AutoPrivacyModel: Automated Feature Modelling for Identifying Illegitimate Uses of Privacy-Sensitive Data in Mobile Applications


  • Advocate a privacy protection ecosystem that shifts burden from users to developers and app stores, enforcing app design and deployment guidelines that are sensible and sensory
    • Sensible: provide meaningful functionality for users
    • Sensory: provide sensory feedback for users
  • Model the features of legitimate & illegitimate private data uses in apps under various contexts
    • A new legitimacy definition based on user-perceivable and measurable app features
    • A set of techniques and a new framework for automatically determining legitimacy and mitigating misuses based on GUI and code contexts
    • A vocabulary that describes the relations among app features and private data uses
  • Automatically determine the legitimacy of each use of private data in each app for each user
    • Automated: reduce burden on users
    • Fine-grained: control each private data use case, versus one decision for the whole app
    • Customizable: customize for different users and different contexts, versus fixed decisions for the same app or user

Existing Solutions and Their Limitations

  • Biased training: need to assume some apps are "benign" for training classification models
  • Limited view of app contexts: under-utilized the links among perceivable GUI features, app functionalities, and norms of private data uses across apps
  • Coarse-grained: make fixed one-time decisions at app-level or library/package-level



  • High-precision & high-recall GUI feature modelling and app functionality modelling prototypes
  • High-precision vocabulary describing the relations among app GUI features, functionalities , and private data uses


  • An effective legitimacy definition for capturing misuses of private data
  • An efficient, high-precision & high-recall prototype for detecting and mitigating misuses of private data on users' device.

Practical Applications and Impact

  • Enhance user and developer awareness and the ecosystem for privacy protection
  • Advocate the sensory and sensible principle for more kinds of smart apps
  • Improve users' trust on smart apps and systems to facilitate SmartNation Initiative
  • Applications for (1) app stores to build  the norms of private data uses and analyse apps offline, (2) mobile system developers to manage private data uses and monitor apps on-device, (3) mobile app developers to be more privacy-aware during app development, and (4) users to customize privacy preferences and usage controls on-device.

System Architecture/Description

  • Key hypothesis: Legitimate uses of private data in an app should have user-perceivable elements relevant for the app's functionalities wanted by the user.



  • Key approach: Automated feature modelling & legitimacy decision via static/dynamic program analysis and machine learning




Keep up to date with what's happening at the Singapore Management University

Newsletter checkboxes