A Sensitive Data Leakage Detection and Privacy Policy Analyzing Application for Android Systems (PriVot)

Abstract

Mobile applications can have access to various sensitive information to accomplish the business requirements as well as user requirements. Due to the sensitivity of this information, app developers are bound by the regulations to provide a privacy policy that describes their data collection practices. However, there were many incidents where the privacy policies were inconsistent with the actual data practices. Additionally, the privacy policies are often too long and difficult to grasp just by reading them due to their complex language. To address this hurdle, we propose a mobile application “PriVot”. PriVot has a privacy policy analyzer built with a hierarchical classifier using convolutional neural networks to provide a detailed and unambiguous summary indicating the data that is being collected by each app and their purpose for being collected Furthermore, it monitors the network traffic of the device with the aid of a Transport Layer Security(TLS) proxy, a Forwarder, and a Traffic Analyzer that operates on-device without requiring root privileges to identify potential data leakages and privacy policy violations. We present "PriVot" which achieved a 67.4% accuracy on privacy policy analysis and a 72.5% throughput at a low latency overhead with the network traffic monitoring.