PrivacyAssist is a multi-agent LLM framework that detects inconsistencies between user-granted app permissions and the app's actual data collection practices, finding that most apps are not fully tran…

The study surveyed Android developers to assess their willingness to adopt changes that mitigate device fingerprinting risks, finding that developers overwhelmingly support privacy protections even wi…

This study empirically analyzed 41 mobile gaming apps, finding that while device ID disclosures were relatively consistent, location and personal information disclosures showed significant mismatches…

The paper introduces MyPhoneBench, a new framework that demonstrates that current phone-use agents often fail to respect user privacy, even when successfully completing simple tasks, primarily due to…

This study empirically demonstrates that privacy exposure in mobile gaming apps is primarily driven by complex, configuration-level SDK ecosystems rather than just the permissions the app explicitly r…

The paper analyzed 25 popular mental health apps and found significant privacy gaps, revealing that most apps fail to disclose embedded trackers and dangerous permissions, undermining informed user co…

PolicyGapper is an LLM-based tool that automatically detects inconsistencies and omissions between a mobile app's Google Play Data Safety Section and its official Privacy Policy, identifying thousands…

The paper characterizes logging code security issues and benchmarks LLMs, finding that while LLMs can moderately detect these issues, they struggle significantly with reliably generating correct code…

The paper empirically compares the security and privacy implementation characteristics of major Android messaging apps (Meta Messenger, Signal, and Telegram) using static and dynamic analysis, finding…

The paper proposes and evaluates DePRa, a system that democratizes privacy assessment by making everyday users active evaluators of mobile app data access, showing its potential to complement expert a…

The paper introduces the PrivacyIceberg framework to systematically categorize and empirically demonstrate the high risk of automated, deep personal profiling using LLM agents, revealing a significant…

The paper proposes a privacy-by-design pipeline for Android malware detection that achieves strong performance by avoiding the collection of sensitive user data entirely.

WOOTdroid is a novel, non-invasive system for comprehensive on-device tracing on stock Android that simultaneously addresses syscall data loss and the semantic gap in Binder IPC events.

This study investigated user reactions to inferred personal information from their own ChatGPT histories, finding that acceptability is governed by context-sensitive norms regarding generation, retent…

The paper proposes a novel test-driven pipeline that simulates realistic code generation scenarios to detect privacy leaks in LLMs, achieving a 2.56x increase in detected leakage compared to existing…

This study investigates user perceptions of privacy risks associated with GenAI smartphones, finding that users express heightened concerns across the entire data lifecycle and suggest comprehensive,…

By analyzing over 27,000 posts from 325 public ransomware leak sites, this paper demonstrates that ransomware groups exhibit non-random, predictable operational regularities concerning victim concentr…

The paper introduces PrivSTRUCT, a structural encoder-decoder framework that significantly improves the extraction of data item and purpose pairs from privacy policies, revealing that developers often…

The paper introduces a static analysis pipeline using graph kernels to automatically attribute unknown Android proxy malware to specific commercial proxy networks with high accuracy.

The paper analyzes Android's permission system and finds that two legacy mechanisms—permission groups and normal-level custom permissions—allow apps to silently gain excessive permissions and expose s…