Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

{A New Hope}: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated Generation

Shidong Pan, Zhen Tao, Thong Hoang, Dawen Zhang, Tianshi Li, Zhenchang Xing, Sherry Xu, Mark Staples, Thierry Rakotoarivelo, David Lo

TL;DR

This work first formulate CPP in mobile application scenario, and then presents a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications, which has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic.

Abstract

Privacy policies have emerged as the predominant approach to conveying privacy notices to mobile application users. In an effort to enhance both readability and user engagement, the concept of contextual privacy policies (CPPs) has been proposed by researchers. The aim of CPPs is to fragment privacy policies into concise snippets, displaying them only within the corresponding contexts within the application's graphical user interfaces (GUIs). In this paper, we first formulate CPP in mobile application scenario, and then present a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications. This method uniquely integrates vision-based GUI understanding with privacy policy analysis, achieving 0.88 precision and 0.90 recall to detect contexts, as well as 0.98 precision and 0.96 recall in extracting corresponding policy segments. A human evaluation shows that 77% of the extracted privacy policy segments were perceived as well-aligned with the detected contexts. These findings suggest that SeePrivacy could serve as a significant tool for bolstering user interaction with, and understanding of, privacy policies. Furthermore, our solution has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic. A demonstration of our work can be accessed at https://cpp4app.github.io/SeePrivacy/

{A New Hope}: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated Generation

TL;DR

This work first formulate CPP in mobile application scenario, and then presents a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications, which has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic.

Abstract

Privacy policies have emerged as the predominant approach to conveying privacy notices to mobile application users. In an effort to enhance both readability and user engagement, the concept of contextual privacy policies (CPPs) has been proposed by researchers. The aim of CPPs is to fragment privacy policies into concise snippets, displaying them only within the corresponding contexts within the application's graphical user interfaces (GUIs). In this paper, we first formulate CPP in mobile application scenario, and then present a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications. This method uniquely integrates vision-based GUI understanding with privacy policy analysis, achieving 0.88 precision and 0.90 recall to detect contexts, as well as 0.98 precision and 0.96 recall in extracting corresponding policy segments. A human evaluation shows that 77% of the extracted privacy policy segments were perceived as well-aligned with the detected contexts. These findings suggest that SeePrivacy could serve as a significant tool for bolstering user interaction with, and understanding of, privacy policies. Furthermore, our solution has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic. A demonstration of our work can be accessed at https://cpp4app.github.io/SeePrivacy/
Paper Structure (34 sections, 2 equations, 7 figures, 9 tables)

This paper contains 34 sections, 2 equations, 7 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Related Work
  4. Empirical Data Practice Identification
  5. Multimodal Privacy-related Contexts
  6. Cpp4App: The Benchmark Dataset
  7. Mobile Apps Selection
  8. Context Annotation Strategy
  9. Segment Annotation Strategy
  10. Setups and Statistics
  11. SeePrivacy: The Framework
  12. Context Detection Module
  13. Segment Extraction Module
  14. CPPs Presentation Module
  15. Evaluation
  16. ...and 19 more sections

Figures (7)

  • Figure 1: Figure \ref{['fig_intro_install']} represents the install-time reminder of required permissions intro_installtime; Figure \ref{['fig_intro_invoke']} corresponds to the invoke-time reminder that appears when permission is first invoked; Figure \ref{['fig_intro_context']} presents our proposed contextual privacy policy, specifically designed for mobile applications.
  • Figure 2: An overview of SeePrivacy.
  • Figure 3: Failure cases of the mislabel (left, the green bounding box) and the missing label (right, the camera icon).
  • Figure 4: Three examples appeared in the human evaluation.
  • Figure 5: An example of the application scenario of our framework. (1) The homepage of the app at the Google Play app store. (2) Basic information of the app. (3) The showcase screenshots provided by the app developer. (4) The link of privacy policy. (5) The CPPs generated by SeePrivacy.
  • ...and 2 more figures