A framework to detect "device related" data collection violations of android apps

Date

2015

Authors

Haque, Md. Farhan

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Android apps are one of the widespread applications in smart phones. Android apps provide privacy policies to illuminate users about the information processing during application usage. Android apps claim to collect both personal data such as name, email, credit card number etc. and non personal or device related data such as IP address, operating system, MAC address etc. in their privacy policies. Non personal or device related data provide sensitive user information about user's location, operating system configuration, device identifiers like MAC or IP address and poses a greater threat of privacy violations to users. However, the lack of mechanisms to detect consistencies of app's device related data collection with respect to the privacy policies makes difficult for app developers to ensure implementation without violation. In this research, a frame work has been developed to aid the developers to detect violations of privacy policies in app's implementation. The framework is designed as a plugin tool for Intellij IDEA which is the official Integrated Development Environment (IDE) for professional android app development. The plugin is named as "PrivacyPlugin" which bridges the gap between privacy policy and source code implementation from developers perspective. The plugin takes "device related" data collection of a privacy policy as an input and analyzes the data to generate a list of related apis. The plugin also examines source code of an app to generate the list of apis used for static method calls and compares two generated lists to detect unauthorized apis in violations. The plugin also suggests device related phrases or keywords to be included in the privacy policy based on violation results. The developed plugin's performance is evaluated through unit and function testing with proper test plans and test cases. To summarize, the "PrivacyPlugin" provides an analysis of "device related" data collection violations of android apps to the developers and suggestions to include required "device related" phrases or keywords in privacy policies to avoid violations.

Description

This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.

Keywords

Android

Citation

Department

Electrical and Computer Engineering