안드로이드 정적 분석을 활용한개인정보 처리방침의 신뢰성 분석

Mobile apps frequently request permission to access sensitive data for user convenience. However, while using mobile applications,sensitive and personal data has been leaked even if users do not allow it. To deal with this problem, Google App Store has requireddevelopers to disclose how the mobile app handles user data in a privacy policy. However, users are not certain that the privacy policydescribes all the app’s behavior. They have no choice but to rely on the privacy policy to confirm how the app uses data. This studydesigned a system that checks the reliability of privacy policies by analyzing the privacy policy texts and mobile apps. First, the systemextracts and analyzes the privacy policy texts to check which personal data the privacy policy discloses that the mobile apps can collect. After analyzing which data apps can access using android static analysis, we compare both results to analyze the reliability of privacypolicies. For the experiment, we collected the APK files and metadata of about 13K android apps registered in the Google Play Storeand preprocessed the apps by four conditions. According to the comparison between privacy policies and mobile app behavior, manyapps can access more personal data than disclosed in the privacy policy.