{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:47:56Z","timestamp":1772041676929,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,10]],"date-time":"2022-10-10T00:00:00Z","timestamp":1665360000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,10]]},"DOI":"10.1145\/3551349.3560416","type":"proceedings-article","created":{"date-parts":[[2023,1,5]],"date-time":"2023-01-05T20:43:54Z","timestamp":1672951434000},"page":"1-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["Scrutinizing Privacy Policy Compliance of Virtual Personal Assistant Apps"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5446-3081","authenticated-orcid":false,"given":"Fuman","family":"Xie","sequence":"first","affiliation":[{"name":"University of Queensland, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5611-3483","authenticated-orcid":false,"given":"Yanjun","family":"Zhang","sequence":"additional","affiliation":[{"name":"Deakin University, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6390-9890","authenticated-orcid":false,"given":"Chuan","family":"Yan","sequence":"additional","affiliation":[{"name":"University of Queensland, Australia"}]},{"given":"Suwan","family":"Li","sequence":"additional","affiliation":[{"name":"Nanjing University, China"}]},{"given":"Lei","family":"Bu","sequence":"additional","affiliation":[{"name":"Nanjing University, China"}]},{"given":"Kai","family":"Chen","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, China"}]},{"given":"Zi","family":"Huang","sequence":"additional","affiliation":[{"name":"University of Queensland, Australia"}]},{"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"University of Queensland, Australia"}]}],"member":"320","published-online":{"date-parts":[[2023,1,5]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"1998. Children\u2019s Online Privacy Protection Rule (\u201dCOPPA\u201d). https:\/\/www.ftc.gov\/legal-library\/browse\/rules\/childrens-online-privacy-protection-rule-coppa"},{"key":"e_1_3_2_1_2_1","unstructured":"2012. Negative Vocabulary Word List. https:\/\/www.enchantedlearning.com\/wordlist\/negativewords.shtml"},{"key":"e_1_3_2_1_3_1","unstructured":"2018. GDPR Article 13 - Information to be provided where personal data are collected from the data subject. https:\/\/gdpr-info.eu\/art-13-gdpr\/"},{"key":"e_1_3_2_1_4_1","volume-title":"Create Your Amazon Household. Retrieved","year":"2022","unstructured":"2020. Create Your Amazon Household. Retrieved January 7, 2022 from https:\/\/www.amazon.com\/gp\/help\/customer\/display.html?nodeId=GYLAACCNR8G3VVRM"},{"key":"e_1_3_2_1_5_1","volume-title":"Retrieved","year":"2022","unstructured":"2020. General Data Protection Regulation(GDPR). Retrieved January 26, 2022 from https:\/\/gdpr-info.eu\/"},{"key":"e_1_3_2_1_6_1","unstructured":"2020. Google Fined $57M by Data Protection Watchdog Over GDPR Violations. https:\/\/digitalguardian.com\/blog\/google-fined-57m-data-protection-watchdog-over-gdpr-violations"},{"key":"e_1_3_2_1_7_1","unstructured":"2020. NLTK Documentations. Retrieved January 26 2022 from https:\/\/www.nltk.org"},{"key":"e_1_3_2_1_8_1","unstructured":"2021. Amazon Gets Record $888 Million EU Fine Over Data Violations. https:\/\/www.bloomberg.com\/news\/articles\/2021-07-30\/amazon-given-record-888-million-eu-fine-for-data-privacy-breach"},{"key":"e_1_3_2_1_9_1","unstructured":"2021. Colorado Privacy Act (\u201dCPA\u201d). https:\/\/www.consumerprivacyact.com\/colorado-privacy-act-cpa\/"},{"key":"e_1_3_2_1_10_1","volume-title":"Amazon Developer Console. Retrieved","year":"2022","unstructured":"2022. Amazon Developer Console. Retrieved April 1, 2022 from https:\/\/developer.amazon.com\/alexa\/console\/ask"},{"key":"e_1_3_2_1_11_1","unstructured":"2022. California Consumer Privacy Act. https:\/\/oag.ca.gov\/privacy\/ccpa"},{"key":"e_1_3_2_1_12_1","unstructured":"2022. SKIPPER (Source Code). https:\/\/github.com\/UQ-Trust-Lab\/SKIPPER"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","unstructured":"2022. SKIPPER (Zenodo). https:\/\/doi.org\/10.5281\/zenodo.7045277","DOI":"10.5281\/zenodo.7045277"},{"key":"e_1_3_2_1_14_1","unstructured":"2022. SpaCy Documentations. Retrieved April 1 2022 from https:\/\/spacy.io"},{"key":"e_1_3_2_1_15_1","unstructured":"2022. To detect the language of the text. https:\/\/pypi.org\/project\/langdetect\/"},{"key":"e_1_3_2_1_16_1","volume-title":"Understand Smart Home Skills. Retrieved","year":"2022","unstructured":"2022. Understand Smart Home Skills. Retrieved January 7, 2022 from https:\/\/developer.amazon.com\/en-US\/docs\/alexa\/smarthome\/understand-the-smart-home-skill-api.html"},{"key":"e_1_3_2_1_17_1","volume-title":"Virtual Assistant Technology - Statistics & Facts. Retrieved","year":"2022","unstructured":"2022. Virtual Assistant Technology - Statistics & Facts. Retrieved April 1, 2022 from https:\/\/www.statista.com\/topics\/5572\/virtual-assistants\/#topicHeader__wrapper"},{"key":"e_1_3_2_1_18_1","unstructured":"2022. WordNet Documentations. Retrieved January 26 2022 from https:\/\/wordnet.princeton.edu\/"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 28th USENIX Conference on Security Symposium (Usenix Security). 585\u2013602","author":"Andow Benjamin","year":"2019","unstructured":"Benjamin Andow, Samin\u00a0Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. Policylint: Investigating Internal Privacy Policy Contradictions on Google Play. In Proceedings of the 28th USENIX Conference on Security Symposium (Usenix Security). 585\u2013602."},{"key":"e_1_3_2_1_20_1","unstructured":"California Consumer Privacy\u00a0Act (CCPA). 2022. E. REQUESTS TO DELETE PERSONAL INFORMATION."},{"key":"e_1_3_2_1_21_1","unstructured":"Amazon\u00a0Developer Documentation. 2022. Configure Permissions for Customer Information in Your Skill. https:\/\/developer.amazon.com\/en-US\/docs\/alexa\/custom-skills\/configure-permissions-for-customer-information-in-your-skill.html"},{"key":"e_1_3_2_1_22_1","unstructured":"Amazon\u00a0Developer Documentation. 2022. Policy Testing. https:\/\/developer.amazon.com\/en-US\/docs\/alexa\/custom-skills\/policy-testing-for-an-alexa-skill.html"},{"key":"e_1_3_2_1_23_1","unstructured":"Amazon\u00a0Developer Documentation. 2022. Security Testing for an Alexa Skill. https:\/\/developer.amazon.com\/en-US\/docs\/alexa\/custom-skills\/security-testing-for-an-alexa-skill.html"},{"key":"e_1_3_2_1_24_1","unstructured":"Amazon\u00a0Developer Documentation. 2022. Test with the Alexa Simulator. https:\/\/developer.amazon.com\/en-US\/docs\/alexa\/devconsole\/alexa-simulator.html"},{"key":"e_1_3_2_1_25_1","volume-title":"SkillVet: Automated Traceability Analysis of Amazon Alexa Skills","author":"Edu Jide","year":"2021","unstructured":"Jide Edu, Xavi\u00a0Ferrer Aran, Jose Such, and Guillermo Suarez-Tangil. 2021. SkillVet: Automated Traceability Analysis of Amazon Alexa Skills. IEEE Transactions on Dependable and Secure Computing (2021)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512289"},{"key":"e_1_3_2_1_27_1","unstructured":"Google. 2022. Manage your Google app permissions. https:\/\/support.google.com\/websearch\/answer\/10000369?hl=en&ref_topic=6032684"},{"key":"e_1_3_2_1_28_1","volume-title":"29th USENIX Security Symposium (USENIX Security). 2649\u20132666","author":"Guo Zhixiu","year":"2020","unstructured":"Zhixiu Guo, Zijin Lin, Pan Li, and Kai Chen. 2020. Skillexplorer: Understanding the behavior of skills in large scale. In 29th USENIX Security Symposium (USENIX Security). 2649\u20132666."},{"key":"e_1_3_2_1_29_1","volume-title":"27th USENIX security symposium (USENIX Security). 33\u201347.","author":"Kumar Deepak","unstructured":"Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Adam Bates, and Michael Bailey. 2018. Skill squatting attacks on Amazon Alexa. In 27th USENIX security symposium (USENIX Security). 33\u201347."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3539609"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23111"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417067"},{"key":"e_1_3_2_1_33_1","volume-title":"Guided Model-based VUI Testing of VPA Apps. In 37th IEEE\/ACM International Conference on Automated Software Engineering (ASE\u201922)","author":"Li Suwan","year":"2022","unstructured":"Suwan Li, Lei Bu, Guangdong Bai, Zhixiu Guo, Kai Chen, and Hanlin Wei. 2022. Guided Model-based VUI Testing of VPA Apps. In 37th IEEE\/ACM International Conference on Automated Software Engineering (ASE\u201922)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427250"},{"key":"e_1_3_2_1_35_1","unstructured":"Shuang Liu Renjie Guo Baiyang Zhao Tao Chen and Meishan Zhang. 2020. APPCorp: A Corpus for Android Privacy Policy Document Structure Analysis. CoRR abs\/2005.06945(2020). arXiv:2005.06945"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450022"},{"key":"e_1_3_2_1_37_1","volume-title":"In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE. 289\u2013294","author":"Niharika\u00a0Guntamukkala Rozita\u00a0Dara","year":"2015","unstructured":"Rozita\u00a0Dara Niharika\u00a0Guntamukkala and Gary Grewal. 2015. A machinelearning based approach for measuring the completeness of online privacy policies. In In 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA). IEEE. 289\u2013294."},{"key":"e_1_3_2_1_38_1","unstructured":"Jason\u00a0DM Rennie. 2001. Improving multi-class text classification with naive Bayes. (2001)."},{"key":"e_1_3_2_1_39_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS). 17\u201333","author":"Schlegel Roman","year":"2011","unstructured":"Roman Schlegel, Kehuan Zhang, Xiao-yong Zhou, Mehool Intwala, Apu Kapadia, and XiaoFeng Wang. 2011. Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the Network and Distributed System Security Symposium (NDSS). 17\u201333."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884855"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/RE48521.2020.00025"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Payton Walker and Nitesh Saxena. 2021. Evaluating the Effectiveness of Protection Jamming Devices in Mitigating Smart Speaker Eavesdropping Attacks Using Gaussian White Noise. In Annual Computer Security Applications Conference (ACSAC). 414\u2013424.","DOI":"10.1145\/3485832.3485896"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180196"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-95405-5_12"},{"key":"e_1_3_2_1_45_1","volume-title":"SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild. In 31st USENIX Security Symposium (USENIX Security).","author":"Young Jeffrey","year":"2022","unstructured":"Jeffrey Young, Song Liao, Long Cheng, Hongxin Hu, and Huixing Deng. 2022. SkillDetective: Automated Policy-Violation Detection of Voice Assistant Applications in the Wild. In 31st USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.55"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00016"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.61"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23525"},{"key":"e_1_3_2_1_50_1","volume-title":"Proc. of the Network and Distributed System Security Symposium (NDSS).","author":"Zimmeck Sebastian","year":"2016","unstructured":"Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven Bellovin, and Joel Reidenberg. 2016. Automated analysis of privacy requirements for mobile apps. In Proc. of the Network and Distributed System Security Symposium (NDSS)."}],"event":{"name":"ASE '22: 37th IEEE\/ACM International Conference on Automated Software Engineering","location":"Rochester MI USA","acronym":"ASE '22"},"container-title":["Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3560416","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3551349.3560416","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T07:57:26Z","timestamp":1755849446000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3560416"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,10]]},"references-count":50,"alternative-id":["10.1145\/3551349.3560416","10.1145\/3551349"],"URL":"https:\/\/doi.org\/10.1145\/3551349.3560416","relation":{},"subject":[],"published":{"date-parts":[[2022,10,10]]},"assertion":[{"value":"2023-01-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}