Computer Science 5th Year Master's Thesis Presentation
Location:
In Person
-
TCS Hall 360
Speaker:
AKSHATH JAIN
,
Masters Student, Computer Science Department, Carnegie Mellon University
https://akshathjain.com/
ATLAS: Automatically Generating Privacy Labels for Analyzing Mobile App Compliance
Privacy policies are long, complex documents that end-users seldom read. Privacy labels aim to ameliorate these issues by providing succinct descriptions that comprehensively summarize privacy policies. In December 2020, Apple began requiring that app developers submit privacy labels describing their app's data collection practices; however, research indicates that these labels are often incorrect, which in many jurisdictions can introduce potential legal compliance issues.
In this work, we introduce the Automated Privacy Label Analysis System (ATLAS). ATLAS includes three components: a pipeline to systematically retrieve iOS App Store listings and privacy policies; an ensemble based classifier that can generate privacy labels from the text of privacy policies with 91.3% accuracy using state-of-the-art document classification techniques; and a compliance analysis mechanism that enables a large scale privacy analysis of the iOS App Store.
Our system has enabled us to analyze 354,725 iOS apps. We find several concerning trends. For example, only 40.3% of apps provide legitimate privacy policies, even though all apps are required to submit them, and only 29.6% of apps provide both privacy policies and privacy labels. And for apps that provide both, 88.0% have at least one discrepancy between the text of their privacy policy and their privacy label, which we characterize as a potential compliance issue. Overall, we find that apps have 5.32 potential compliance issues on average.
We hope that ATLAS can be used by app developers, researchers, regulators, and mobile markets alike. For example, app developers can use our classifier to aid in automatically generating privacy labels consistent with their privacy policies, and regulators can use our system to effectively review apps for potential compliance issues.
Thesis Committee:
Norman Sadeh (Chair)
Eunsuk Kang