TY - GEN
T1 - Understanding the inconsistencies between text descriptions and the use of privacy-sensitive resources of mobile apps
AU - Watanabe, Takuya
AU - Akiyama, Mitsuaki
AU - Sakai, Tetsuya
AU - Washizaki, Hironori
AU - Mori, Tatsuya
N1 - Funding Information:
We are grateful to the authors of WHYPER framework [11] for sharing the invaluable datasets with the research community. We also thank Akira Kanaoka for inspiring us to start this work. Our special thanks are to Lira Park, Gracia Rusli, Ahro Oh, Suthinan Thanintranon, Karyu Chen, Xia Tian, Bo Sun, Jiarong Chen, Xuefeng Zhang, Hao Wang, Dan Li, Chen Wang for their assistance in collecting the labeled text descriptions used in this work. Finally, we thank the anonymous reviewers for their thoughtful suggestions for improving this paper. In particular, we thank our shepherd, William Enck for his valuable feedback.
Publisher Copyright:
© 2015 by The USENIX Association.
PY - 2019
Y1 - 2019
N2 - Permission warnings and privacy policy enforcement are widely used to inform mobile app users of privacy threats. These mechanisms disclose information about use of privacy-sensitive resources such as user location or contact list. However, it has been reported that very few users pay attention to these mechanisms during installation. Instead, a user may focus on a more user-friendly source of information: text description, which is written by a developer who has an incentive to attract user attention. When a user searches for an app in a marketplace, his/her query keywords are generally searched on text descriptions of mobile apps. Then, users review the search results, often by reading the text descriptions; i.e., text descriptions are associated with user expectation. Given these observations, this paper aims to address the following research question: What are the primary reasons that text descriptions of mobile apps fail to refer to the use of privacy-sensitive resources? To answer the research question, we performed empirical large-scale study using a huge volume of apps with our ACODE (Analyzing COde and DEscription) framework, which combines static code analysis and text analysis. We developed light-weight techniques so that we can handle hundred of thousands of distinct text descriptions. We note that our text analysis technique does not require manually labeled descriptions; hence, it enables us to conduct a large-scale measurement study without requiring expensive labeling tasks. Our analysis of 200,000 apps and multilingual text descriptions collected from official and third-party Android marketplaces revealed four primary factors that are associated with the inconsistencies between text descriptions and the use of privacy-sensitive resources: (1) existence of app building services/frameworks that tend to add API permissions/code unnecessarily, (2) existence of prolific developers who publish many applications that unnecessarily install permissions and code, (3) existence of secondary functions that tend to be unmentioned, and (4) existence of third-party libraries that access to the privacy-sensitive resources. We believe that these findings will be useful for improving users' awareness of privacy on mobile software distribution platforms.
AB - Permission warnings and privacy policy enforcement are widely used to inform mobile app users of privacy threats. These mechanisms disclose information about use of privacy-sensitive resources such as user location or contact list. However, it has been reported that very few users pay attention to these mechanisms during installation. Instead, a user may focus on a more user-friendly source of information: text description, which is written by a developer who has an incentive to attract user attention. When a user searches for an app in a marketplace, his/her query keywords are generally searched on text descriptions of mobile apps. Then, users review the search results, often by reading the text descriptions; i.e., text descriptions are associated with user expectation. Given these observations, this paper aims to address the following research question: What are the primary reasons that text descriptions of mobile apps fail to refer to the use of privacy-sensitive resources? To answer the research question, we performed empirical large-scale study using a huge volume of apps with our ACODE (Analyzing COde and DEscription) framework, which combines static code analysis and text analysis. We developed light-weight techniques so that we can handle hundred of thousands of distinct text descriptions. We note that our text analysis technique does not require manually labeled descriptions; hence, it enables us to conduct a large-scale measurement study without requiring expensive labeling tasks. Our analysis of 200,000 apps and multilingual text descriptions collected from official and third-party Android marketplaces revealed four primary factors that are associated with the inconsistencies between text descriptions and the use of privacy-sensitive resources: (1) existence of app building services/frameworks that tend to add API permissions/code unnecessarily, (2) existence of prolific developers who publish many applications that unnecessarily install permissions and code, (3) existence of secondary functions that tend to be unmentioned, and (4) existence of third-party libraries that access to the privacy-sensitive resources. We believe that these findings will be useful for improving users' awareness of privacy on mobile software distribution platforms.
UR - http://www.scopus.com/inward/record.url?scp=85075955607&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075955607&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85075955607
T3 - SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
SP - 241
EP - 255
BT - SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
PB - USENIX Association
T2 - 11th Symposium on Usable Privacy and Security, SOUPS 2015
Y2 - 22 July 2015 through 24 July 2015
ER -