网络与信息安全学报2024,Vol.10Issue(6):109-122,14.DOI:10.11959/j.issn.2096-109x.2024084
"最小必要"原则视角检测移动应用程序的隐私合规性
Detecting privacy compliance of mobile applications from the perspective of the"minimum necessary"principle
摘要
Abstract
To comply with legal requirements for personal data privacy protection,mobile App developers typically disclose their data collection practices to users through privacy policies.Researchers have proposed various meth-ods using natural language processing(NLP)techniques to analyze privacy policy texts and perform compliance checks.However,most existing studies focus on principles like transparency,openness,and legality,leaving a gap in the evaluation of the'minimum necessary'principle.For this purpose,a framework called MNPD(minimum necessary principle detection)was proposed for automated compliance checking of applications from the perspec-tive of the'minimum necessary'principle.Initially,a multi-label text classification model categorized the target App based on its service type to determine the range of'minimum necessary information'for different App catego-ries.Then,prompt words were constructed to guide the large language model in extracting data collection practices of the App under its basic business functionality mode,transforming them into privacy statement triples and stan-dardizing them.Finally,the compliance checking model conducted consistency checks on the text representation of the target App and evaluated its adherence to the'minimum necessary'principle.The experimental results show that the proposed method achieves 86.20%F1 score in the automated analysis of 101'Online Audio-Visual'Apps obtained from Huawei's application market.关键词
App/隐私政策/大语言模型/最小必要原则Key words
App/privacy policy/large language model/minimum necessary principle分类
信息技术与安全科学引用本文复制引用
余佩厚,徐天辰,孙雯倩,陈云芳,于乐,张伟.."最小必要"原则视角检测移动应用程序的隐私合规性[J].网络与信息安全学报,2024,10(6):109-122,14.基金项目
国家自然科学基金(62202406) The National Natural Science Foundation of China(62202406) (62202406)
