Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/99842
PIRA download icon_1.1View/Download Full Text
DC FieldValueLanguage
dc.contributorDepartment of Computingen_US
dc.creatorZhao, Ken_US
dc.creatorZhan, Xen_US
dc.creatorYu, Len_US
dc.creatorZhou, Sen_US
dc.creatorZhou, Hen_US
dc.creatorLuo, Xen_US
dc.creatorWang, Hen_US
dc.creatorLiu, Yen_US
dc.date.accessioned2023-07-24T01:02:55Z-
dc.date.available2023-07-24T01:02:55Z-
dc.identifier.isbn978-1-6654-5701-9 (Electronic)en_US
dc.identifier.isbn978-1-6654-5702-6 (Print on Demand(PoD))en_US
dc.identifier.urihttp://hdl.handle.net/10397/99842-
dc.description2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), 14-20 May 2023, Melbourne, Australiaen_US
dc.language.isoenen_US
dc.rights© 2023 IEEE Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.en_US
dc.rightsThe following publication K. Zhao et al., "Demystifying Privacy Policy of Third-Party Libraries in Mobile Apps," 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), Melbourne, Australia, 2023, pp. 1583-1595 is available at https://doi.org/10.1109/ICSE48619.2023.00137.en_US
dc.subjectPrivacy policyen_US
dc.subjectThird-party libraryen_US
dc.subjectAndroiden_US
dc.titleDemystifying privacy policy of third-party libraries in mobile appsen_US
dc.typeConference Paperen_US
dc.identifier.spage1583en_US
dc.identifier.epage1595en_US
dc.identifier.doi10.1109/ICSE48619.2023.00137en_US
dcterms.abstractThe privacy of personal information has received significant attention in mobile software. Although researchers have designed methods to identify the conflict between app behavior and privacy policies, little is known about the privacy compliance issues relevant to third-party libraries (TPLs). The regulators enacted articles to regulate the usage of personal information for TPLs (e.g., the CCPA requires businesses clearly notify consumers if they share consumers' data with third parties or not). However, it remains challenging to investigate the privacy compliance issues of TPLs due to three reasons: 1) Difficulties in collecting TPLs' privacy policies. In contrast to Android apps, which are distributed through markets like Google Play and must provide privacy policies, there is no unique platform for collecting privacy policies of TPLs. 2) Difficulties in analyzing TPL's user privacy access behaviors. TPLs are mainly provided in binary files, such as jar or aar, and their whole functionalities usually cannot be executed independently without host apps. 3) Difficulties in identifying consistency between TPL's functionalities and privacy policies, and host app's privacy policy and data sharing with TPLs. This requires analyzing not only the privacy policies of TPLs and host apps but also their functionalities. In this paper, we propose an automated system named ATPChecker to analyze whether Android TPLs comply with the privacy-related regulations. We construct a data set that contains a list of 458 TPLs, 247 TPL's privacy policies, 187 TPL's binary files and 641 host apps and their privacy policies. Then, we analyze the bytecode of TPLs and host apps, design natural language processing systems to analyze privacy policies, and implement an expert system to identify TPL usage-related regulation compliance. The experimental results show that 23% TPLs violate regulation requirements for providing privacy policies. Over 47% TPLs miss disclosing data usage in their privac...en_US
dcterms.accessRightsopen accessen_US
dcterms.bibliographicCitation2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), Melbourne, Australia, 14-20 May 2023, p. 1583-1595en_US
dcterms.issued2023-
dc.relation.conferenceInternational Conference on Software Engineering [ICSE]en_US
dc.description.validate202307 bcwwen_US
dc.description.oaAccepted Manuscripten_US
dc.identifier.FolderNumbera2291-
dc.identifier.SubFormID47363-
dc.description.fundingSourceSelf-fundeden_US
dc.description.pubStatusPublisheden_US
dc.description.oaCategoryGreen (AAM)en_US
Appears in Collections:Conference Paper
Files in This Item:
File Description SizeFormat 
Zhao_Demystifying_Privacy_Policy.pdfPre-Published version1.1 MBAdobe PDFView/Open
Open Access Information
Status open access
File Version Final Accepted Manuscript
Access
View full-text via PolyU eLinks SFX Query
Show simple item record

Page views

125
Citations as of Apr 14, 2025

Downloads

180
Citations as of Apr 14, 2025

SCOPUSTM   
Citations

2
Citations as of Jun 21, 2024

WEB OF SCIENCETM
Citations

2
Citations as of Oct 10, 2024

Google ScholarTM

Check

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.