Giving without Notifying: Assessing Compliance of Data Transmission in Android Apps
This program is tentative and subject to change.
Mobile apps often access personal information to meet business needs, raising concerns about privacy breaches. Compliance detection methods are proposed to check for inconsistencies between program code and privacy policies. However, existing methods face challenges with the low efficiency of static data flow analysis tools and often neglect physical data transmission destinations.
To address these issues, we propose an automated compliance detection method called GNChecker. It uses an efficient static data flow analysis technique with a segmentation strategy, significantly reducing the search scope and improving efficiency. Additionally, a fine-grained consistency detection framework is proposed by integrating static data flow and dynamic traffic flow results into a unified tuple form, i.e., (information type, transmission address). Evaluation results on 50 popular apps show that GNChecker outperforms state-of-the-art data flow analysis tools. Among 1,134 real-world apps, GNChecker identified 1,410 true non-compliant transmission behaviors in 379 apps, significantly surpassing existing compliance detection tools.
This program is tentative and subject to change.
Tue 29 OctDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 16:30 | |||
15:30 15mTalk | Giving without Notifying: Assessing Compliance of Data Transmission in Android Apps Research Papers Ming Fan Xi'an Jiaotong University, Jifei Shi Xi'an Jiaotong University, Yin Wang Xi'an Jiaotong University, Le Yu Nanjing University of Posts and Telecommunications, Xicheng Zhang Xi'an Jiaotong University, Haijun Wang Xi’an Jiaotong University, Wuxia Jin Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University | ||
15:45 15mTalk | MiniChecker: Detecting Data Privacy Risk of Abusive Permission Request Behavior in Mini-Programs Research Papers Yin Wang Xi'an Jiaotong University, Ming Fan Xi'an Jiaotong University, Hao Zhou Pattern, Recognition Center, WeChat, Tencent, Haijun Wang Xi’an Jiaotong University, Wuxia Jin Xi'an Jiaotong University, Jiajia Li Ant Group, Wenbo Chen Ant Group, Shijie Li Ant Group, Yu Zhang Ant Group, Deqiang Han Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University | ||
16:00 15mTalk | A Multi-solution Study on GDPR AI-enabled Completeness Checking of DPAs Journal-first Papers Muhammad Ilyas Azeem Institute of Software Chinese Academy of Sciences, Sallam Abualhaija University of Luxembourg | ||
16:15 10mTalk | CompAi: A Tool for GDPR Completeness Checking of Privacy Policies using Artificial Intelligence Tool Demonstrations Orlando Amaral University of Luxembourg, Sallam Abualhaija University of Luxembourg, Lionel Briand University of Ottawa, Canada; Lero centre, University of Limerick, Ireland | ||