Intelligent analysis of android application privacy policy and permission consistency

Abstract

Listen

Translate article

With the continuous development of mobile devices, mobile applications bring a lot of convenience to people’s lives. The abuse of mobile device permissions is prone to the risk of privacy leakage. The existing detection technology can detect the inconsistency between the declared authority and the actual use authority. But using the third-party privacy policy as the analysis basis for SDK permissions will result in a large set of extracted declaration permissions, which will lead to identifying risky applications as normal applications during consistency comparison. The prevailing approach involves utilizing models based on TextCNN to extract information from privacy policies. However, the training of TextCNN relies on large-scale annotated datasets, leading to high costs. This paper uses BERT as the word vector extraction model to obtain private phrases from the privacy policy. And then we use cosine similarity to automatically filter permission phrase samples, reducing the workload of manual labeling. On the other hand, existing methods do not support the analysis of Chinese privacy policies. In order to solve the problem of consistency judgment between Chinese privacy policy and permission usage, we implement a BERT-based Android privacy policy and permission usage consistency analysis engine. The engine first uses static analysis to obtain the permission list of Android applications, and then combines the BERT model to achieve consistency analysis. After functional and speed testing, we found that the engine can successfully run the consistency analysis function of Chinese declaration permissions and usage permissions, and it is better than the existing detection methods.