SCOPE: Evaluating and Enhancing Permission Explanation Transparency in Mobile Apps
This program is tentative and subject to change.
Permission explanations, explanatory text accompanying mobile app permission requests, are crucial for user privacy transparency and informed consent. Despite their importance, current practices often fall short of regulatory expectations due to the lack of systematic evaluation mechanisms. Through an empirical study of 600 mainstream mobile apps, we reveal widespread deficiencies: 15% of permission requests provide no explanation, others use vague language or technical jargon, and critically, many fail to disclose third-party SDK data access despite these components actively using granted permissions. To address these transparency gaps, we present SCOPE, an automated multi-agent framework that systematically evaluates permission explanation compliance and generates targeted optimization recommendations. SCOPE employs four specialized agents working collaboratively: multimodal LLM-based explanation extraction, few-shot learning-based linguistic analysis, dynamic API-based purpose inference, and adaptive report generation. Comprehensive evaluation demonstrates SCOPE’s effectiveness, achieving 98% accuracy in explanation extraction, 93.5% consistency in compliance analysis, and 92% accuracy in purpose inference. A user study with 30 participants shows 84.6% preference for SCOPE-optimized explanations, confirming practical utility. Our work provides the first systematic analysis of permission explanation practices and establishes a scalable solution for enhancing mobile app privacy transparency.
This program is tentative and subject to change.
Wed 19 NovDisplayed time zone: Seoul change
16:00 - 17:00 | |||
16:00 10mTalk | RAML: Toward Retrieval-Augmented Localization of Malicious Payloads in Android Apps NIER Track Tiezhu Sun University of Luxembourg, Marco Alecci University of Luxembourg, Yewei Song University of Luxembourg, Xunzhu Tang University of Luxembourg, Kisub Kim DGIST, Jordan Samhi University of Luxembourg, Luxembourg, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
16:10 10mTalk | Unlocking Reproducibility: Automating re-Build Process for Open-Source Software Industry Showcase Behnaz Hassanshahi Oracle, Trong Nhan Mai Oracle Labs, Benjamin Selwyn-Smith Oracle Labs, Nicholas Allen Oracle | ||
16:20 10mTalk | JSidentify-V2: Dynamic Memory Fingerprinting for Mini-Game Plagiarism Detection Industry Showcase Zhihao Li Tencent Inc., Chaozheng Wang The Chinese University of Hong Kong, Li Zongjie Hong Kong University of Science and Technology, Xinyong Peng Tencent Inc., Qun Xia Tencent Inc., Haochuan Lu Tencent, Ting Xiong Tencent Inc., Shuzheng Gao Chinese University of Hong Kong, Cuiyun Gao Harbin Institute of Technology, Shenzhen, Shuai Wang Hong Kong University of Science and Technology, Yuetang Deng Tencent, Huafeng Ma Tencent Inc. | ||
16:30 10mTalk | IDBFuzz: Web Storage DataBase Fuzzing with Controllable Semantics NIER Track Jingyi Chen Jiangsu University, Jinfu Chen Jiangsu University, Saihua Cai Jiangsu University, Shengran Wang Jiangsu University | ||
16:40 10mTalk | SCOPE: Evaluating and Enhancing Permission Explanation Transparency in Mobile Apps Industry Showcase Liu Wang Beijing University of Posts and Telecommunications, Tianshu Zhou Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, Xiyuan Liu Freshippo-Alibaba Group, Yi Wang | ||
16:50 10mTalk | ApkArmor: Low-Cost Lightweight Anti-Decompilation Techniques for Android Apps Industry Showcase Jiayang Liu Huazhong University of Science and Technology, Yanjie Zhao Huazhong University of Science and Technology, Pengcheng Xia Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology | ||