{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T03:46:37Z","timestamp":1768016797100,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,10]],"date-time":"2022-10-10T00:00:00Z","timestamp":1665360000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,10]]},"DOI":"10.1145\/3551349.3560436","type":"proceedings-article","created":{"date-parts":[[2023,1,5]],"date-time":"2023-01-05T20:43:54Z","timestamp":1672951434000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Are they Toeing the Line? Diagnosing Privacy Compliance Violations among Browser Extensions"],"prefix":"10.1145","author":[{"given":"Yuxi","family":"Ling","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore and Huazhong University of Science and Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"University of Queensland, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jin Song","family":"Dong","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,1,5]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/edps.europa.eu\/data-protection\/our-work\/publications\/legislation\/directive-9546ec_en,visited","author":"Directive","year":"2022","unstructured":"[1] Directive 95\/46\/EC.1995. https:\/\/edps.europa.eu\/data-protection\/our-work\/publications\/legislation\/directive-9546ec_en,visited in August 2022."},{"key":"e_1_3_2_1_2_1","unstructured":"Benjamin Andow Samin\u00a0Yaseer Mahmud Justin Whitaker William Enck Bradley Reaves Kapil Singh and Serge Egelman. 2020. Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with POLICHECK."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Vanessa Ayala-Rivera and Liliana Pasquale. 2018. The Grace Period Has Ended: An Approach to Operationalize GDPR Requirements. In RE. 136\u2013146.","DOI":"10.1109\/RE.2018.00023"},{"key":"e_1_3_2_1_4_1","volume-title":"https:\/\/pypi.org\/project\/beautifulsoup4,visited","year":"2022","unstructured":"[4] BeautifulSoup4.2014. https:\/\/pypi.org\/project\/beautifulsoup4,visited in August 2022."},{"key":"e_1_3_2_1_5_1","volume-title":"General Personal Data Protection Law. https:\/\/iapp.org\/resources\/article\/brazilian-data-protection-law-lgpd-english-translation,visited","year":"2022","unstructured":"Brazil. 2018. General Personal Data Protection Law. https:\/\/iapp.org\/resources\/article\/brazilian-data-protection-law-lgpd-english-translation,visited in August 2022."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Cheng Chang Huaxin Li Yichi Zhang Suguo Du Hui Cao and Haojin Zhu. 2019. Automated and Personalized Privacy Policy Extraction Under GDPR Consideration. In WASA.","DOI":"10.1007\/978-3-030-23597-0_4"},{"key":"e_1_3_2_1_7_1","unstructured":"[7] Chrome Extension Dataset Repository.Visited in August 2022. https:\/\/github.com\/ExtPPCompliance\/PPCompliance."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022627411411"},{"key":"e_1_3_2_1_9_1","volume-title":"BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In NAACL-HLT. 4171\u20134186.","author":"Devlin Jacob","year":"2019","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2019. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In NAACL-HLT. 4171\u20134186."},{"key":"e_1_3_2_1_10_1","unstructured":"[10] Esprima.Visited in August 2022. https:\/\/esprima.org."},{"key":"e_1_3_2_1_11_1","volume-title":"https:\/\/chrome.google.com\/webstore\/detail\/insertlearning\/dehajjkfchegiinhcmoclkfbnmpgcahj, visited","author":"Extension Learning\u00a0Chrome","year":"2022","unstructured":"[11] InsertLearning\u00a0Chrome Extension.2017. https:\/\/chrome.google.com\/webstore\/detail\/insertlearning\/dehajjkfchegiinhcmoclkfbnmpgcahj, visited in August 2022."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Ming Fan Le Yu Sen Chen Hao Zhou Xiapu Luo Shuyue Li Yang Liu Jun Liu and Ting Liu. 2020. An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps. In ISSRE.","DOI":"10.1109\/ISSRE5003.2020.00032"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0895-4356(03)00177-X"},{"key":"e_1_3_2_1_14_1","unstructured":"[14] Global Desktop Browser Market Share for 2022.Visited in August 2022. https:\/\/kinsta.com\/browser-market-share."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASRU.2013.6707742"},{"key":"e_1_3_2_1_16_1","volume-title":"Computing inter-rater reliability for observational data: an overview and tutorial. Tutorials in quantitative methods for psychology 8, 1","author":"Hallgren A","year":"2012","unstructured":"Kevin\u00a0A Hallgren. 2012. Computing inter-rater reliability for observational data: an overview and tutorial. Tutorials in quantitative methods for psychology 8, 1 (2012), 23."},{"key":"e_1_3_2_1_17_1","volume-title":"Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. In USENIX Security. 531\u2013548.","author":"Harkous Hamza","year":"2018","unstructured":"Hamza Harkous, Kassem Fawaz, R\u00e9mi Lebret, Florian Schaub, Kang\u00a0G. Shin, and Karl Aberer. 2018. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. In USENIX Security. 531\u2013548."},{"key":"e_1_3_2_1_18_1","first-page":"2989","article-title":"Towards evaluating GDPR compliance in IoT applications","volume":"176","author":"Kaneen Christos\u00a0Karageorgiou","year":"2020","unstructured":"Christos\u00a0Karageorgiou Kaneen and Euripides\u00a0G.M. Petrakis. 2020. Towards evaluating GDPR compliance in IoT applications. KES 176(2020), 2989\u20132998.","journal-title":"KES"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Logan Lebanoff and Fei Liu. 2018. Automatic Detection of Vague Words and Sentences in Privacy Policies. In EMNLP. 3508\u20133517.","DOI":"10.18653\/v1\/D18-1387"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Song Liao Christin Wilson Long Cheng Hongxin Hu and Huixing Deng. 2020. Measuring the Effectiveness of Privacy Policies for Voice Assistant Applications. In ACSAC. 856\u2013869.","DOI":"10.1145\/3427228.3427250"},{"key":"e_1_3_2_1_21_1","volume-title":"The Privacy Policy Landscape After the GDPR. PETS 2020(2020)","author":"Linden Thomas","year":"2020","unstructured":"Thomas Linden, Hamza Harkous, and Kassem Fawaz. 2020. The Privacy Policy Landscape After the GDPR. PETS 2020(2020), 47 \u2013 64."},{"key":"e_1_3_2_1_22_1","unstructured":"[22] List of Chrome extensions.Visited in August 2022. https:\/\/github.com\/DebugBear\/chrome-extension-list."},{"key":"e_1_3_2_1_23_1","unstructured":"Fei Liu Rohan Ramanath Norman\u00a0M. Sadeh and Noah\u00a0A. Smith. 2014. A Step Towards Usable Privacy Policy: Automatic Alignment of Privacy Statements. In COLING."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Shuang Liu Baiyang Zhao Renjie Guo Guozhu Meng Fan Zhang and Meishan Zhang. 2021. Have You Been Properly Notified? Automatic Compliance Analysis of Privacy Policy Text with GDPR Article 13. In WWW. 2154\u20132164.","DOI":"10.1145\/3442381.3450022"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2960690"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Najmeh Mousavi\u00a0Nejad Simon Scerri and Jens Lehmann. 2018. KnIGHT: Mapping Privacy Policies to GDPR. In Knowledge Engineering and Knowledge Management Catherine Faron\u00a0Zucker Chiara Ghidini Amedeo Napoli and Yannick Toussaint (Eds.).","DOI":"10.1007\/978-3-030-03667-6_17"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Kanthashree Mysore\u00a0Sathyendra Shomir Wilson Florian Schaub Sebastian Zimmeck and Norman Sadeh. 2017. Identifying the Provision of Choices in Privacy Policy Text. In EMNLP. 2774\u20132779.","DOI":"10.18653\/v1\/D17-1294"},{"key":"e_1_3_2_1_28_1","unstructured":"Monica Palmirani and Guido Governatori. 2018. Modelling Legal Knowledge for GDPR Compliance Checking. In JURIX Vol.\u00a0313. 101\u2013110."},{"key":"e_1_3_2_1_29_1","volume-title":"Glove: Global vectors for word representation. In EMNLP. 1532\u20131543.","author":"Pennington Jeffrey","year":"2014","unstructured":"Jeffrey Pennington, Richard Socher, and Christopher\u00a0D Manning. 2014. Glove: Global vectors for word representation. In EMNLP. 1532\u20131543."},{"key":"e_1_3_2_1_30_1","volume-title":"Examining COPPA Compliance at Scale. PETS (06","author":"Reyes Irwin","year":"2018","unstructured":"Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari, Abbas Razaghpanah, Narseo Vallina-Rodriguez, and Serge Egelman. 2018. \u201cWon\u2019t Somebody Think of the Children?\u201d Examining COPPA Compliance at Scale. PETS (06 2018), 63\u201383."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"David Sarne Jonathan Schler Alon Singer Ayelet Sela and Ittai Bar Siman\u00a0Tov. 2019. Unsupervised Topic Extraction from Privacy Policies. In WWW. 563\u2013568.","DOI":"10.1145\/3308560.3317585"},{"key":"e_1_3_2_1_32_1","unstructured":"Kanthashree\u00a0Mysore Sathyendra Florian Schaub Shomir Wilson and Norman\u00a0M. Sadeh. 2016. Automatic Extraction of Opt-Out Choices from Privacy Policies. In AAAI."},{"key":"e_1_3_2_1_33_1","volume-title":"Personal Data Protection Act. https:\/\/www.pdpc.gov.sg\/Overview-of-PDPA\/The-Legislation\/Personal-Data-Protection-Act, visited","year":"2022","unstructured":"Singapore. 2012. Personal Data Protection Act. https:\/\/www.pdpc.gov.sg\/Overview-of-PDPA\/The-Legislation\/Personal-Data-Protection-Act, visited in August 2022."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Rocky Slavin Xiaoyin Wang Mitra\u00a0Bokaei Hosseini James Hester Ram Krishnan Jaspreet Bhatia Travis\u00a0D. Breaux and Jianwei Niu. 2016. Toward a Framework for Detecting Privacy Policy Violations in Android Application Code. In ICSE. 25\u201336.","DOI":"10.1145\/2884781.2884855"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Peter Story Sebastian Zimmeck and Norman\u00a0M. Sadeh. 2018. Which Apps Have Privacy Policies? - An Analysis of Over One Million Google Play Store Apps. In APF.","DOI":"10.1007\/978-3-030-02547-2_1"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Welderufael\u00a0B. Tesfay Peter Hofmann Toru Nakamura Shinsaku Kiyomoto and Jetzabel Serna. 2018. I Read but Don\u2019t Agree: Privacy Policy Benchmarking Using Machine Learning and the EU GDPR. In WWW. 163\u2013166.","DOI":"10.1145\/3184558.3186969"},{"key":"e_1_3_2_1_37_1","unstructured":"[37] The Selenium Project.Visited in August 2022. https:\/\/www.selenium.dev."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"crossref","unstructured":"Jake Tom Eduard Sing and Raimundas Matulevi\u010dius. 2018. Conceptual Representation of the GDPR: Model and Application Directions. In BIR Jelena Zdravkovic J\u0101nis Grabis Selmin Nurcan and Janis Stirna (Eds.). 18\u201328.","DOI":"10.1007\/978-3-319-99951-7_2"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Damiano Torre Ghanem Soltana Mehrdad Sabetzadeh Lionel Briand Yuri Auffinger and Peter Goes. 2019. Using Models to Enable Compliance Checking Against the GDPR: An Experience Report. In MODELS. 1\u201311.","DOI":"10.1109\/MODELS.2019.00-20"},{"key":"e_1_3_2_1_40_1","volume-title":"General Data Protection Regulation. https:\/\/gdpr-info.eu,visited","author":"Union European","year":"2022","unstructured":"European Union. 2016. General Data Protection Regulation. https:\/\/gdpr-info.eu,visited in August 2022."},{"key":"e_1_3_2_1_41_1","volume-title":"California Consumer Privacy Act. https:\/\/oag.ca.gov\/privacy\/ccpa, visited","author":"California","year":"2022","unstructured":"California (USA). 2018. California Consumer Privacy Act. https:\/\/oag.ca.gov\/privacy\/ccpa, visited in August 2022."},{"key":"e_1_3_2_1_42_1","volume-title":"It\u2019s the Contents: Intra-domain Fingerprinting Social Media Websites Through CDN Bursts. In 30th The Web Conference (WWW).","author":"Wang Kailong","year":"2021","unstructured":"Kailong Wang, Junzhe Zhang, Guangdong Bai, Ryan Ko, and Jin\u00a0Song Dong. 2021. It\u2019s Not Just the Site, It\u2019s the Contents: Intra-domain Fingerprinting Social Media Websites Through CDN Bursts. In 30th The Web Conference (WWW)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"crossref","unstructured":"Kailong Wang Yuwei Zheng Qing Zhang Guangdong Bai Qin Mingchuang Donghui Zhang and Jin\u00a0Song Dong. 2022. Assessing Certificate Validation User Interfaces of WPA Supplicants. In MobiCom.","DOI":"10.1145\/3495243.3517026"},{"key":"e_1_3_2_1_44_1","unstructured":"Takuya Watanabe Mitsuaki Akiyama Tetsuya Sakai and Tatsuya Mori. 2015. Understanding the Inconsistencies between Text Descriptions and the Use of Privacy-sensitive Resources of Mobile Apps. In SOUPS. 241\u2013255."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Shomir Wilson Florian Schaub Aswarth\u00a0Abhilash Dara Frederick Liu Sushain Cherivirala Pedro Giovanni\u00a0Leon Mads Schaarup\u00a0Andersen Sebastian Zimmeck Kanthashree\u00a0Mysore Sathyendra N.\u00a0Cameron Russell Thomas\u00a0B. Norton Eduard Hovy Joel Reidenberg and Norman Sadeh. 2016. The Creation and Analysis of a Website Privacy Policy Corpus. In ACL. 1330\u20131340.","DOI":"10.18653\/v1\/P16-1126"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2022.3200421"},{"key":"e_1_3_2_1_47_1","volume-title":"Self-Checking Deep Neural Networks in Deployment. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 372\u2013384","author":"Xiao Yan","year":"2021","unstructured":"Yan Xiao, Ivan Beschastnikh, David\u00a0S Rosenblum, Changsheng Sun, Sebastian Elbaum, Yun Lin, and Jin\u00a0Song Dong. 2021. Self-Checking Deep Neural Networks in Deployment. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE). IEEE, 372\u2013384."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Le Yu Xiapu Luo Xule Liu and Tao Zhang. 2016. Can We Trust the Privacy Policies of Android Apps?. In DSN. 538\u2013549.","DOI":"10.1109\/DSN.2016.55"},{"key":"e_1_3_2_1_49_1","first-page":"865","article-title":"Toward Automatically Generating Privacy Policy for Android Apps","volume":"12","author":"Yu Le","year":"2017","unstructured":"Le Yu, Tao Zhang, Xiapu Luo, Lei Xue, and Henry Chang. 2017. Toward Automatically Generating Privacy Policy for Android Apps. TIFS 12, 4 (2017), 865\u2013880.","journal-title":"TIFS"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","unstructured":"Sebastian Zimmeck Rafael Goldstein and David Baraka. 2021. PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps. In NDSS.","DOI":"10.14722\/ndss.2021.24100"},{"key":"e_1_3_2_1_51_1","volume-title":"MAPS: Scaling Privacy Compliance Analysis to a Million Apps. PETS3(2019), 66\u201386.","author":"Zimmeck Sebastian","year":"2019","unstructured":"Sebastian Zimmeck, Peter Story, Daniel Smullen, Abhilasha Ravichander, Ziqi Wang, Joel Reidenberg, N.\u00a0Cameron Russell, and Norman Sadeh. 2019. MAPS: Scaling Privacy Compliance Analysis to a Million Apps. PETS3(2019), 66\u201386."}],"event":{"name":"ASE '22: 37th IEEE\/ACM International Conference on Automated Software Engineering","location":"Rochester MI USA","acronym":"ASE '22"},"container-title":["Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3560436","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3551349.3560436","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T08:01:10Z","timestamp":1755849670000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3551349.3560436"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,10]]},"references-count":51,"alternative-id":["10.1145\/3551349.3560436","10.1145\/3551349"],"URL":"https:\/\/doi.org\/10.1145\/3551349.3560436","relation":{},"subject":[],"published":{"date-parts":[[2022,10,10]]},"assertion":[{"value":"2023-01-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}