3PDroid

3PDroid is a Python tool for verifying if an Android app complies with the Google Play privacy guidelines described here. 3PDroid is based on a combination of static analysis, dynamic analysis, and machine learning techniques to assess if an Android app complies with the Google Play privacy guidelines or not.

❱ Publication

More details about 3PDroid can be found in the paper “On the (Un)Reliability of Privacy Policies in Android Apps”

Please use the following bibtex entry to cite our work:

@InProceedings{3pdroid,
  author = {Luca Verderame and Davide Caputo and Andrea Romdhana and Alessio Merlo},
  title = {On the (Un)Reliability of Privacy Policies in Android Apps},
  booktitle = {Proc. of the IEEE International Joint Conference on Neural Networks (IJCNN 2020)},
  month = {July},
  year = {2020},
  address = {Glasgow, UK}
}

❱ Requirements

• Tested only on Ubuntu 18.04 and Ubuntu 20.04

• Use python 3.7.5

• Install virtualenv

  pip3 install virtualenv
  

• Download Oracle VirtualBox

• Download emulator

  • Androidx86 (recommended) or Genymotion:

• Setup emulator (if needed)

  • Obtain root permissions (if needed)
  • emulator with nat e forward ports 5555 and 5554
  • emulator with bridged adapter
  • install droidbot app (download)

• Enable accessibility services

• Add adb path in PATH environment variable

• Download nltk resources

  import nltk
  nltk.download("stopwords")
  nltk.download("punkt")
  

OPTIONAL, if you want to use appium and the random modality (default is Droidbot)

• Download appium

  npm install -g appium
  npm install -g appium-doctor
  

• Verify appium installation

  appium-doctor --android
  

❱ Start Analysis

1. Create Virtualenv

virtualenv -p python3 venv

2. Enable Virtualenv

source venv/bin/activate

3. Install Requirements

pip install -r requirements

3. Start Emulator Manager

python3 emulator_manager.py

4. Move apps to analyze within apps dir
5. Start experiments

python3 3Pdroid.py -t 10 -m 20 --type Droidbot --emulator-name AndroidEmulator -d \home\user\path\3PDroid\apps

❱ After Analysis

• Check if the apps with privacy policy contain explicit acceptance or not

  python3 explicit_acceptance_policy_page.py
  

• Update results with some new data and stats

  python3 update_stats_experiments.py
  

• CREvaluator (see “On the (Un)Reliability of Privacy Policies in Android Apps” for more information)

  python3 CREvaluator.py
  

❱ License

This tool is available under a dual license: a commercial one required for closed source projects or commercial projects, and an AGPL license for open-source projects.

Depending on your needs, you must choose one of them and follow its policies. A detail of the policies and agreements for each license type is available in the LICENSE.COMMERCIAL and LICENSE files.