The market for Intelligent Connected vehicles (ICVs) is growing rapidly worldwide. One of the unique features provided by ICV is their companion mobile apps (called as ICV Apps) for end consumers, which facilitates functionalities such as remote vehicle control and management. However, previous research has shown that these apps generally lack transparency in their interactions with third-party services when collecting and sharing user data, raising significant privacy concerns among vehicle owners (app users). In particular, there are often inconsistencies between the privacy policies and third-party statements regarding the descriptions and intentions for the use of data items. In this paper, we propose PPChecker, a novel framework for automatically detecting inconsistencies in statements between mobile vehicle apps and their integrated third-party SDKs. More specifically, our research focuses on identifying two types of issues in privacy policy statements: missing data statements and ambiguous data statements. Both of these issues lead to privacy in-compliance of the mobile vehicle apps. To achieve this goal, PPChecker adopts an LLM-driven text analysis approach, specifically the Graph of Thought method, to identify potential inconsistencies. Evaluation results showed that PPChecker achieves 96.97% precision and 88.89% recall. In addition, we adopt PPChecker to analyze the privacy policies of 160 mobile vehicle apps, and uncovered a number of privacy in-compliance instances.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Detecting Inconsistent Privacy Statements Between Mobile Vehicle Apps and Their Third-Party Integrations

  • Jiaying Huang,
  • Luwa Li,
  • Jiayue Lian,
  • Jiawei Wang,
  • Yuhong Nan

摘要

The market for Intelligent Connected vehicles (ICVs) is growing rapidly worldwide. One of the unique features provided by ICV is their companion mobile apps (called as ICV Apps) for end consumers, which facilitates functionalities such as remote vehicle control and management. However, previous research has shown that these apps generally lack transparency in their interactions with third-party services when collecting and sharing user data, raising significant privacy concerns among vehicle owners (app users). In particular, there are often inconsistencies between the privacy policies and third-party statements regarding the descriptions and intentions for the use of data items. In this paper, we propose PPChecker, a novel framework for automatically detecting inconsistencies in statements between mobile vehicle apps and their integrated third-party SDKs. More specifically, our research focuses on identifying two types of issues in privacy policy statements: missing data statements and ambiguous data statements. Both of these issues lead to privacy in-compliance of the mobile vehicle apps. To achieve this goal, PPChecker adopts an LLM-driven text analysis approach, specifically the Graph of Thought method, to identify potential inconsistencies. Evaluation results showed that PPChecker achieves 96.97% precision and 88.89% recall. In addition, we adopt PPChecker to analyze the privacy policies of 160 mobile vehicle apps, and uncovered a number of privacy in-compliance instances.