By Davide Caputo July 9, 2020
3PDroid
3PDroid is a Python tool for verifying if an Android app complies with the Google Play privacy guidelines described here. 3PDroid is based on a combination of static analysis, dynamic analysis, and machine learning techniques to assess if an Android app complies with the Google Play privacy guidelines or not.
❱ Publication
More details about 3PDroid can be found in the paper “On the (Un)Reliability of Privacy Policies in Android Apps”
Please use the following bibtex entry to cite our work:
@InProceedings{3pdroid,
author = {Luca Verderame and Davide Caputo and Andrea Romdhana and Alessio Merlo},
title = {On the (Un)Reliability of Privacy Policies in Android Apps},
booktitle = {Proc. of the IEEE International Joint Conference on Neural Networks (IJCNN 2020)},
month = {July},
year = {2020},
address = {Glasgow, UK}
}
❱ Requirements
-
Tested only on Ubuntu 18.04 and Ubuntu 20.04
-
Use python 3.7.5
-
Install virtualenv
pip3 install virtualenv
-
Download Oracle VirtualBox
-
Download emulator
- Androidx86 (recommended) or Genymotion:
-
Setup emulator (if needed)
- Obtain root permissions (if needed)
- emulator with nat e forward ports 5555 and 5554
- emulator with bridged adapter
- install droidbot app (download)
-
Enable accessibility services
-
Add adb path in PATH environment variable
-
Download nltk resources
import nltk nltk.download("stopwords") nltk.download("punkt")
OPTIONAL, if you want to use appium and the random modality (default is Droidbot)
-
Download appium
npm install -g appium npm install -g appium-doctor
-
Verify appium installation
appium-doctor --android
❱ Start Analysis
- Create Virtualenv
virtualenv -p python3 venv
- Enable Virtualenv
source venv/bin/activate
- Install Requirements
pip install -r requirements
- Start Emulator Manager
python3 emulator_manager.py
- Move apps to analyze within apps dir
- Start experiments
python3 3Pdroid.py -t 10 -m 20 --type Droidbot --emulator-name AndroidEmulator -d \home\user\path\3PDroid\apps
❱ After Analysis
-
Check if the apps with privacy policy contain explicit acceptance or not
python3 explicit_acceptance_policy_page.py
-
Update results with some new data and stats
python3 update_stats_experiments.py
-
CREvaluator (see “On the (Un)Reliability of Privacy Policies in Android Apps” for more information)
python3 CREvaluator.py
❱ License
This tool is available under a dual license: a commercial one required for closed source projects or commercial projects, and an AGPL license for open-source projects.
Depending on your needs, you must choose one of them and follow its policies. A detail of the policies and agreements for each license type is available in the LICENSE.COMMERCIAL and LICENSE files.