{A New Hope}: Contextual Privacy Policies for Mobile Applications and An Approach Toward Automated Generation

TL;DR

This paper introduces SeePrivacy, a multimodal framework that automatically generates contextual privacy policies for mobile apps by integrating GUI understanding and policy analysis, improving user engagement and comprehension.

Contribution

It presents a novel approach combining vision-based GUI analysis with privacy policy extraction to generate context-aware privacy notices for mobile applications.

Findings

Achieved 0.88 precision and 0.90 recall in context detection.

Achieved 0.98 precision and 0.96 recall in policy segment extraction.

77% human approval rate for extracted privacy segments.

Abstract

Privacy policies have emerged as the predominant approach to conveying privacy notices to mobile application users. In an effort to enhance both readability and user engagement, the concept of contextual privacy policies (CPPs) has been proposed by researchers. The aim of CPPs is to fragment privacy policies into concise snippets, displaying them only within the corresponding contexts within the application's graphical user interfaces (GUIs). In this paper, we first formulate CPP in mobile application scenario, and then present a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications. This method uniquely integrates vision-based GUI understanding with privacy policy analysis, achieving 0.88 precision and 0.90 recall to detect contexts, as well as 0.98 precision and 0.96 recall in extracting corresponding policy segments. A human evaluation shows that 77% of the extracted privacy policy segments were perceived as well-aligned with the detected contexts. These findings suggest that SeePrivacy could serve as a significant tool for bolstering user interaction with, and understanding of, privacy policies. Furthermore, our solution has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic. A demonstration of our work can be accessed at https://cpp4app.github.io/SeePrivacy/