Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
¾Èµå·ÎÀ̵å Á¤Àû ºÐ¼®À» È°¿ëÇÑ °³ÀÎÁ¤º¸ 󸮹æħÀÇ ½Å·Ú¼º ºÐ¼® |
| ¿µ¹®Á¦¸ñ(English Title) |
Reliability Analysis of Privacy Policies Using Android Static Analysis |
| ÀúÀÚ(Author) |
Á¤À±±³
Yoonkyo Jung
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 12 NO. 01 PP. 0017 ~ 0024 (2023. 01) |
Çѱ۳»¿ë
(Korean Abstract) |
¸ð¹ÙÀÏ ¾ÛÀº »ç¿ëÀÚÀÇ ÆíÀǸ¦ À§ÇØ °³ÀÎÁ¤º¸¿¡ Á¢±ÙÇÒ ¼ö ÀÖ´Â ±ÇÇÑÀ» ÀÚÁÖ ¿äûÇÑ´Ù. ÇÏÁö¸¸ ÀÌ¿¡ µû¶ó ¸ð¹ÙÀÏ ¾ÛÀ» ÀÌ¿ëÇÏ´Â µ¿¾È Çã¿ëµÇÁö ¾ÊÀº °³ÀÎÁ¤º¸°¡ À¯ÃâµÇ´Â ¹®Á¦°¡ ¸¹ÀÌ ¹ß»ýÇß´Ù. ÀÌ·¯ÇÑ ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ ±¸±Û ¾Û½ºÅä¾î¿¡ µî·ÏµÈ ¾ÛÀº °³ÀÎÁ¤º¸ 󸮹æħ¿¡ »ç¿ëÀÚÀÇ °³ÀÎÁ¤º¸¸¦ ¾Û¿¡¼ ¾î¶»°Ô È°¿ëÇÏ´ÂÁö ¸í½ÃÇϵµ·Ï Çß´Ù. ÇÏÁö¸¸ ¾ÛÀÌ ¼öÇàÇÏ´Â °³ÀÎÁ¤º¸ ¼öÁý ¹× ó¸® °úÁ¤ÀÌ °³ÀÎÁ¤º¸ 󸮹æħ¿¡ Á¤È®È÷ °ø°³µÇ¾î ÀÖ´ÂÁö È®ÀÎÇϱ⠾î·Á¿ì¸ç, ¸ð¹ÙÀÏ ¾Û »ç¿ëÀÚ°¡ ¾ÛÀÌ Á¢±ÙÇÒ ¼ö ÀÖ´Â °³ÀÎÁ¤º¸¿¡ ´ëÇØ ¾Ë±â À§Çؼ´Â °³ÀÎÁ¤º¸ 󸮹æħ¿¡ ÀÇÁ¸Çؾ߸¸ ÇÑ´Ù. º» ¿¬±¸¿¡¼´Â °³ÀÎÁ¤º¸ 󸮹æħ°ú ¸ð¹ÙÀÏ ¾ÛÀ» ºÐ¼®ÇÏ¿© °³ÀÎÁ¤º¸ 󸮹æħÀÇ ½Å·Ú¼ºÀ» È®ÀÎÇÏ´Â ½Ã½ºÅÛÀ» Á¦½ÃÇÑ´Ù. ¸ÕÀú °³ÀÎÁ¤º¸ 󸮹æħÀÇ ÅؽºÆ®¸¦ ÃßÃâ ¹× ºÐ¼®ÇÏ¿© ¸ð¹ÙÀÏ ¾ÛÀÌ ¾î¶² °³ÀÎÁ¤º¸¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù°í °ø°³ÇÏ´ÂÁö È®ÀÎÇÑ´Ù. ÀÌÈÄ ¾Èµå·ÎÀ̵å Á¤Àû ºÐ¼®À» ÅëÇØ ¾ÛÀÌ Á¢±ÙÇÒ ¼ö ÀÖ´Â °³ÀÎÁ¤º¸ ºÐ·ù¸¦ È®ÀÎÇÏ°í, µÎ °á°ú¸¦ ºñ±³ÇÏ¿© °³ÀÎÁ¤º¸ 󸮹æħÀ» ½Å·ÚÇÒ ¼ö ÀÖ´ÂÁö ºÐ¼®ÇÑ´Ù. ½ÇÇèÀ» À§ÇØ ±¸±Û ¾Û½ºÅä¾î¿¡ µî·ÏµÈ ¾à 13,000°³ ¾Èµå·ÎÀÌµå ¾ÛÀÇ ÆÐÅ°Áö ÆÄÀÏ°ú ºÎ°¡Á¤º¸¸¦ ¼öÁýÇÑ µÚ ºÐ¼®ÇÒ ¼ö ÀÖ´Â ¾ÛÀ» ¼±Á¤Çϱâ À§ÇØ 4°¡Áö Á¶°Ç¿¡ µû¶ó Àü󸮸¦ ÁøÇàÇß´Ù. ¼±Á¤ÇÑ ¾ÛÀ» ´ë»óÀ¸·Î ÅؽºÆ® ºÐ¼®°ú ¸ð¹ÙÀÏ ¾Û ºÐ¼®À» ÁøÇàÇÏ°í, À̸¦ ºñ±³ÇÏ¿© ¸ð¹ÙÀÏ ¾ÛÀº °³ÀÎÁ¤º¸ 󸮹æħ¿¡ °ø°³ÇÑ °Íº¸´Ù ´õ¿í ¸¹Àº °³ÀÎÁ¤º¸¿¡ Á¢±ÙÇÒ ¼ö ÀÖÀ½À» Áõ¸íÇÑ´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Mobile apps frequently request permission to access sensitive data for user convenience. However, while using mobile applications, sensitive and personal data has been leaked even if users do not allow it. To deal with this problem, Google App Store has required developers to disclose how the mobile app handles user data in a privacy policy. However, users are not certain that the privacy policy describes all the app¡¯s behavior. They have no choice but to rely on the privacy policy to confirm how the app uses data. This study designed a system that checks the reliability of privacy policies by analyzing the privacy policy texts and mobile apps. First, the system extracts and analyzes the privacy policy texts to check which personal data the privacy policy discloses that the mobile apps can collect. After analyzing which data apps can access using android static analysis, we compare both results to analyze the reliability of privacy policies. For the experiment, we collected the APK files and metadata of about 13K android apps registered in the Google Play Store and preprocessed the apps by four conditions. According to the comparison between privacy policies and mobile app behavior, many apps can access more personal data than disclosed in the privacy policy. |
| Å°¿öµå(Keyword) |
°³ÀÎÁ¤º¸ 󸮹æħ
Á¤Àû ºÐ¼®
°³ÀÎÁ¤º¸º¸È£
¾Èµå·ÎÀÌµå ¾Û
Privacy Policy
Static Analysis
Data Privacy
Android Application
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
