ATLAS: Automatically Detecting Discrepancies Between Privacy Policies
and Privacy Labels
- URL: http://arxiv.org/abs/2306.09247v1
- Date: Wed, 24 May 2023 05:27:22 GMT
- Title: ATLAS: Automatically Detecting Discrepancies Between Privacy Policies
and Privacy Labels
- Authors: Akshath Jain, David Rodriguez, Jose M. del Alamo, Norman Sadeh
- Abstract summary: We introduce the Automated Privacy Label Analysis System (ATLAS)
ATLAS identifies possible discrepancies between mobile app privacy policies and their privacy labels.
We find that, on average, apps have 5.32 such potential compliance issues.
- Score: 2.457872341625575
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Privacy policies are long, complex documents that end-users seldom read.
Privacy labels aim to ameliorate these issues by providing succinct summaries
of salient data practices. In December 2020, Apple began requiring that app
developers submit privacy labels describing their apps' data practices. Yet,
research suggests that app developers often struggle to do so. In this paper,
we automatically identify possible discrepancies between mobile app privacy
policies and their privacy labels. Such discrepancies could be indicators of
potential privacy compliance issues.
We introduce the Automated Privacy Label Analysis System (ATLAS). ATLAS
includes three components: a pipeline to systematically retrieve iOS App Store
listings and privacy policies; an ensemble-based classifier capable of
predicting privacy labels from the text of privacy policies with 91.3% accuracy
using state-of-the-art NLP techniques; and a discrepancy analysis mechanism
that enables a large-scale privacy analysis of the iOS App Store.
Our system has enabled us to analyze 354,725 iOS apps. We find several
interesting trends. For example, only 40.3% of apps in the App Store provide
easily accessible privacy policies, and only 29.6% of apps provide both
accessible privacy policies and privacy labels. Among apps that provide both,
88.0% have at least one possible discrepancy between the text of their privacy
policy and their privacy label, which could be indicative of a potential
compliance issue. We find that, on average, apps have 5.32 such potential
compliance issues.
We hope that ATLAS will help app developers, researchers, regulators, and
mobile app stores alike. For example, app developers could use our classifier
to check for discrepancies between their privacy policies and privacy labels,
and regulators could use our system to help review apps at scale for potential
compliance issues.
Related papers
- A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development.
This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information.
Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z) - PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories.
We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds.
State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
arXiv Detail & Related papers (2024-08-29T17:58:38Z) - Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory [82.7042006247124]
We show that even the most capable AI models reveal private information in contexts that humans would not, 39% and 57% of the time, respectively.
Our work underscores the immediate need to explore novel inference-time privacy-preserving approaches, based on reasoning and theory of mind.
arXiv Detail & Related papers (2023-10-27T04:15:30Z) - Honesty is the Best Policy: On the Accuracy of Apple Privacy Labels Compared to Apps' Privacy Policies [13.771909487087793]
Apple introduced privacy labels in Dec. 2020 as a way for developers to report the privacy behaviors of their apps.
While Apple does not validate labels, they also require developers to provide a privacy policy, which offers an important comparison point.
We fine-tuned BERT-based language models to extract privacy policy features for 474,669 apps on the iOS App Store.
arXiv Detail & Related papers (2023-06-29T16:10:18Z) - Is It a Trap? A Large-scale Empirical Study And Comprehensive Assessment
of Online Automated Privacy Policy Generators for Mobile Apps [15.181098379077344]
Automated Privacy Policy Generators can create privacy policies for mobile apps.
Nearly 20.1% of privacy policies could be generated by existing APPGs.
App developers must carefully select and use the appropriate APPGs to avoid potential pitfalls.
arXiv Detail & Related papers (2023-05-05T04:08:18Z) - The Overview of Privacy Labels and their Compatibility with Privacy
Policies [24.871967983289117]
Privacy nutrition labels provide a way to understand an app's key data practices without reading the long and hard-to-read privacy policies.
Apple and Google have implemented mandates requiring app developers to fill privacy nutrition labels highlighting their privacy practices.
arXiv Detail & Related papers (2023-03-14T20:10:28Z) - Privacy Explanations - A Means to End-User Trust [64.7066037969487]
We looked into how explainability might help to tackle this problem.
We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required.
Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
arXiv Detail & Related papers (2022-10-18T09:30:37Z) - SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset.
Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data.
We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
arXiv Detail & Related papers (2022-03-29T02:56:40Z) - Analysis of Longitudinal Changes in Privacy Behavior of Android
Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy.
We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers.
We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z) - PGLP: Customizable and Rigorous Location Privacy through Policy Graph [68.3736286350014]
We propose a new location privacy notion called PGLP, which provides a rich interface to release private locations with customizable and rigorous privacy guarantee.
Specifically, we formalize a user's location privacy requirements using a textitlocation policy graph, which is expressive and customizable.
Third, we design a private location trace release framework that pipelines the detection of location exposure, policy graph repair, and private trajectory release with customizable and rigorous location privacy.
arXiv Detail & Related papers (2020-05-04T04:25:59Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.