Mobile App Privacy Compliance: Automated Technology to Help Regulators, App Stores and Developers

The copyright is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. Poster presented at the 13th Symposium on Usable Privacy and Security (SOUPS 2017). Abstract Mobile apps have to satisfy various privacy requirements. Notably, app publishers are often obligated to provide a privacy policy and notify users of their apps’ privacy practices. But how can a user tell whether an app behaves as its policy promises? In this study we are introducing a scalable system to analyze and predict Android apps’ compliance with privacy requirements. We report on our collaboration with three regulatory agencies. We present analysis results for 17,991 apps. We expect to soon be able to support app store-wide analysis (i.e., over a million apps) and to track changes in non-compliant behavior over time. Beyond its use by regulators and activists our technology is also intended to assist app developers and app store owners in their internal assessments of privacy requirement compliance.