Detecting Contradictions in Android App Privacy Policies at Scale
Using our automated testing, we are able to establish instances where disclosures made in the privacy policies of Android apps diverge from their actual data collection and sharing practices, thus, violating data protection laws in the US and Europe. Our preliminary results demonstrate the scale of this problem for apps designed for children, as well as for apps that share data with third parties. As privacy regulation around the world becomes more stringent, are there any other contradictions that we can infer given our dataset?
Research goal: Detect instances where disclosures made in the privacy policies of Android apps diverge from their actual data collection and sharing practices. Measure user comprehension of disclosures made in privacy policies, and establish user perceptions on the role of different actors (e.g. Google Play Store) in enforcing privacy policies.
Potential studies:
- Create a set of heuristics for language that we can detect in privacy policies, and then automatically evaluate against behaviors we can observe by running the associated apps in the testbed.