Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps

Takuya Watanabe, Mitsuaki Akiyama, Tetsuya Sakai, Hironori Washizaki, Tatsuya Mori

研究成果: Conference contribution

22 被引用数 (Scopus)

抄録

Permission warnings and privacy policy enforcement are widely used to inform mobile app users of privacy threats. These mechanisms disclose information about use of privacy-sensitive resources such as user location or contact list. However, it has been reported that very few users pay attention to these mechanisms during installation. Instead, a user may focus on a more user-friendly source of information: text description, which is written by a developer who has an incentive to attract user attention. When a user searches for an app in a marketplace, his/her query keywords are generally searched on text descriptions of mobile apps. Then, users review the search results, often by reading the text descriptions; i.e., text descriptions are associated with user expectation. Given these observations, this paper aims to address the following research question: What are the primary reasons that text descriptions of mobile apps fail to refer to the use of privacy-sensitive resources? To answer the research question, we performed empirical large-scale study using a huge volume of apps with our ACODE (Analyzing COde and DEscription) framework, which combines static code analysis and text analysis. We developed light-weight techniques so that we can handle hundred of thousands of distinct text descriptions. We note that our text analysis technique does not require manually labeled descriptions; hence, it enables us to conduct a large-scale measurement study without requiring expensive labeling tasks. Our analysis of 200,000 apps and multilingual text descriptions collected from official and third-party Android marketplaces revealed four primary factors that are associated with the inconsistencies between text descriptions and the use of privacy-sensitive resources: (1) existence of app building services/frameworks that tend to add API permissions/code unnecessarily, (2) existence of prolific developers who publish many applications that unnecessarily install permissions and code, (3) existence of secondary functions that tend to be unmentioned, and (4) existence of third-party libraries that access to the privacy-sensitive resources. We believe that these findings will be useful for improving users' awareness of privacy on mobile software distribution platforms.

本文言語English
ホスト出版物のタイトルSOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
出版社USENIX Association
ページ241-255
ページ数15
ISBN(電子版)9781931971249
出版ステータスPublished - 2019
イベント11th Symposium on Usable Privacy and Security, SOUPS 2015 - Ottawa, Canada
継続期間: 2015 7月 222015 7月 24

出版物シリーズ

名前SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security

Conference

Conference11th Symposium on Usable Privacy and Security, SOUPS 2015
国/地域Canada
CityOttawa
Period15/7/2215/7/24

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信
  • 安全性、リスク、信頼性、品質管理

フィンガープリント

「Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル