Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle

Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle

To comply with legal requirements for personal data privacy protection, mobile App developers typically disclose their data collection practices to users through privacy policies. Researchers have proposed various methods using natural language processing (NLP) techniques to analyze privacy policy t...

Full description

Saved in:
Bibliographic Details
Main Authors: YU Peihou, XU Tianchen, SUN Wenqian, CHEN Yunfang, YU Le, ZHANG Wei
Format: Article
Language:English
Published: POSTS&TELECOM PRESS Co., LTD 2024-12-01
Series:网络与信息安全学报
Subjects:
App
privacy policy
large language model
minimum necessary principle
Online Access:http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024084
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To comply with legal requirements for personal data privacy protection, mobile App developers typically disclose their data collection practices to users through privacy policies. Researchers have proposed various methods using natural language processing (NLP) techniques to analyze privacy policy texts and perform compliance checks. However, most existing studies focus on principles like transparency, openness, and legality, leaving a gap in the evaluation of the ‘minimum necessary’ principle. For this purpose, a framework called MNPD (minimum necessary principle detection) was proposed for automated compliance checking of applications from the perspective of the ‘minimum necessary’ principle. Initially, a multi-label text classification model categorized the target App based on its service type to determine the range of ‘minimum necessary information’ for different App categories. Then, prompt words were constructed to guide the large language model in extracting data collection practices of the App under its basic business functionality mode, transforming them into privacy statement triples and standardizing them. Finally, the compliance checking model conducted consistency checks on the text representation of the target App and evaluated its adherence to the ‘minimum necessary’ principle. The experimental results show that the proposed method achieves 86.20% F1 score in the automated analysis of 101 ‘Online Audio-Visual’ Apps obtained from Huawei’s application market.
ISSN:2096-109X

Similar Items