Google award-winner Ghanavati seeks to better protect personal information of Android app users

Sepideh Ghanavati, an assistant professor of computer science at the University of Maine, is the recipient of a $32,285 Google Faculty Research Award.

The award program was created to “enable building strong relationships with faculty around the world who are pursuing innovative research” and it “plays an important role for Google’s research organization by fostering an exchange of ideas that advances the state of the art.” The award aims to recognize and support world-class faculty pursuing cutting-edge research in areas of mutual interest.

Ghanavati says in recent years the prevalence of mobile applications has exploded; Google Play has more than 3.3 million apps since June 2018.

A 2016 study by Carnegie Mellon University researchers found that 71 percent of Android applications dealing with personal information either lacked privacy policies or had about 1.83 inconsistencies in the privacy policies per application, Ghanavati says.

The inconsistencies, she adds, are because legal experts who don’t have sufficient technical knowledge write privacy policies, and because one to five developers with limited legal or policy knowledge do a lot of app development.

Because there is no change management, or controlled identification and implementation of required changes, Ghanavati says policies remain unchanged during the life cycle of the application.

To support developers generating privacy policies that are consistent with the applications and to better protect the personal information of Android app users, Ghanavati proposes a recommender system that translates permission functionalities of Android applications into a set of privacy statements that can be inserted into privacy policies.

“Our approach leverages deep learning approaches such as neural machine translation (NMT) to translate the source code into natural language privacy statements,” she says.

This work is one of the first of its kind in leveraging deep learning techniques to generate short privacy statements from code.

“If successful, the cost of compliance could be reduced for developers since they would not need a legal expert for creating privacy policies and it also can lead to less penalties,” Ghanavati says. “It also could build trust between the users and the developers (with having fewer breach of privacy).”

Her research project is titled “Privacy Statements’ Recommender System based on Permission Methods of Android Applications.”

Ghanavati, who also directs the Privacy Engineering — Regulatory Compliance Lab (PERC_Lab) at UMaine, has been invited to give a Google Tech Talk about her research. A date for the talk hasn’t yet been announced.

Contact: Alan Berry, 207.581.1955