Communications of the ACM
Mobile App Behavior Often Appears at Odds With Privacy Policies
Credit: Sophos Ltd.
Mobile applications' privacy policies often are inconsistent with how an app actually collects and shares users' personal information, according to an automated analysis system developed by Carnegie Mellon University (CMU). Several federal and state laws require mobile apps to have privacy policies, but these policies can be incomplete or missing entirely.
Using natural language processing and machine-learning techniques, the CMU system scans privacy policies in the Google Play store and app source code to determine whether an app's behavior is consistent with its privacy policy. An analysis of almost 18,000 popular free apps from the Google Play store found 71 percent appeared to process personally identifiable information, but almost half lacked a privacy policy. Among apps that had policies, 41 percent of these could be collecting location information and 17 percent could be sharing that information with third parties without disclosing it.
The CMU researchers say their automated approach is much faster than human review, analyzing one app in about six seconds. CMU professor Norman Sadeh notes the system may make incorrect assumptions about how apps handle personal information, so a human would need to validate the findings of the automated system. Sadeh says organizations could use the system to assign scores to apps, helping regulators focus on the most serious violators.
From Carnegie Mellon University
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found