In the current era of ubiquitous smartphones and the expanding dominance of the Android operating system, protecting user privacy has become a pressing concern. This paper presents a novel privacy leakage risk assessment method that leverages both Android privacy policies and application behavior analysis. Initially, the method conducts a dual analysis of privacy policy texts—first by evaluating their readability to determine usability, and then by comparing their contents against existing privacy laws and regulations to assess their completeness. Simultaneously, a static analysis of application source code is employed to extract sensitive behaviors inherent in the application. These extracted behaviors are then cross-referenced with the privacy policy declarations to evaluate the level of consistency. To deliver a comprehensive assessment, a model integrating availability, integrity, and consistency factors is developed, which provides a multi-faceted evaluation of the application’s privacy disclosure risk. Experimental validation on various popular Android applications from both domestic and international markets confirms that the proposed approach effectively identifies privacy leakage risks, thereby supporting users in selecting safer applications and enhancing overall awareness of privacy protection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Android App Privacy Risk Assessment: Combining Policy Analysis and Behavioral Monitoring

  • Chenbin Zhao,
  • Cheng Yu,
  • Yang ke,
  • Fangbing Yue,
  • Wenbo Xu,
  • Haoran Chen

摘要

In the current era of ubiquitous smartphones and the expanding dominance of the Android operating system, protecting user privacy has become a pressing concern. This paper presents a novel privacy leakage risk assessment method that leverages both Android privacy policies and application behavior analysis. Initially, the method conducts a dual analysis of privacy policy texts—first by evaluating their readability to determine usability, and then by comparing their contents against existing privacy laws and regulations to assess their completeness. Simultaneously, a static analysis of application source code is employed to extract sensitive behaviors inherent in the application. These extracted behaviors are then cross-referenced with the privacy policy declarations to evaluate the level of consistency. To deliver a comprehensive assessment, a model integrating availability, integrity, and consistency factors is developed, which provides a multi-faceted evaluation of the application’s privacy disclosure risk. Experimental validation on various popular Android applications from both domestic and international markets confirms that the proposed approach effectively identifies privacy leakage risks, thereby supporting users in selecting safer applications and enhancing overall awareness of privacy protection.