tao Zhang. Can We Trust the Privacy Policies of Android Apps? In Proceedings of the IEEE/IFIP Conference on Dependable Systems and Networks (DSN), 2016.

[35]

Razieh Nokhbeh Zaeem, Rachel L. German, and K. Suzanne Barber. PrivacyCheck: Automatic Summarization of Privacy Policies Using Data Mining. ACM Transactions on Internet Technology (TOIT), 2013.

Digital Library

[36]

Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, and Binyu Zang. Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), November 2013.

[37]

Sebastian Zimmeck and Steven M. Bellovin. Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In Proceedings of the USENIX Security Symposium, 2014.

Digital Library

[38]

Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg. Automated Analysis of Privacy Requirements for Mobile Apps. In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS), 2017.

Cited By

Barth SIonita DHartel P(2022)Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design GuidelinesACM Computing Surveys10.1145/350228855:3(1-37)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3502288
Reisinger TWagner IBoiten E(2022)Security and Privacy in Unified CommunicationACM Computing Surveys10.1145/349833555:3(1-36)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498335
Bui DYao YShin KChoi JShin JKim YKim JVigna GShi E(2021)Consistency Analysis of Data-Usage Purposes in Mobile AppsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484536(2824-2843)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484536

Index Terms

Actions speak louder than words: entity-sensitive privacy policy and data flow analysis with POLICHECK

Index terms have been assigned to the content through auto-classification.

Recommendations

Actions Speak Louder Than Passwords: Dynamic Identity for Machine-to-Machine Communication
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Machine-to-Machine (M2M) communication is communication between computers without a human user involved. This is a very common paradigm whenever automated tasks are executed routinely, e.g., backup data to a cloud storage, update a local database cache, ...
Internet users' perceptions of 'privacy concerns' and 'privacy actions'

A consistent finding reported in online privacy research is that an overwhelming majority of people are 'concerned' about their privacy when they use the Internet. Therefore, it is important to understand the discourse of Internet users' privacy ...
Some Properties of the Overlapping Words
IS3C '12: Proceedings of the 2012 International Symposium on Computer, Consumer and Control

This paper aims to investigate some properties of the overlapping words. A word w is called an overlapping word if there exists a nonempty word v such that v (1/2)lg(u). In the meanwhile, an overlapping word is a d_1-word if it is not a d_2-word. The ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

August 2020

2809 pages

ISBN:978-1-939133-17-5

Program Chairss:
Srdjan Capkun
ETH Zurich
,
Franziska Roesner
University of Washington

Copyright © 2020.

Sponsors

Facebook
Microsoft
IBM
ByteDance
Google Inc.

Publisher

USENIX Association

United States

Publication History

Published: 12 August 2020

Qualifiers

Research-article

Acceptance Rates

Overall Acceptance Rate 40 of 100 submissions, 40%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
278
Total Downloads

Downloads (Last 12 months)139
Downloads (Last 6 weeks)18

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Barth SIonita DHartel P(2022)Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design GuidelinesACM Computing Surveys10.1145/350228855:3(1-37)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3502288
Reisinger TWagner IBoiten E(2022)Security and Privacy in Unified CommunicationACM Computing Surveys10.1145/349833555:3(1-36)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498335
Bui DYao YShin KChoi JShin JKim YKim JVigna GShi E(2021)Consistency Analysis of Data-Usage Purposes in Mobile AppsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484536(2824-2843)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484536

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten