{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T00:49:19Z","timestamp":1771634959211,"version":"3.50.1"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031171451","type":"print"},{"value":"9783031171468","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-17146-8_29","type":"book-chapter","created":{"date-parts":[[2022,9,21]],"date-time":"2022-09-21T23:35:39Z","timestamp":1663803339000},"page":"589-609","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["IoTPrivComp: A Measurement Study of\u00a0Privacy Compliance in\u00a0IoT Apps"],"prefix":"10.1007","author":[{"given":"Javaria","family":"Ahmad","sequence":"first","affiliation":[]},{"given":"Fengjun","family":"Li","sequence":"additional","affiliation":[]},{"given":"Bo","family":"Luo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,9,22]]},"reference":[{"key":"29_CR1","doi-asserted-by":"crossref","unstructured":"Aafer, Y., Tao, G., Huang, J., Zhang, X., Li, N.: Precise android API protection mapping derivation and reasoning. In: ACM CCS, pp. 1151\u20131164 (2018)","DOI":"10.1145\/3243734.3243842"},{"issue":"10","key":"29_CR2","doi-asserted-by":"publisher","first-page":"326","DOI":"10.3390\/info10100326","volume":"10","author":"A Amin","year":"2019","unstructured":"Amin, A., Eldessouki, A., Magdy, M.T., Abdeen, N., Hindy, H., Hegazy, I.: Androshield: automated android applications vulnerability detection, a hybrid static and dynamic analysis approach. Information 10(10), 326 (2019)","journal-title":"Information"},{"key":"29_CR3","unstructured":"Andow, B., et al.: Policylint: investigating internal privacy policy contradictions on google play. In: USENIX Security, pp. 585\u2013602 (2019)"},{"key":"29_CR4","unstructured":"Andow, B.,et al.: Actions speak louder than words: entity-sensitive privacy policy and data flow analysis with policheck. In: USENIX Security, pp. 985\u20131002 (2020)"},{"key":"29_CR5","doi-asserted-by":"crossref","unstructured":"Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. ACM Sigplan. Notice. 49(6), 259\u2013269 (2014)","DOI":"10.1145\/2666356.2594299"},{"issue":"1","key":"29_CR6","doi-asserted-by":"publisher","first-page":"145","DOI":"10.2478\/popets-2021-0009","volume":"2021","author":"L Babun","year":"2021","unstructured":"Babun, L., Celik, Z.B., McDaniel, P., Uluagac, A.S.: Real-time analysis of privacy-(un) aware IoT applications. Proc. Privacy Enhanc. Technol. 2021(1), 145\u2013166 (2021)","journal-title":"Proc. Privacy Enhanc. Technol."},{"key":"29_CR7","unstructured":"Backes, M., Bugiel, S., Derr, E., McDaniel, P., Octeau, D., Weisgerber, S.: On demystifying the android application framework: re-visiting android permission specification analysis. In: USENIX Security, pp. 1101\u20131118 (2016)"},{"key":"29_CR8","doi-asserted-by":"crossref","unstructured":"Bastys, I., Balliu, M., Sabelfeld, A.: If this then what? controlling flows in IoT apps. In: ACM CCS, pp. 1102\u20131119 (2018)","DOI":"10.1145\/3243734.3243841"},{"key":"29_CR9","unstructured":"Celik, Z.B., et al.: Sensitive information tracking in commodity IoT. In: USENIX Security, pp. 1687\u20131704 (2018)"},{"issue":"4","key":"29_CR10","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3333501","volume":"52","author":"ZB Celik","year":"2019","unstructured":"Celik, Z.B., Fernandes, E., Pauley, E., Tan, G., McDaniel, P.: Program analysis of commodity IoT applications for security and privacy: challenges and opportunities. ACM Comput. Surv. 52(4), 1\u201330 (2019)","journal-title":"ACM Comput. Surv."},{"key":"29_CR11","unstructured":"Celik, Z.B., McDaniel, P., Tan, G.: Soteria: automated IoT safety and security analysis. In: USENIX ATC, pp. 147\u2013158 (2018)"},{"key":"29_CR12","doi-asserted-by":"crossref","unstructured":"Celik, Z.B., Tan, G., McDaniel, P.D.: Iotguard: dynamic enforcement of security and safety policy in commodity IoT. In: NDSS (2019)","DOI":"10.14722\/ndss.2019.23326"},{"key":"29_CR13","doi-asserted-by":"crossref","unstructured":"Degeling, M., Utz, C., Lentzsch, C., Hosseini, H., Schaub, F., Holz, T.: We value your privacy... now take some cookies: measuring the gdpr\u2019s impact on web privacy. arXiv preprint arXiv:1808.05096 (2018)","DOI":"10.14722\/ndss.2019.23378"},{"key":"29_CR14","unstructured":"Devlin, J., Chang, M., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805 (2018)"},{"issue":"6137","key":"29_CR15","doi-asserted-by":"publisher","first-page":"1177","DOI":"10.1126\/science.1236536","volume":"340","author":"B Efron","year":"2013","unstructured":"Efron, B.: Bayes\u2019 theorem in the 21st century. Science 340(6137), 1177\u20131178 (2013)","journal-title":"Science"},{"key":"29_CR16","unstructured":"Egelman, S.: Taking responsibility for someone else\u2019s code: studying the privacy behaviors of mobile apps at scale. In: USENIX PEPR (2020)"},{"key":"29_CR17","first-page":"1","volume":"15","author":"T Ermakova","year":"2015","unstructured":"Ermakova, T., Fabian, B., Babina, E.: Readability of privacy policies of healthcare websites. Wirtschaftsinformatik 15, 1\u201315 (2015)","journal-title":"Wirtschaftsinformatik"},{"key":"29_CR18","doi-asserted-by":"crossref","unstructured":"Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627\u2013638 (2011)","DOI":"10.1145\/2046707.2046779"},{"key":"29_CR19","doi-asserted-by":"publisher","unstructured":"Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential pivacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291\u2013307. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-30921-2_17","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"29_CR20","doi-asserted-by":"crossref","unstructured":"Gyory, N., Chuah, M.: Iotone: integrated platform for heterogeneous IoT devices. In: 2017 International Conference on Computing, Networking and Communications (ICNC), pp. 783\u2013787. IEEE (2017)","DOI":"10.1109\/ICCNC.2017.7876230"},{"key":"29_CR21","doi-asserted-by":"crossref","unstructured":"Han, C., et al.: The price is (not) right: comparing privacy in free and paid apps. Proc. Privacy Enhanc. Technol. 2020(3), 222\u2013242 (2020)","DOI":"10.2478\/popets-2020-0050"},{"key":"29_CR22","unstructured":"Harkous, H., Fawaz, K., Lebret, R., Schaub, F., Shin, K.G., Aberer, K.: Polisis: automated analysis and presentation of privacy policies using deep learning. In: USENIX Security, pp. 531\u2013548 (2018)"},{"key":"29_CR23","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1016\/j.cose.2019.02.010","volume":"83","author":"M Hatamian","year":"2019","unstructured":"Hatamian, M., Serna, J., Rannenberg, K.: Revealing the unrevealed: mining smartphone users privacy perception on app markets. Comput. Secur. 83, 332\u2013353 (2019)","journal-title":"Comput. Secur."},{"key":"29_CR24","doi-asserted-by":"crossref","unstructured":"Jia, Y.J., et al.: Contexlot: towards providing contextual integrity to appified IoT platforms. In: 24th Annual Network and Distributed System Security Symposium, San Diego, CA (2017)","DOI":"10.14722\/ndss.2017.23051"},{"key":"29_CR25","doi-asserted-by":"crossref","unstructured":"Kumar, A.: Internet of things for smart cities. IEEE Internet Things J. 1(1) (2014)","DOI":"10.1109\/JIOT.2014.2306328"},{"key":"29_CR26","doi-asserted-by":"crossref","unstructured":"Liao, S., Wilson, C., Cheng, L., Hu, H., Deng, H.: Measuring the effectiveness of privacy policies for voice assistant applications. In: Annual Computer Security Applications Conference, pp. 856\u2013869 (2020)","DOI":"10.1145\/3427228.3427250"},{"key":"29_CR27","doi-asserted-by":"crossref","unstructured":"Libert, T.: An automated approach to auditing disclosure of third-party data collection in website privacy policies. In: World Wide Web Conference, pp. 207\u2013216 (2018)","DOI":"10.1145\/3178876.3186087"},{"issue":"5","key":"29_CR28","doi-asserted-by":"publisher","first-page":"917","DOI":"10.1136\/amiajnl-2012-001072","volume":"19","author":"S Matwin","year":"2012","unstructured":"Matwin, S., Sazonova, V.: Direct comparison between support vector machine and multinomial Naive Bayes algorithms for medical abstract classification. J. Am. Med. Inf. Assoc. 19(5), 917\u2013917 (2012)","journal-title":"J. Am. Med. Inf. Assoc."},{"key":"29_CR29","first-page":"543","volume":"4","author":"AM McDonald","year":"2008","unstructured":"McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. ISJLP 4, 543 (2008)","journal-title":"ISJLP"},{"key":"29_CR30","unstructured":"Monkey. Google, inc. ui\/application exerciser monkey. https:\/\/developer.android.com\/tools\/help\/monkey.html. Accessed Aug 2021"},{"key":"29_CR31","unstructured":"Okoyomon, E., et al.: On the ridiculousness of notice and consent: contradictions in app privacy policies. In: Workshop on Technology and Consumer Protection (ConPro 2019), in Conjunction with the 39th IEEE Symposium on Security and Privacy (2019)"},{"key":"29_CR32","unstructured":"Qark. Tool to look for several security related android application vulnerabilities. https:\/\/github.com\/linkedin\/qark. Accessed Aug 2021"},{"key":"29_CR33","unstructured":"Rahmati, A., Fernandes, E., Jung, J., Prakash, A.: Ifttt vs. zapier: a comparative study of trigger-action programming frameworks. arXiv preprint arXiv:1709.02788 (2017)"},{"key":"29_CR34","doi-asserted-by":"crossref","unstructured":"Rasthofer, S., Arzt, S., Bodden, E.: A machine-learning approach for classifying and categorizing android sources and sinks. In: NDSS, vol. 14, p. 1125 (2014)","DOI":"10.14722\/ndss.2014.23039"},{"key":"29_CR35","doi-asserted-by":"crossref","unstructured":"Rosen, S., Qian, Z., Mao, Z.M.: Appprofiler: a flexible method of exposing privacy-related behavior in android applications to end users. In: ACM CODASPY, pp. 221\u2013232 (2013)","DOI":"10.1145\/2435349.2435380"},{"key":"29_CR36","doi-asserted-by":"crossref","unstructured":"Schmeidl, F., Nazzal, B., Alalfi, M.H.: Security analysis for smart things IoT applications. In: 2019 IEEE\/ACM 6th International Conference on Mobile Software Engineering and Systems (MOBILESoft), pp. 25\u201329. IEEE (2019)","DOI":"10.1109\/MOBILESoft.2019.00013"},{"key":"29_CR37","doi-asserted-by":"crossref","unstructured":"Slavin, R., et al.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th International Conference on Software Engineering, pp. 25\u201336 (2016)","DOI":"10.1145\/2884781.2884855"},{"key":"29_CR38","unstructured":"StevenArzt. Soot-a java optimization framework (2021). https:\/\/github.com\/Sable\/soot. Accessed Aug 2021"},{"key":"29_CR39","unstructured":"A. STUDIO. Apkanalyzer (2020). https:\/\/developer.android.com\/studio\/command-line\/apkanalyzer. Accessed Aug 2021"},{"key":"29_CR40","doi-asserted-by":"crossref","unstructured":"Subahi, A., Theodorakopoulos, G.: Ensuring compliance of IoT devices with their privacy policy agreement. In: 2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud), pp. 100\u2013107. IEEE (2018)","DOI":"10.1109\/FiCloud.2018.00022"},{"issue":"21","key":"29_CR41","doi-asserted-by":"publisher","first-page":"4777","DOI":"10.3390\/s19214777","volume":"19","author":"A Subahi","year":"2019","unstructured":"Subahi, A., Theodorakopoulos, G.: Detecting IoT user behavior and sensitive information in encrypted IoT-app traffic. Sensors 19(21), 4777 (2019)","journal-title":"Sensors"},{"key":"29_CR42","doi-asserted-by":"crossref","unstructured":"Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: Privacyguide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: ACM Workshop on Security and Privacy Analytics, pp. 15\u201321 (2018)","DOI":"10.1145\/3180445.3180447"},{"key":"29_CR43","doi-asserted-by":"publisher","unstructured":"Voigt, P., von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-57959-7","DOI":"10.1007\/978-3-319-57959-7"},{"key":"29_CR44","doi-asserted-by":"crossref","unstructured":"Wang, H., Lai, T. T.-T., Roy Choudhury, R.: Mole: Motion leaks through smartwatch sensors. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pp. 155\u2013166 (2015)","DOI":"10.1145\/2789168.2790121"},{"key":"29_CR45","unstructured":"Wang, S.I., Manning, C.D.: Baselines and bigrams: simple, good sentiment and topic classification. In: Proceedings of the 50th Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers), pp. 90\u201394 (2012)"},{"key":"29_CR46","doi-asserted-by":"crossref","unstructured":"Wang, X., Qin, X., Hosseini, M.B., Slavin, R., Breaux, T.D., Niu, J.: Guileak: tracing privacy policy claims on user input data for android applications. In: Proceedings of the 40th International Conference on Software Engineering, pp. 37\u201347 (2018)","DOI":"10.1145\/3180155.3180196"},{"key":"29_CR47","unstructured":"Wolf, T., et al.: Transformers: state-of-the-art natural language processing. In: Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations, pp. 38\u201345 (2020)"},{"key":"29_CR48","doi-asserted-by":"crossref","unstructured":"Yu, H., Hua, J., Julien, C.: Dataset: analysis of IFTTT recipes to study how humans use internet-of-things (IOT) devices. arXiv preprint arXiv:2110.00068 (2021)","DOI":"10.1145\/3485730.3494115"},{"key":"29_CR49","doi-asserted-by":"crossref","unstructured":"Yu, L., Luo, X., Liu, X., Zhang, T.: Can we trust the privacy policies of android apps? In: 2016 46th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 538\u2013549. IEEE (2016)","DOI":"10.1109\/DSN.2016.55"},{"issue":"4","key":"29_CR50","doi-asserted-by":"publisher","first-page":"865","DOI":"10.1109\/TIFS.2016.2639339","volume":"12","author":"L Yu","year":"2016","unstructured":"Yu, L., Zhang, T., Luo, X., Xue, L., Chang, H.: Toward automatically generating privacy policy for android apps. IEEE Trans. Inf. Forens. Secur. 12(4), 865\u2013880 (2016)","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"29_CR51","doi-asserted-by":"crossref","unstructured":"Zimmeck, S., et al.: Maps: scaling privacy compliance analysis to a million apps. Proc. Priv. Enhancing Tech. 2019, 66 (2019)","DOI":"10.2478\/popets-2019-0037"},{"key":"29_CR52","doi-asserted-by":"crossref","unstructured":"Zimmeck, S., et al.: Automated analysis of privacy requirements for mobile apps. In: AAAI Fall Symposium (2016)","DOI":"10.14722\/ndss.2017.23034"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-17146-8_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,19]],"date-time":"2022-10-19T22:07:11Z","timestamp":1666217231000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-17146-8_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031171451","9783031171468"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-17146-8_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"22 September 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2022.compute.dtu.dk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"562","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"104","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}