Mobile Application Privacy Risk Assessments from User-authored Scenarios

Mobile applications (apps) provide users valuable benefits at the risk of exposing users to privacy harms. Improving privacy in mobile apps faces several challenges, in particular, that many apps are developed by low resourced software development teams, such as end-user programmers or in startups. In addition, privacy risks are primarily known to users, which can make it difficult for developers to prioritize privacy for sensitive data. In this paper, we introduce a novel, lightweight method that allows app developers to elicit scenarios and privacy risk scores from users directly using only an app screenshot. The technique relies on named entity recognition (NER) to identify information types in user-authored scenarios, which are then fed in real-time to a privacy risk survey that users complete. The best-performing NER model predicts information types with a weighted average precision of 0.70 and recall of 0.72, after post-processing to remove false positives. The model was trained on a labeled 300-scenario corpus, and evaluated in an end-to-end evaluation using an additional 203 scenarios yielding 2,338 user-provided privacy risk scores. Finally, we discuss how developers can use the risk scores to prioritize, select and apply privacy design strategies in the context of four user-authored scenarios.

移动应用（Mobile applications，下称APP）可为用户带来诸多实用价值，但同时也将用户置于隐私侵害的风险之中。改善移动应用的隐私保护现状面临多重挑战，其中尤为突出的一点是，大量应用由资源匮乏的软件开发团队开发，例如终端用户程序员或初创团队。此外，隐私风险主要为用户所熟知，这使得开发者难以将敏感数据的隐私保护列为优先开发事项。在本研究中，我们提出了一种新颖且轻量的方法，可让应用开发者仅通过APP截图即可直接从用户处获取使用场景与隐私风险评分。该技术依托命名实体识别（Named Entity Recognition，NER）来识别用户编写的使用场景中的信息类型，随后将这些信息实时输入至用户需完成的隐私风险调查问卷。经后处理以去除假阳性结果后，性能最优的NER模型在信息类型预测任务上的加权平均精确率达0.70，召回率达0.72。该模型基于包含300条使用场景的标注语料库训练得到，并通过额外203条使用场景开展端到端评估，共收集到2338条用户提供的隐私风险评分。最后，我们讨论了开发者可如何利用该风险评分，在四个用户编写的使用场景的背景下优先考虑、选择并应用隐私设计策略。