Automatic Detection for Privacy Violations in Android Applications

While providing significant convenience for people, mobile applications (Apps) bring serious privacy leakage and invasion threats over certain platforms (e.g., Android) due to privacy violations. To protect users from these threats, a lot of works related to privacy violation detection have been proposed. However, few of them particularly check the violations, including lacking privacy policy, collecting privacy before statement, lacking account cancelation service, and stubborn permission request. Toward this end, we design an automatic detection tool named PVDetector to detect these violations in Android Apps. We extract and construct relevant threat forms by statically and dynamically analyzing Apps' behaviors, and then fine tune these forms through threat-form-matching methods on problematic Apps. Finally, a comprehensive experiment is conducted to detect privacy violations on different Android application markets by PVDetector. Specifically, we detect 16 162 Android Apps (involving people's various aspects of life) collected from six popular official application markets and three special categories. The experiment results indicate that the situation that Apps contain privacy violations is greatly serious in these markets and categories. We also randomly check the experiment results of 385 Apps. The check results illustrate that the detection accuracy of PVDetector can reach 93%.