Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle
To comply with legal requirements for personal data privacy protection, mobile App developers typically disclose their data collection practices to users through privacy policies. Researchers have proposed various methods using natural language processing (NLP) techniques to analyze privacy policy t...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024084 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1823864914365644800 |
|---|---|
| author | YU Peihou XU Tianchen SUN Wenqian CHEN Yunfang YU Le ZHANG Wei |
| author_facet | YU Peihou XU Tianchen SUN Wenqian CHEN Yunfang YU Le ZHANG Wei |
| author_sort | YU Peihou |
| collection | DOAJ |
| description | To comply with legal requirements for personal data privacy protection, mobile App developers typically disclose their data collection practices to users through privacy policies. Researchers have proposed various methods using natural language processing (NLP) techniques to analyze privacy policy texts and perform compliance checks. However, most existing studies focus on principles like transparency, openness, and legality, leaving a gap in the evaluation of the ‘minimum necessary’ principle. For this purpose, a framework called MNPD (minimum necessary principle detection) was proposed for automated compliance checking of applications from the perspective of the ‘minimum necessary’ principle. Initially, a multi-label text classification model categorized the target App based on its service type to determine the range of ‘minimum necessary information’ for different App categories. Then, prompt words were constructed to guide the large language model in extracting data collection practices of the App under its basic business functionality mode, transforming them into privacy statement triples and standardizing them. Finally, the compliance checking model conducted consistency checks on the text representation of the target App and evaluated its adherence to the ‘minimum necessary’ principle. The experimental results show that the proposed method achieves 86.20% F1 score in the automated analysis of 101 ‘Online Audio-Visual’ Apps obtained from Huawei’s application market. |
| format | Article |
| id | doaj-art-b4245eb16fc54defbfa3c4879ed536c4 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-b4245eb16fc54defbfa3c4879ed536c42025-02-08T19:00:12ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-12-011010912280361906Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principleYU PeihouXU TianchenSUN WenqianCHEN YunfangYU LeZHANG WeiTo comply with legal requirements for personal data privacy protection, mobile App developers typically disclose their data collection practices to users through privacy policies. Researchers have proposed various methods using natural language processing (NLP) techniques to analyze privacy policy texts and perform compliance checks. However, most existing studies focus on principles like transparency, openness, and legality, leaving a gap in the evaluation of the ‘minimum necessary’ principle. For this purpose, a framework called MNPD (minimum necessary principle detection) was proposed for automated compliance checking of applications from the perspective of the ‘minimum necessary’ principle. Initially, a multi-label text classification model categorized the target App based on its service type to determine the range of ‘minimum necessary information’ for different App categories. Then, prompt words were constructed to guide the large language model in extracting data collection practices of the App under its basic business functionality mode, transforming them into privacy statement triples and standardizing them. Finally, the compliance checking model conducted consistency checks on the text representation of the target App and evaluated its adherence to the ‘minimum necessary’ principle. The experimental results show that the proposed method achieves 86.20% F1 score in the automated analysis of 101 ‘Online Audio-Visual’ Apps obtained from Huawei’s application market.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024084Appprivacy policylarge language modelminimum necessary principle |
| spellingShingle | YU Peihou XU Tianchen SUN Wenqian CHEN Yunfang YU Le ZHANG Wei Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle 网络与信息安全学报 App privacy policy large language model minimum necessary principle |
| title | Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle |
| title_full | Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle |
| title_fullStr | Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle |
| title_full_unstemmed | Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle |
| title_short | Detecting privacy compliance of mobile applications from the perspective of the "minimum necessary" principle |
| title_sort | detecting privacy compliance of mobile applications from the perspective of the minimum necessary principle |
| topic | App privacy policy large language model minimum necessary principle |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024084 |
| work_keys_str_mv | AT yupeihou detectingprivacycomplianceofmobileapplicationsfromtheperspectiveoftheminimumnecessaryprinciple AT xutianchen detectingprivacycomplianceofmobileapplicationsfromtheperspectiveoftheminimumnecessaryprinciple AT sunwenqian detectingprivacycomplianceofmobileapplicationsfromtheperspectiveoftheminimumnecessaryprinciple AT chenyunfang detectingprivacycomplianceofmobileapplicationsfromtheperspectiveoftheminimumnecessaryprinciple AT yule detectingprivacycomplianceofmobileapplicationsfromtheperspectiveoftheminimumnecessaryprinciple AT zhangwei detectingprivacycomplianceofmobileapplicationsfromtheperspectiveoftheminimumnecessaryprinciple |