Deakin University
Browse

File(s) under permanent embargo

Scrutinizing Privacy Policy Compliance of Virtual Personal Assistant Apps

conference contribution
posted on 2023-02-22, 02:22 authored by F Xie, Yanjun Zhang, C Yan, S Li, L Bu, K Chen, Z Huang, G Bai
A large number of functionality-rich and easily accessible applications have become popular among various virtual personal assistant (VPA) services such as Amazon Alexa. VPA applications (or VPA apps for short) are accompanied by a privacy policy document that informs users of their data handling practices. These documents are usually lengthy and complex for users to comprehend, and developers may intentionally or unintentionally fail to comply with them. In this work, we conduct the first systematic study on the privacy policy compliance issue of VPA apps. We develop Skipper, which targets Amazon Alexa skills. It automatically depicts the skill into the declared privacy profile by analyzing their privacy policy documents with Natural Language Processing (NLP) and machine learning techniques, and derives the behavioral privacy profile of the skill through a black-box testing. We conduct a large-scale analysis on all skills listed on Alexa store, and find that a large number of skills suffer from the privacy policy noncompliance issues.

History

Pagination

1-13

ISBN-13

9781450396240

Publication classification

E1 Full written paper - refereed

Title of proceedings

ACM International Conference Proceeding Series

Event

ASE '22: 37th IEEE/ACM International Conference on Automated Software Engineering

Publisher

ACM

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC