Android App Privacy Risk Assessment: Combining Policy Analysis and Behavioral Monitoring
摘要
In the current era of ubiquitous smartphones and the expanding dominance of the Android operating system, protecting user privacy has become a pressing concern. This paper presents a novel privacy leakage risk assessment method that leverages both Android privacy policies and application behavior analysis. Initially, the method conducts a dual analysis of privacy policy texts—first by evaluating their readability to determine usability, and then by comparing their contents against existing privacy laws and regulations to assess their completeness. Simultaneously, a static analysis of application source code is employed to extract sensitive behaviors inherent in the application. These extracted behaviors are then cross-referenced with the privacy policy declarations to evaluate the level of consistency. To deliver a comprehensive assessment, a model integrating availability, integrity, and consistency factors is developed, which provides a multi-faceted evaluation of the application’s privacy disclosure risk. Experimental validation on various popular Android applications from both domestic and international markets confirms that the proposed approach effectively identifies privacy leakage risks, thereby supporting users in selecting safer applications and enhancing overall awareness of privacy protection.