Aligning Declarations and Practices: Evaluating Privacy Policy Consistency with App Permissions Using Generative AI
摘要
In an era where mobile app usage is intertwined with privacy concerns, this paper presents a groundbreaking approach in the realm of privacy protection through the alignment of app code and policy. Building upon the foundations laid by significant studies in privacy and preference management, risk assessment, and static analysis for security and malware detection, our research introduces an innovative method utilizing Generative AI (GenAI) for scrutinizing mobile applications. Specifically, our work focuses on detecting discrepancies between the permissions requested by an app and the stipulations within its privacy policy. This novel application of GenAI in static analysis enables a meticulous examination of both the language of privacy policies and the corresponding app codebase. Our methodology not only aids in identifying mismatches indicative of potential privacy risks and non-compliance with regulations like GDPR but also streamlines the process of auditing apps for GDPR compliance.