Alibaba Innovative Research (AIR) > Data Security and Privacy Protection
Automated Detection of Privacy Compliance Risks in Android Apps

Research Themes

Data Security and Privacy Protection

Background

With the promulgation of data security laws and regulations and the enhancement of user security awareness, personal data security has received more and more attention in both academia and industry. Due to the large amount of personal data involved in the use of mobile apps, it is particularly important to ensure the rationality during their data collection.

 

However, the privacy compliance problem of mobile apps is not simply checking whether user data is collected, the core problem is whether the data collection is user intended and whether it meets the requirements of relevant regulations such as the Principle of Least Privilege (POLP). On the basis of traditional privacy identification, how to correlate user intent and policy requirements to more automatically and accurately identify privacy compliance risks of apps has great research value for enterprises.

 

In view of this, we intend to conduct research on privacy compliance risks in mobile apps. We expect to determine user intentions by identifying the source and transmission of user data in apps with the help of dynamic and static analysis techniques, and at the same time, we expect to combine policies and regulations to build detection models to automatically discover privacy compliance risks, so as to better protect the data security in mobile apps.


Challenge

Current program analysis techniques mainly have the following limitations:

 

1.      Program analysis can locate the data collection point in the app, but it is difficult to intelligently check whether the data collection is reasonable.

2.      Some information collection points (such as the ID card, address, etc. entered by the user in the form) are difficult to locate through the system API.

 

Therefore, the current solution still relies heavily on manual review, which makes it difficult to save time through automated processing.


Target

  1. Design a privacy compliance analysis model and implement a tool, which can automatically analyze the Android apps. The tool should be able to cover as many data collection points as possible in the program, determine the consistency of program behavior with user intentions, privacy policies, and regulatory requirements, and finally determine whether there is a privacy compliance risk in the data collection point in the app.
  2. Detect privacy compliance risks on 100+ typical Android apps of Alibaba ecosystem, it is expected to have an accuracy rate of over 50% and a recall rate of over 80%.
  3. Jointly publish the top conference papers recognized by Alibaba.

Related Research Topics

Data Security, Program Analysis, Privacy Compliance Analysis.

Scan QR code
关注Ali TechnologyWechat Account