ArXivCSExplorer
☆☆Bookmarks🏆RSSHow to UseFAQ
Built with and by Teycir Ben Soltane•
How to Use•FAQ•GitHub•arXiv.org•
Share:

~ similar to 2605.27667v1· 20 results

cs.CRcs.AIcs.CLRecentApr 1, 2026

Do Phone-Use Agents Respect Your Privacy?

Zhengyang Tang, Ke Ji, Xidong Wang, Zihan Ye +18 more

The paper introduces MyPhoneBench, a new framework that demonstrates that current phone-use agents often fail to respect user privacy, even when successfully completing simple tasks, primarily due to…

View →
cs.CRcs.HCRecentApr 25, 2026

PrivacyAssist: A User-Centric Agent Framework for Detecting Privacy Inconsistencies in Android Apps

Tran Thanh Lam Nguyen, Edoardo Di Tullio, Barbara Carminati, Elena Ferrari

PrivacyAssist is a multi-agent LLM framework that detects inconsistencies between user-granted app permissions and the app's actual data collection practices, finding that most apps are not fully tran…

View →
cs.CRcs.HCRecentMar 30, 2026

Uncovering Relationships between Android Developers, User Privacy, and Developer Willingness to Reduce Fingerprinting Risks

Alex Berke, Güliz Seray Tuncay, Michael Specter, Mihai Christodorescu

The study surveyed Android developers to assess their willingness to adopt changes that mitigate device fingerprinting risks, finding that developers overwhelmingly support privacy protections even wi…

View →
cs.CRRecentMar 31, 2026

An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps

Ioannis Karyotakis, Foivos Timotheos Proestakis, Evangelos Talos, Diomidis Spinellis +1 more

The paper empirically compares the security and privacy implementation characteristics of major Android messaging apps (Meta Messenger, Signal, and Telegram) using static and dynamic analysis, finding…

View →
cs.CRRecentJun 2, 2026

Don't Trust Us: A privacy-by-design android malware detection pipeline

Emmanuele Massidda, Diego Soi, Giorgio Giacinto

The paper proposes a privacy-by-design pipeline for Android malware detection that achieves strong performance by avoiding the collection of sensitive user data entirely.

View →
cs.CRcs.NIcs.SERecentApr 15, 2026

AndroScanner: Automated Backend Vulnerability Detection for Android Applications

Harini Dandu

AndroScanner is an automated pipeline that detects backend vulnerabilities in Android applications by combining static and dynamic analysis, successfully identifying a zero-day Excessive Data Exposure…

View →
cs.CRRecentApr 17, 2026

PolicyGapper: Automated Detection of Inconsistencies Between Google Play Data Safety Sections and Privacy Policies Using LLMs

Luca Ferrari, Billel Habbati, Meriem Guerar, Mariano Ceccato +1 more

PolicyGapper is an LLM-based tool that automatically detects inconsistencies and omissions between a mobile app's Google Play Data Safety Section and its official Privacy Policy, identifying thousands…

View →
cs.CRRecentMay 10, 2026

Permit: Permission-Aware Representation Intervention for Controlled Generation in Large Language Models

Pengcheng Sun, Lan Zhang, Zhaopeng Zhang, Jiewei Lai +1 more

Permit is a novel framework that enforces fine-grained, permission-aware control over the hidden states of LLMs, preventing information leakage even when sensitive data is present in the context.

View →
cs.CRcs.HCRecentApr 27, 2026

Listen to the Voices of Everyday Users: Democratizing Privacy Ratings for Sensitive Data Access in Mobile Apps

Liu Wang, Tianshu Zhou, Haoyu Wang, Yi Wang

The paper proposes and evaluates DePRa, a system that democratizes privacy assessment by making everyday users active evaluators of mobile app data access, showing its potential to complement expert a…

View →
cs.CRRecentMar 25, 2026

An Empirical Analysis of Google Play Data Safety Disclosures: A Consistency Study of Privacy Indicators in Mobile Gaming Apps

Bakheet Aljedaani

This study empirically analyzed 41 mobile gaming apps, finding that while device ID disclosures were relatively consistent, location and personal information disclosures showed significant mismatches…

View →
cs.CRcs.CYRecentMay 3, 2026

What's on Your Mind? Exploring Privacy of Mental Health Apps

Chloe Georgiou, Hans Lu, Emiliano De Cristofaro, Gene Tsudik

The paper analyzed 25 popular mental health apps and found significant privacy gaps, revealing that most apps fail to disclose embedded trackers and dangerous permissions, undermining informed user co…

View →
cs.SEcs.AIcs.CRRecentApr 4, 2026

Measuring the Permission Gate: A Stress-Test Evaluation of Claude Code's Auto Mode

Zimo Ji, Zongjie Li, Wenyuan Jiang, Yudong Gao +1 more

The paper independently stress-tests Claude Code's auto mode permission system using a deliberately ambiguous benchmark, finding that its true false negative rate is significantly higher than reported…

View →
cs.CRRecentMay 25, 2026

Ecosystem-Driven Privacy Exposure in Mobile Gaming Apps: A Configuration-Aware Empirical Analysis

Bakheet Aljedaani

This study empirically demonstrates that privacy exposure in mobile gaming apps is primarily driven by complex, configuration-level SDK ecosystems rather than just the permissions the app explicitly r…

View →
cs.CRcs.SERecentApr 20, 2026

Do Privacy Policies Match with the Logs? An Empirical Study of Privacy Disclosure in Android Application Logs

Zhiyuan Chen, Love Jayesh Ahir, Ahmad Suleiman, Kundi Yao +3 more

This study empirically analyzed 1,000 Android apps, finding that privacy policies are often vague and frequently fail to align with the actual sensitive data logged by the applications.

View →
cs.CRcs.AIcs.SERecentMay 12, 2026

Options, Not Clicks: Lattice Refinement for Consent-Driven MCP Authorization

Ying Li, Yanju Chen, Peiran Wang, Issac Khabra +3 more

The paper introduces Conleash, a client-side middleware that uses a risk lattice to enforce granular, boundary-scoped authorization for tool invocations, significantly improving user consent and secur…

View →
cs.CRRecentApr 14, 2026

Mitigating S-RAHA: An On-device Framework to Prevent Forwarding of Re-Captured Images

Keshav Sood, Iynkaran Natgunanathan, Purathani Praitheeshan, Praitheeshan Kirupananthan

The paper proposes an on-device framework to detect and prevent the forwarding of images that have been physically recaptured (photographed) from a mobile screen, addressing the Screen Recaptured Anal…

View →
cs.CRRecentApr 16, 2026

NFTDELTA: Detecting Permission Control Vulnerabilities in NFT Contracts through Multi-View Learning

Hailu Kuang, Xiaoqi Li, Wenkai Li, Zongwei Li

NFTDELTA is a novel framework that uses multi-view learning on static code analysis to detect permission control vulnerabilities in NFT contracts with high accuracy.

View →
cs.CRRecentMar 23, 2026

When the Abyss Looks Back: Unveiling Evolving Dark Patterns in Cookie Consent Banners

Nivedita Singh, Seyoung Jin, Hyoungshick Kim

The paper introduces UMBRA, a novel system that detects evolved and subtle dark patterns in cookie consent banners, demonstrating that systematic non-compliance and user autonomy erosion are widesprea…

View →
cs.CRRecentApr 30, 2026

WOOTdroid: Whole-system Online On-device Tracing for Android

Simon Althaus, Nikolaos Alexopoulos, Max Mühlhäuser, Christian Reuter +1 more

WOOTdroid is a novel, non-invasive system for comprehensive on-device tracing on stock Android that simultaneously addresses syscall data loss and the semantic gap in Binder IPC events.

View →
cs.CRcs.SERecentJun 2, 2026

SkillGuard: A Permission Framework for Agent Skills

Shidong Pan, Xiaoyu Sun, Tianyi Zhang, Dianshu Liao +2 more

SkillGuard introduces a novel, skill-centric permission framework to secure LLM agent skill ecosystems by jointly regulating both context influence and runtime action side effects.

View →